#DigitalFirst: Let’s talk Cybersecurity 02

A Cybersecure Christmas

I had a few topics lined up for the next few weeks’ doses of Cybersecurity, but I’ve had to shelve them for later, especially after I got a call from a friend who we’ll call James for today, asking to confirm whether “I needed the money sent to the other number”, “as I had said in the SMS”.

We’ll get back to James in a bit.

But first, did you know that the average person knows very little, and doesn’t really care about cybersecurity?

According to research (I asked a few friends), cybersecurity is a rather abstract term; most people think it’s something very complicated and probably not relevant to them. They think that only highly technical IT personnel should be concerned about cybersecurity. In fact, one friend I asked in a WhatsApp message was so spooked that she decided to call and ask why I was even asking her about cybersecurity! I reassured her that with such vigilance she’s unlikely to fall prey to most attacks, especially the kind that is the subject of today’s discussion!

When asked about cybercrime, the only word that came to mind for most people is hacking, never mind that when I pressed, nearly no one could actually explain what hacking is!

Unfortunately, my friends and acquaintances aside, real research does confirm that awareness about cybersecurity is really low; most people can’t even define “cybercrime”! And yet, as I was reminded by my friend James’ call, cybercrime in various forms is all around us all day, every day. If you haven’t fallen prey to one of the common attacks, you know someone who has.

The all too common and yet successful con:

James was planning to send me some money that morning when he received an SMS from a number he didn’t have saved in his phonebook, that read along the lines of “My battery is low and there’s no power here, please send the money to 078487XXX78”.

This is one of the more common cybercrimes in Uganda, and if James hadn’t thought of calling me first, or if he was in a meeting and not able to call, he could have sent his hard-earned money to the conman, adding himself to the yet-to-be-published Uganda Police 2023 Crime Report! And yet, that conmen continue to use this trick attests to the fact that enough people fall prey to it to keep it a profitable income stream.

Do you mean that is also CyberCrime?

Yes, it is!

I like the way the good folks at Barefoot Law put it :

1. If a hunter uses a butida (slingshot) to kill a bird, then the primary object used to kill the bird is the butida.

2. If a murderer uses a knife to kill someone, then the knife is the primary object of the crime.

3. If a person uses a computer to commit anything unlawful, then that could amount to a cybercrime.

Many people get it mixed up at the mention of “computer”, thinking it’s limited to hooded geeks furiously poking at a keyboard wirelessly connecting to a desktop computer with multiple monitors showing constantly scrolling lines of code on a black screen most of the time.

The Computer Misuse Act 2011 uses too many words, understandably since it’s written by lawyers, to define a computer, but to put it simply, a mobile phone is also included in this definition. Yes, that suddenly widens the scope of what a cybercrime is!

Do you know what other scope is as wide? The scope of people who are vulnerable to cybercrime!

If you use a mobile phone, computer, Mobile Money, email, Android, Microsoft, LinkedIn and Uber, among other technologies and services, you need to be concerned about cybersecurity.

But for today as you enjoy your end-of-year holiday, let’s talk briefly about one particular category that is one of the most common, accounting for more than 80% of reported incidents.

Social Engineering

Simply put, these attacks target human rather than technical vulnerabilities. This type of criminal doesn’t set out to hack your smartphone or computer, he will influence you into taking some form of action that is part of the scheme. This is usually done by masking the true intentions of a communication, whether it is to steal your private information or to install malicious software on your device.

There has been an increase in the frequency of attacks with the rise of the work-from-home culture after the COVID-19 pandemic and lockdowns; 57% of companies now report weekly or daily phishing attempts!

Ok, that is the bad news, but the good news is that with some vigilance and awareness, you can protect yourself from most of these attacks.

So the next time you get a call asking you to share your National Identification Number to avoid disconnection or an SMS asking you to send a friend some money because he is far from the trading centre, or an email or WhatsApp message asking you to click a link to reset your password or “remove harmful spyware programs”, a little bit of common sense and alertness will have you thinking before clicking, no need for advanced techniques here.

Of course, there are technical measures that can be put in place, like basic anti-virus software that monitors your web browser and email for suspicious links, messages or senders/callers, but that’s a topic for another day. Just by being vigilant, you can reduce your risk greatly.

Share the word

There are some rather common attacks which will now catch only those who have been living under a rock, but the criminals are not sleeping, they are constantly tweaking their methods and coming up with new ones. If you see a new scheme or trick, please report it to the authorities and also share details with your friends; you just might help save someone else the trouble! Don’t make it easy for the criminals by keeping quiet if you have been attacked, successfully or otherwise.

You could also tell us in the comments about your most recent cybercrime experience or as it has become the norm online, tell us about your friend’s or neighbours’!

Happy Holidays!