By Julius Suarez, Senior Manager, Solution Engineering, Sophos
With the Philippines’ general elections coming up on 13 May, Filipinos are reminded to exercise vigilance and caution with regards to protecting their personal data.
Considering the biggest cybersecurity incident in the Philippines was the 2016 data breach at the Commission on Elections (Comelec), which affected about 55 million people and saw cybercriminals obtain access to the entire voter database including sensitive data, this year’s election is a timely reminder that ordinary citizens and businesses can be the targets of cybercrime.
Cybersecurity breaches have become part of the election season for many countries around the world. Breaches over the past few years include:
• Records of 191 million US voters were exposed online in 2015 followed by another breach where 56 million US voter data records were breached exposing 19 million profiles, including personal information such as Christian values, bible study and gun ownership
• The personal records of Mexico’s 93.4 million voters were found online
• An anonymous hacker uploaded a file containing the personal data of 50 million Turkish voters, which is more than half of its citizens
• A database with 154 million US voter registration records, including information on gun ownership, Facebook profiles, address, age, position on gay marriage, ethnicity, email addresses and whether a voter is “pro-life” was found online
Add to this recent reports of a series of cyberattacks by a group of black hats on the websites and databases of government agencies, private companies and educational institutions in the Philippines and the evidence is clear – data housed online is always at risk of breach if not correctly stored and protected.
Data breaches give malicious actors key data points to use to target organizations and individuals with a wide range of cyberthreats from spam and phishing to socially engineered attacks and ransomware.
As preventing your data from being stored online is virtually impossible in this digital age, there are steps you can take to ensure you don’t fall victim to cybercrime during this election period and beyond.
Protecting your identity
Attackers can use stolen personal data to impersonate individuals, claiming rights and privileges, and conducting transactions in their name. These can range from voter impersonation to social engineering outreaches that ask a person to give or verify additional personal information under the guise of confirming their voter registration details.
According to Comelec, Filipinos do not need to bring their voter IDs to vote on election day. However, it always helps to carry official ID to prove your identity. At the same time, you need to be alert and cautious when showing or giving personal information. Make sure you verify that the person you are speaking to is legitimately affiliated with the precincts, agencies or offices he/she is claiming to represent.
Safeguarding your finances
If an attacker steals your data they could use your personal details to access or create accounts for personal loans, mortgages, home equity lines of credit, credit cards and even online stores. An individual may not be aware that their personal data has been stolen until they are charged for an unknown expense or funds have disappeared from their account.
Diligently tracking expenses is a good way to know where your money is going and to keep an eye out for mysterious transactions.
Don’t be hooked
Phishing is big business and can be used during an election period to trick voters to respond to, click on links, or open attachments in official looking emails purporting to be from a candidate or an electoral body. Attackers relentlessly target organizations with spam, phishing and advanced socially engineered attacks because employees are an easy target and the weakest link in cyber defenses. It’s no wonder then that 41 percent of IT professionals report that their organizations are victims of phishing attacks daily and that 66 percent of malware is installed via malicious email attachments and advanced spear phishing attacks have cost businesses an average of US$140,000 per incident.
To avoid these threats, look closely at the emails you receive – both to your business and personal accounts. Review the sender’s logo, the grammar used, the sender’s email address, and so on. If anything looks suspicious, it is best to ignore the message and not click on any links or attachments.
Even though users are the easiest target for attackers, an army of trained, security aware citizens can be a human firewall to ward off these threats.