Defining 6 Digital Threats & Protecting Yourself Online

Editor's Note: This article was created by Aura in partnership with DomesticShelters.org to help educate domestic violence victims, survivors and professionals about how to stay safe when using technology. DomesticShelters.org partners only with companies creating products we've vetted.

Oftentimes, an abuser will stop at nothing to assert control over a partner. With more and more of our lives operating online—from school and work to banking and shopping—abusers can infiltrate one’s digital activity to control aspects of their lives offline. That’s why investing in strong personal digital security is integral to keeping you safe.  With your personal information, an abuser has the power to assert a grip on your life by checking your banking activity, freezing or using your credit, or monitoring for new home loans that detail your new address. 

Online attackers are becoming more sophisticated every day. This past year, financial losses as a result of digital crime surpassed those of home burglaries for the first time, according to data from the Federal Bureau of Investigation (FBI)’s Preliminary 2020 Crime Report and the Federal Trade Commission (FTC)’s 2020 Consumer Sentinel Report. 

If a hacker is able to access your personal information, data or accounts, it increases the likelihood of an abuser being able to do this, as well. Because once your personal information is available online, anyone can find a way to access and abuse it. 

That’s why intelligent security company Aura is here to highlight common digital threats, as well as steps you can take to better protect yourself online.

Common Digital Threats

Social Engineering

So, what is social engineering? It’s perhaps the most important cybercrime tactic to understand, given it is a common foundation for many forms of threats online. This tactic exploits human nature, rather than technical expertise or hacking, to gain access to information, data, finances, systems and more. Criminals typically research social media and other publicly available information to impersonate someone or something, aiming to gain the victim’s trust. 

For example, a criminal may pose as law enforcement or employees of a company over the phone or call an employer claiming they’ve been locked out of their account. They could “verify” their identity by correctly guessing the email address of the person they claim to be after seeing the first.last@company.com format posted in a press release or on the website.

To protect against social engineering, it is important to check the source - and take a moment to consider whether you should trust it. It’s very unlikely that your CEO or a relative would ask you to transfer a large sum of money, for example. Consider if the source has the information they reasonably should, like your full name, your security questions, or home address. Go to the source directly - hang up and call the phone number on your last invoice or the source’s official website. If someone claims to work for a certain company, ,ask for identification or to speak with a supervisor.

Identity Theft

Of all the types of fraud consumers reported to the FTC in 2020, identity theft was the most common. Identity theft occurs when a criminal steals your personal information to commit fraud, such as applying for credit, filing taxes or accessing medical care. With only a social security number (SSN), cybercriminals and abusers can secure a loan or credit card in the victim’s name, drain their bank account, use their health insurance, claim Social Security and even identify themselves as the victim to police in the event of an arrest. An abuser could also potentially use your SSN to fraudulently monitor and control your online life, as in the case of this survivor.  

There are a number of steps you can take to protect against identity theft. Most importantly, be protective of your SSN. Don’t write it down unless you watch the recipient shred it after. Don’t share your SSN with others or say it out loud when others are around. Don’t carry your Social Security card in your wallet but rather, keep it in a secure place. It is also important to be protective of your other sensitive, personal information, like your birth date, bank account number, address, etc., as they can all be used to commit identity theft. Especially if your mailbox doesn’t lock, collect your mail everyday and set up mail forwarding or holding when you will be away.

Monitor your credit score, bank and financial statements, and take action by alerting the appropriate party and changing your password quickly if anything seems incorrect or suspicious. Shred account statements or other documents with sensitive numbers or information printed on them. If something seems awry, you can freeze your credit for free with any of the three credit bureaus. 

Malware

Malware is an umbrella term for malicious software designed to harm a device, network or service, such as a virus. Spyware, a type of malware, can be used by abusers to monitor all activity on your device and steal passwords, credit card or banking information. Meanwhile, rootkits are a collection of tools that enable unauthorized use of your device and can often avoid detection. Both are especially relevant to be cautious and aware of if you have experienced domestic violence or a controlling or abusive partner. 

Other forms of malware include but are not limited to:

• Adware - Displays advertisements on your screen while collecting personal information to serve you with more personalized ads
• Trojans - Camouflages as legitimate software to trick you into installing harmful software
• Rootware - Replicates itself to infect other devices connected to a network
• Scareware - Exploits a user’s fear and leads them to believe they need to download or buy something (e.g. antivirus software) that is actually harmful, like ransomware.  

• Ransomware - a form of malware that uses encryption to hold a victim’s information, data or files at ransom. The attacker demands a ransom to deliver a decryption key that will (usually) restore access to the files or data. 

Malware attacks are usually made possible through phishing or social engineering, with the attacker, for example, posing as law enforcement and claiming they found illegal data on the victim’s device, while asserting they will not reinstate access until a fine is paid. The criminal may also threaten to leak embarrassing, proprietary or valuable information—like revenge porn or doxing—if the ransom isn’t paid. An abusive partner or other individual you know personally may be able to successfully trick you with greater ease, given your relationships and the fact that they know you better than a faraway hacker might. 

