Home Hackers are becoming a real issue with cybercriminals taking advantage of the new work from home phenomenon (WFH).
Before you panic, let’s be clear that home hackers are not specifically targeting you. They follow the money and use advanced ‘bots’ to troll the internet to find targets. The bot data ends up in your dark web profile, and AI determines if you are a person of interest.
Persons of interest are where the profile has sufficient personally identifiable information (PII) for a home hacker to have a good chance of duping you via a socially engineered phishing email or stealing your identity and emptying your bank account.
Channel 7 GadgetGuy Val Quinn reports on Home Hackers.
Home Hackers – coming to a teleconference near you.
If you WFH chances are that you are now using ‘teleconference’ programs. The good ones include Cisco WebEx, Microsoft Skype or Microsoft Teams, Google Hangouts, or Go To Meeting. The suspect ones are the hundreds of hastily written free apps to cash in on the phenomena like WeChat, WeLink, Zoom and Houseparty.
You can trust well known and long-established names – they have stood the test of time, but they are generally not free. You can’t trust the rest, especially free services, because if the product is free, the product is you.
The popular Zoom has some of the most glaring security problems – so much so that the US and now the Australian Government will not allow its use. It was also sharing data with Facebook (never a good idea), ‘Zoom Bombing’, has incomplete encryption and easily allows malicious access to participants webcams, contacts and data. We recommend you ditch Zoom and read the CNET article that chronicles the issues here.
Now you may say, well I don’t have anything important to spy on, but many free video chat apps steal your contacts and your personal data. They can then go after your friends and identify where you live. Remember that it is an automated Home Hacker cybercriminal bot doing this – it is not personal.
If you must use Zoom or any free app
- Use a different meeting ID for all meetings (never the same one)
- Enable a waiting room/lobby to identify all participants before starting the meeting.
- Lock the meeting as soon as it starts to prevent people from entering later
- Make sure that only the host can screen share – allowing participants to share screens exposes them to risk of data-stealing
- Check the participant’s toolbar to make sure you know them all
- Use a virtual background to ensure that no one can see your room and its visible assets
- Be very careful about comments you type, even in a one-to-one chat as the host (The Boss) can read them.
- Remember that Zoom and most free apps use a Chinese server and are subject to the laws of that country
Remember, if you get hacked it is your fault. According to Norton LifeLock, while 85% of us espouse the need for security and privacy, but less than 3% of us read the end-user licence agreement.
Home Hackers – Malware, Adware, VPN
When you work at the office, the chances are that you have a PC/Mac that is protected by a corporate strength Anti-virus/Anti-malware endpoint protection. Your office network will have strong passwords, and any corporate cloud and apps have powerful encryption. If your office is big enough, it will also have a system administrator (or several IT nerds) that spend the day repelling thousands of outside bot-driven attacks on the corporate network.
How on earth can you compete with those resources?
The simplest way is to buy a D-Link D-Fend Wi-Fi Router (GadgetGuy review here) for $199.95. You simply insert this between your gateway and your router and it D-Fends your network from internet bots and so much more. It has McAfee Secure Home Platform that runs on the router (5-year subscription included) and McAfee LiveSafe, a two-year free subscription for unlimited installations of Windows, Android, Mac and iOS endpoints (features vary depending on OS).
Failing that pay for protection from Norton LifeLock, Kaspersky or McAfee (our three preferred paid products).
VPN – a virtual private network
A VPN encrypts all traffic from your computer to the endpoint (like a bank) and vice versa. It also hides your physical IP address so home hackers can’t identify where you are.
Install a VPN (app) on your PC or smartphone.
Our two preferred products are Private Internet Access (PIA is best for Sydney, Melbourne and Perth with local servers there) or NordVPN (servers in Brisbane, Sydney, Adelaide and Perth) that also supports torrents. PIA typically (from the NSW Central Coast to Sydney) increases ping times from about 10 to 15ms and reduces DL speeds by 5-10% (depends on the VPN server location). These usually allow for ten devices to use the same subscription.
You may find that your Anti-virus provider has a VPN service – we generally do not recommend that as it does not support torrents – but it may be a great option.
Some routers also can run a VPN like PIA or NordVPN on them to cover all devices. It can be the best protection, but it can also overload the router.
DO NOT USE A FREE VPN UNDER ANY CIRCUMSTANCE!
Home Hackers – Scams abound
GadgetGuy has a great article here on COVID-19 scams. We wrote it on 16 March and unfortunately the eleven scams we found early in the piece now number a hundred times that.
Our advice on avoiding falling for scams in the article is most pertinent. An excellent place to catch up on the latest is Scamwatch
Watch out for email scams purporting to be from the World Health Organisation, the UN, any organisation with COVID in its domain name, any government/agency/Tax office or more.