From ‘am I being catfished?’ to ‘has my webcam been hacked?’ – we asked VU’s resident cybersecurity expert, Lucy Barton, to answer your deepest, darkest online fears.
1. Is that you in this video?
"I received a DM from someone I don’t follow on Facebook – they said they’d seen a video of me posted online, sent the link and told me I might want to do something about it. I was scared and clicked on the link and nothing loaded. Has my phone been been hacked now?"
Unfortunately it’s likely you have been hacked. Online criminals typically use tactics to evoke panic in their victims and inspire them to take some action (like clicking on a link) out of fear of potential threat or embarrassment. Once clicked, the link may install malware, like viruses, spyware or ransomware, on your device and could allow access to your protected information.
To confirm whether your phone has been compromised, you can run a mobile antivirus software which will detect and resolve potential data breaches on your phone and applications.
In future, stay savvy and cybersafe:
- Don’t click on links from unknown sources even if they seem to be friendly strangers.
- Don’t accept friend or message requests from people you don’t know.
- Keep your social media profiles private and carefully assess requests before you accept them.
- Be mindful of what you share online and what this could identify about your whereabouts and habits (such as where you live – mail with your address, details of your street, exterior of your house etc.).
Unfortunately you never know who's behind the keyboard.
2. Am I being watched?
"I received an email from someone saying they had taken control of my webcam and been recording me in my bedroom via my laptop. They quoted my email password as proof and threatened to send footage to all my contacts if I didn’t send them $5000. Could they really have filmed me? What should I do?"
What you describe is a very common narrative used by hackers for extortion email scams.
Although it’s possible that hackers could have control of your webcam, it is more likely that this scenario is being sent as a mass threat to thousands if not millions of email accounts and is designed to extort funds through the generation of panic.
Your best course of action is to delete the email and not respond. You should immediately change all your related passwords ensuring they’re strong. Using a password manager such as dashlane.com can help you to generate and manage all your new secure passwords. Turning on Multi-Factor Authentication (MFA) for as many accounts as possible will further protect your account as it means that criminals can’t access your accounts with just your login details.
Since the hackers knew your password associated with your email account, it’s possible that your information may be available online. To find out, you can visit haveibeenpwned.com. This site will tell you if your email and passwords have been leaked in any known data breaches and potentially sold to criminals on the dark web.
Finally, so you never have to worry about who may be spying on you with your webcam, make sure you cover your camera when you’re not using it. This can be as simple as a small piece of blutack, duct tape or a purpose-made cam-cover.
Webcams can be hacked and used for blackmail scams.
3. Um, I saw your new Insta profile...
"My pictures have been stolen from my Instagram account and someone has set up a profile with my name asking people to visit a link for 18+ content. The profile is following all my friends and everyone thinks it’s me. What can I do?"
This is not a fun position to be in, but unfortunately very common. Firstly, report the profile as fraudulent and ask your friends to do the same. If enough reports are made, Instagram should react and remove the profile.
If you already are following all the top privacy settings, you may need to look into how your account was hacked and your images stolen. This could happen in countless ways. For example, be careful about connecting to free public Wi-Fi and what kind of transactions and logins you commit while connected – some networks can be compromised or set up deliberately as traps by cybercriminals.
To protect your accounts in the future, consider installing Multi-Factor Authentication (MFA). This is a second verification method that follows an attempt to use your password and uses another private account or something you physically have to verify the login as you. Apple ID and Google accounts are often used for this, and fingerprints are becoming popular options too. No one can fake that!
Instagram accounts are commonly hacked.
4. Am I being catfished?
"I’ve been chatting to someone on a dating app for two weeks now. I’m keen to meet but we’ve made plans now to catch up on three different occasions and they’ve cancelled at the last minute each time. They only ever text and don’t want to talk on the phone or video chat. Am I being ‘catfished’?"
Short of calling in Nev and Max, it’s hard to say whether you’re being catfished or not.
Perhaps they are not who they say they are, or they are just very shy and nervous about meeting you in person and don’t think they look their best on video. Or perhaps they are just enjoying the flirtation online but do not really want to pursue anything in person – because they are already in a relationship or just not looking for anything serious. Regardless, if it doesn’t feel right and the dates are not going to plan, may be time to let this one go.
When dating online, it’s always good to keep in mind that just like any online platform, dating apps can attract cyber criminals. Never give out your phone number, address, personal details about yourself or your family or transfer any cash or gifts before you have met in person and know someone well.
Most apps allow you to text, voice and video call via the app so you don’t need to share your number. If it does come to meeting up, ensure you meet in a public place and during the day time, don’t agree to get in their car or go to a private place, and make sure you let a friend know about the plan beforehand.
Online dating is always risky.
5. Fundraiser or scam?
"Someone I’m friends with online but haven’t met in person posted on social media that their mum is terminally ill and needs funds for treatment and included wire transfer details for donations. We’ve chatted back and forth regularly for the past year so I really feel like I should give something and not ignore this. But what if it’s actually just a money scam?"
Sadly fundraising schemes are very common cyber tactics for cyber criminals who are inscrutable and use sympathy tactics with heartbreaking sob stories to extort cash from their victims. Building a relationship with their victims beforehand is not uncommon, so just because you have been ‘friends’ for a while does not mean that the plea is legitimate unfortunately.
Cyber criminals prefer wire transfers to any other method of money transfer. The fact that this is the method preferred here, rather than say a GoFundMe page, is highly suspicious.
While there’s no way to know for sure, you could try to verify the claim such as by checking if their close/friends family are also posting about this and whether you can find any detailed information on the mother’s situation such as whether the hospitals or treatment locations truly exist. However, cyber scams can be sophisticated and replicate genuine situations so this in itself is not proof.
Rather than potentially falling victim to a scam, you could reach out to the person via text and let them know you’re thinking of them and although you’d love to give to the cause you’re just not in a financial position to do so now. That way you haven’t ignored the event or their suffering – but you also haven’t lost any cash.
Never transfer money online to an unknown recipient.
Have you had any of these problems?
“Many of us have so it's nothing to be ashamed of - just an opportunity to become more security-savvy,” says Lucy.
“At VU we understand how common these threats are so provide a proactive cybersecurity awareness program to help staff, students, partners and the local community learn how to take control of their online safety. We offer hands-on information sessions, free antivirus software, multi-factor authentication and regular updates on safe browsing, scam emails and phishing – as well as essential hardware like cam covers.”
All of these activities and more have helped create a culture where cybersecurity is seen as an ongoing life skill to be practised in all environments, not just something to remember at work or university.
Want to help others become more cybersafe?
