Some South Africans are sharing too much of their personal information online, and they should be more careful, cybersecurity experts from the Council for Scientific and Industrial Research (CSIR) have warned.
On Monday, CSIR researchers released their research into social mining data, network vulnerability, data science for public safety and cybersecurity awareness, and expressed concern at the free sharing of information that has led to criminals exploiting social-media users for personal gain.
"Be vigilant when you share information on social media," said cybersecurity researcher Thulani Mashiane.
"Personal information can be used to answer security questions for certain accounts, identity theft, direct marketing and by stalkers," Mashiane said.
The council researchers shared top areas online criminals have been known to target:
Mashiane advised South Africans to stay away from installing suspicious applications — and to only download applications from original or reputable website or applications. Allowing apps more access on your phone than required could lead to security risks and expose your personal information.
Researchers also advised consumers to carefully check permission lists when they download applications. This is because some apps require access to your exact location, revealing details such as your house number, workplace and email account details — information that could be dangerous if it lands in the wrong hands.
Not the whole world needs to know where you are and what you're doing.
2. Social media
"Not the whole world needs to know where you are and what you're doing," said Mashiane, who warned that one of the easiest accesses for criminals is through information social media users share online that may render them vulnerable to criminals — for example their location, who they're with, how they will get back home and when.
People looking to do you harm can easily trace your footsteps — or a criminal looking to break into your house, for instance, may find that information useful.
Other people post pictures of their vehicles with a number plate clearly visible for the world to see, making it easier for criminals to clone the registration number.
3. Public and open networks
"Cybercriminals love public open networks such as internet café networks, coffee shop Wi-Fi and conference Wi-Fi." said Mashiane, who warned that people must make sure to use a secure network for banking.
The South African Banking Risk Information Centre (Sabric) has also previously warned South Africans to refrain from using internet cafes or unsecured terminals in hotels and conference centres to do their banking.
If you have no option but to connect to a public network, always ask which network to connect to — don't just set your laptop or mobile device to "connect automatically" when it finds available networks. Thieves can set up a fake Wi-Fi network very easily, and they often give those networks commonly used names like Free Wi-Fi, Airport Wi-Fi, or Hotel Wi-Fi.
If you connect to a compromised network — meaning somebody installed malicious software on the Wi-Fi equipment — hackers can hijack traffic so that you go to a fake "secure" site instead of a legitimate website.
When visiting secure sites, make sure that "https:" appears in the address bar, and look for the padlock icon. If you get any warnings, such as untrusted certificates or similar — especially unexpected warnings while using Wi-Fi away from home — wait until you're on a secure network access bank accounts.
4. Easy-to-guess passwords
Some people are notorious for creating easy-to-remember passwords that are based on special people or events in their lives — and criminals know this too.
To set an effective password, use capital letter(s), lowercase letter(s), special characters and numbers, the CSIR advised. Keep your passwords to yourself, and and make sure to change them regularly.
1. A 2015 survey indicated that the most commonly-used passwords are the following:— Cyber Security Awarness 263🇿🇼 (@CSA263) June 12, 2018
These are VERY unsecure passwords! They are easy to guess and among the first that cyber criminals try out when they intend to hack your account.