Technological progress and internet in particular has made our lives definitely easier - we find, transfer and receive any information easily. However, looking up and exchanging information on the internet is accompanied by cyber threats, that pose a risk to your device and personal information stored in it. Cyber threats can typically be divided into two groups:
What you need to know about software threats?
Software threats are generally related to malware, Cookies, wireless internet-connection (Wi-Fi), MITM attacks and earning virtual currency.
Malware. It is a computer code or a software application, that can harm your device (computer, cell phone, tablet) beyond repair and even steal your personal information. In particular, malware:
formats a computer’s hard drive possibly leading to destruction of all your information
alters or deletes your files
steals personal information
takes control over the whole computer and all of its software
If a web-page contains malware, your internet browser will surely warn you about it. Whenever you see a similar notification (Malicious site warning), close the browser window immediately ↓↓↓
What types of malware are most common?
Ransomware blocks the whole computer or certain files stored within and demands a payment of ransom in bitcoins in exchange for access.
collects your personal information without your knowledge,
transfers your personal information to third parties,
alters computer settings,
directs you to malicious web-pages,
overloads the computer with pop-up ads.
Trojan horse. This virus is typically hidden inside a seemingly harmless software, e.g. online dictionary. As soon as you download the software, the virus will install itself into your computer. Trojan horse can:
use your computer as a proxy to break into another device,
spy on you through a webcam,
copy a password or credit card data.
Antivirus software will notify you if your computer is infected with a trojan horse↓
email virus. A file or a link attached to an email may be infected with malware. As soon as you download the file or click on the link, you may infect your device with a virus.
MITM Attack. MITM attack literally means man in the middle. During a MITM attack a hacker intercepts the communication between two persons and may:
steal personal information exchanged during the communication
pose as one of the participants of the communication and lure you into releasing more personal information
Blue circles on the illustration are participants of a written communication, while the red circle is a hacker.
What you need to know about cryptocurrency-related threats?
People have invented several means of earning virtual money, or cryptocurrency, including mining. Mining is a process when a miner’s processor solves equations and the miner is rewarded with virtual money in exchange.
Cryptojacking means infecting a user’s computer to gain financial benefit. Most of the antivirus software might not even notice this malware and a web-page might use the operational capacity of the user’s computer to earn cryptocurrency without authorization.
How do you know if your computer is infected?
How should you protect your device from malware?
- never use a device without antivirus software,
- new malware are developed regularly that easily break into outdated security measures. Therefore, you need to update your antivirus on a regular basis,
- scan the device as soon as you install antivirus software,
- scan a USB flash drive before using it,
- beware that not all antivirus software are reliable, for example, antivirus Kaspersky has been developed by a Russian company Kaspersky Lab. According to U.S. Senate Intelligence Committee and Bloomberg Newsweek, the company might be linked to Russian defense and intelligence authorities.
Firewall. Firewall stands as a shield between your computer and other devices that try to break in from the internet.
- activate a firewall from your computer’s Control Panel,
- if your operating system happens not to have a firewall, download it.
- you have to update your firewall regularly,
Email security. To stay secure from the viruses received via email:
- open the attached file only if you know the sender,
- don’t open an email received from an unknown person and don't click on strange links,
- scan the attached file with an antivirus software before you open it.
- before you download the files on the internet, make sure the source is reliable,
- before you open the file, check that your antivirus is up to date,
- check the file with an up to date antivirus,
- download music files from web-stores only.
Public computers. Computers at internet-cafes or libraries are used by many people, which is why these devices are often infected with viruses. If you follow these simple instructions, you will protect your personal data from cyberthreats:
- never allow a public computer to remember your username and password,
- when you stop using the computer, log out from your account,
- before you shut down the device, clear browsing history and cookies, which will automatically delete the personal information you entered in the computer,
- try to avoid using USB flash drives as they easily absorb viruses and you might infect your own device after using them.
Deleting browsing history
Deleting browsing data in Chrome internet browser: enter chrome://history in address bar and then click on Clear browsing data
Deleting browsing history in Firefox internet browser: click on an icon in the upper right corner of the browser window and select Clear Recent History
Deleting browsing history in Safari internet browser: in Macbook Safari app select History → Clear History, click on a pop-up window and select the timeframe you want to delete.
Cookies are often used by advertising companies. It is vital for them to know which web-pages are visited by internet users to place a targeted ad next time they access the same or other webpage. To achieve this purpose, advertising companies often create your cookies with the consent of these web-pages (third-party tracking).
What can you do for the security of cookies?
There are several ways to protect the information in cookies:
- delete unwanted cookies
- use a private browsing mode which does not store cookies (in Chrome it is called Incognito Mode and in Firefox and Safari - Private Browsing),
- visit only secure web-pages (their address starts with ‘https’). They encrypt your cookies which makes it difficult for third parties to access them.
- as cookies store your passwords, change the passwords from time to time.