To protect yourself from malware—whether introduced by someone you know or someone you don’t—regularly run antivirus scans to detect malware and spyware on your devices. Don’t install software unless you know what it’s for or who/where it came from. Keep your operating system, antivirus software and device up to date. Stay vigilant against phishing attempts.  Don’t use an unknown USB stick. Back up files and information to minimize potential damage. Avoid downloads from sites you don’t trust.  Avoid public wifi or use VPN when on a public or shared network.

Man-in-the-Middle Attacks

In the case of a man-in-the-middle (MITM) attack, a cybercriminal typically gains access to an unsecured or public wifi server. Once they’ve gotten inside, the attacker might be a passive listener, capturing sensitive personal information like credit card  data, bank account or login credentials. Or, they may be an active participant, changing your messages or impersonating someone you’re talking to. For example, a cyberstalker might snoop at a coffee shop through the public wifi, and once they’ve gotten in, they watch you enter your username and password to an online account. They might use this information to try to gain access to your bank account or social media accounts to monitor your location and activity.

To protect yourself against man-in-the-middle attacks, don’t connect to public or shared wifi networks. If you must, use a virtual private network (VPN), which encrypts your internet connection and hides your online activity and personal data. Some are free, while others are features of broader security plans, like Aura’s intelligent safety protection plans. Secure your home wifi network with a strong passphrase and be aware of unexpected or repeated disconnection. Consider all-in-one security solutions (like Aura’s, which offers antivirus, VPN, credit and data monitoring and more) for your devices. 

Phishing/Vishing/Smishing

Phishing attacks are fraudulent communications that appear to come from a reputable source, often via email (phishing), phone (vishing) or text (smishing). They typically attempt to instill fear or urgency, or take advantage of the victim’s curiosity. Phishing attacks often offer too-good-to-be-true deals, urgent notification to reset an account login because of suspicious activity, or contain an attachment or hyperlinks they want the victim to open. The goal may be to install malware, steal credit card data or access login information.

Strategies to protect yourself against phishing include hovering over links before clicking them to check that the URL makes sense - look for a letter or number that is off; never giving out personal, sensitive information via email; and being cautious of emotional and urgent lures. To confirm the legitimacy, you can also visit the perceived sender’s website or contact them directly. Do not download or open emails you weren’t expecting or from senders who aren’t in your typical email list. 

Imposter Scams

Most consumers have probably experienced an imposter scam, also rooted in social engineering tactics. These types of cyberattacks often begin with a call, text or email, and while the scam itself varies, they all work the same way - with an impersonator of someone you trust asking for money or personal information.

Imposter scams may look like:

• Calls from the “Internal Revenue Service (IRS)” claiming you owe taxes
• Callers claiming to be the Social Security Administration, saying there’s a warrant out for your arrest 
• Someone you met on the internet or an online dating site asks for money
• Calls from a someone pretending to be a child or grandchild, saying they’re in trouble and need money 
• Calls from “tech support” claiming to help fix your computer 
• A fake employer on caregiver or nanny sites, asking you to purchase supplies for your job after sending a large check (that will bounce)

To protect against imposter scams, be suspicious of calls from any government agency. The FTC has issued warnings around this type of attack, and they will not use threats or demand money. Do not trust caller ID, as it’s possible to fake. Don’t pay with a gift card, wire transfer or cryptocurrency over the phone or via text.  Confirm the source of the inquiry directly by using a phone number you’ve looked up and dialed yourself. Don’t install software unless you know what it’s for or who/where it came from.

Explore an all-in-one intelligent security solution.

At Aura, we understand firsthand how daunting it can be to take control of your digital life, especially when attempting to protect yourself from a potential abuser or controlling partner. That’s why we created easy-to-use, all-in-one intelligent security protection to keep you and your family’s personal information, devices, and finances safe from online threats. 

It combines everything you need to proactively control your digital lives - credit monitoring, lost wallet recovery, antivirus, VPN, multi-device protection, and monitors financial transactions, bank accounts, SSN, the dark web, home and title use and criminal and court records to keep your finances and your identity safe and secure. And in the event of an issue, Aura’s U.S.-based customer service team is available by phone and email to help you resolve problems 24/7. This is all backed by a $1 million dollar identity theft insurance policy for eligible losses for every Aura customer. 

Aura has created a special offer for DomesticShelters.org: access a free two-week trial of Aura's all-in-one intelligent digital security solution, and if you like it, purchase a subscription at 40 percent off. Use these links to try the Individual Plan, Couples’ Plan or the Family Plan with this special offer. DomesticShelters.org does not receive any compensation for purchases through this offer.

Photo by Pixabay.