Deleting cookies in Opera internet browser: click on Opera red logo in the upper left corner of the browser window and select Settings in the list
Click in the following sequence → Advanced → Privacy & security → Content settings → Cookies → All cookies and site data and select Remove all
Deleting cookies in Mozilla internet browser: shaffle down the menu in the upper right corner of the browsing window, select Options as shown in the picture below↓
Click Privacy & Security and then Clear Data
Deleting cookies in Safari internet browser:
Click on Safari menu and select options in this sequence: Preferences → Privacy→ Remove All Website Data
Wireless internet connection (Wi-Fi)
Wi-Fi available at coffee shops, shopping malls or parks is not safe to use. As a rule, it is poorly secured or not secure at all and your device becomes an easy target of cyber attacks.
- only use a Wi-Fi that is secured with a password,
- if you are in an available Wi-Fi area, switch off internet connection unless you are using it,
- make sure you are connected to the right Wi-Fi source
- always enter ‘https’ before the address of a web-page
- clear browsing history and cookies after logging out of an account on social media, email or internet bank.
How to protect yourself from cryptojacking?
- to prevent cryptojacking it is recommended to use Malwarebytes and Bitdefender antivirus software,
- for more protection install software on your internet browser that blocks web-mining. For example, for Chrome use - AntiMiner, NoCoin, ADblock, ADguard. For Mozilla Firefox use NoScript.
Cell phone security
hackers search for a cell phone with Bluetooth on within the range of several meters and might send a malware to the phone,
Bluetooth is also used to steal personal information from cell phones.
What should you do for cell phone safety?
To secure a cell phone from malware, Canada’s Center for Digital and Media Literacy advises you to:
regularly updating operating system
installing antivirus software
To avoid the Bluetooth-related threats, the same organization recommends to switch off the Bluetooth or use it in an invisible mode.
Secure messaging apps
Nowadays every popular messaging application offers end-to-end encryption that excludes storing or reading messages by a service provider.
Popular apps like WhatsApp, Apple Imessage, Facetime and Viber encrypt messages and video calls automatically. To activate this feature on Facebook messenger, find Secret Conversations in settings and turn it on.
Facebook Messenger has other security features as well. If you want, your messages in Secret Conversation mode will disappear entirely after a certain time. You just have to click on the timer icon and select the time.
Beware: end-to-end encryption does not protect you from hackers and it is still possible that your conversation is being intercepted by a third person, e.g. during a MITM attack.
What should you know about online fraud?
Fraudsters use many ways to intercept your personal information. The most widespread types of online fraud are:
- identity theft,
Identity theft. Fraudsters might steal your identity by many ways, e.g. by infecting you with a virus that will remember your password, username, credit card number or personal number.
Phishing. Fraudster sends you an email message that leads you into believing that he or she represents a certain company and notifies you about winning a prize or makes you believe that he/she is your distant relative that leaves you inheritance and in exchange asks to give out your password, account number or other personal information. Such emails are sent to millions of people with a hope that at least one person will get hooked.
Pay attention to the address of the sender on the picture below. This letter is clearly not from Amazon.com. The sender redirects the addressee to a certain link and warns about its expiration.
Source:Cybersecurity company Heimdalsecurity
Pharming. During pharming cyber-criminals redirect you to malicious web-sites. You may enter the address of the web-page correctly but still end up on a malicious web-site. A malicious web-site looks very similar to the real one and may even be identical. If you enter your personal data (name, account number, etc) on such a web-page, you give them away to criminals.
Web-site on the picture below looks very similar to Facebook homepage but pay attention to the address bar.
Source: Newfoundland and Labrador Credit Union
Scareware. Scareware is a false notification in the form of a pop-up window that ‘scares’ you by notifying that your computer is infected and the system needs an update. Most of the times it is the malware itself and as soon as you click the window your computer might really get infected or your personal data might be leaked to third parties.
Clickbait. It is an internet link that catches users’ attention with loud, sensational titles and visual effects and pushes you to click the link. Clicking will redirect you to a web-page, that earns money from the number of clicks. More clicks - more visitors and the amount earned by the web-page.
Clickbait may sometimes redirect you to a malicious web-page.
How should you protect yourself from online fraud?
Password management. A fraudster or hacker will first try to guess your password by your name or date of birth.
If this does not work, they will send you malware and spy how you enter your password. The result is the same - your personal information is in danger. That is why you should follow these 10 simple rules to protect your password:
- a good password has at least 8 characters,
- a good password has at least 1 symbol (e.g. &) and 1 number,
- never use your name, date of birth or personal number as a password,
- try not to repeat numbers (1111) and do not put them in a sequence (123456),
- remember your password. Don’t write it down on a paper or store it on the device,
- don’t allow the device to remember your password. Enter the password anew every time you visit the web-page,
- clear your browsing history after online shopping,
- before entering your password on a web-page make sure it is safe,
- use different passwords for different accounts. For example, your password for Facebook and email should not be the same,
- change your password once in 2 months.
There are a couple of online resources to check the strength of your password:
- avoid sending personal information via email - it is not safe,
- don’t become friends with a stranger on social media,
- before visiting a web-page, check how secure is it. There are a lot of tools on the internet to do this, e.g. https://safeweb.norton.com,
- pay close attention to the content of the received email: fraud letter often contain grammatical errors and they often ask you to click on long and strange links.
There are no 100% effective solutions to prevent cyberthreats but following a cyber hygiene, will let you minimize these risks and store your personal information securely.
Who should you address if your device has been targeted by a cyber attack?