With the ever-faster pace of technological development, the internet has become an integral part of modern day life. An online presence has become mandatory to perform most work activities, and people mostly spend their free time on social networks. Filling in personal data is a necessary step for every registration made and more and more often you will have to ask yourself - what risk is behind another click on a link sent by a friend or when logging into a site? Are you even safe when it comes to browsing the internet?
Perhaps hectic lifestyles don't allow people to think that deeply about these issues. And maybe many of them underestimate the danger looming over them. But the truth is that if you want to avoid serious problems related to the theft of your personal data and its malicious use, you should strictly follow some important security rules.
Malicious hacker. Cybercriminal. Phishing. We only hope you've heard of these terms and haven't fallen victim to them yet. We say "yet" because, believe us, the risk of this happening is increasing by the minute. That's why we're not going to waste any more time and take a look at this ever-evolving and improving dark side of the internet, which is nowadays extremely imperative to be familiar with.
Hacker, malicious hacker and hacking
While a hacker is simply a good programmer who can manipulate a computer network, a malicious hacker concentrates his abilities on committing data theft and creating malware.
Influencing a particular computer system, as well as the devices connected to it, is done through what is known as hacking - using scripts and programs to gain access to the information flowing over the network connection. Viruses, Trojan horses, etc. are used, and hacking tools are constantly being improved. The leakage of huge amounts of information from organizations that are supposed to be equipped with good malware defences is a fact. The question remains - what happens to all that stolen personal data? You can learn more about the different types of hacker attacks in our Cyber Security eLearning.
Stolen personal data - what is it being used for?
The information that hackers are after can be divided into a few main sectors - personal, financial, health, bank card and digital credentials. Depending on its nature, each comes at a different price on Darknet, which can range from $1 to $500.
- Personal information or personal identification - these are names, SSN, date of birth, address, bank account, phone number, through which credit can be withdrawn, especially with the modern online option designed to make it easier for consumers, and seems to be favorable to hackers;
- Financial information - the data used by the person in question to carry out financial activity - bank account movements, billing/accounting amounts, insurance activity - in other words, all that information that allows transactions to take place. Some of the hackers create fake credit cards and use them to spend the available funds;
- Health information - this can be used to purchase special prescription-only medicines. Some of them contain narcotics, which can lead to abuse;
- Digital credentials - the theft of usernames and passwords is used for criminal purposes, most notably it can lead to the misappropriation of someone else's identity. Spam, phishing and even spyware attacks are spread through hacked emails and chats. Since information between accounts is linked, an attacked Facebook account, for example, can also give access to the email registered to it. The situation becomes even worse if credit and debit card details are stored inside.
Hacked account alerts
In case you suddenly lose access to your account, and you realize that the passwords have been changed and the email to recover it is no longer your own, it means that you have been a victim of hacking. Another sign is if phishing messages and emails start being sent to all your contacts through your account. There's a more dangerous risk - if your browser has been hijacked and you're redirected to a hacker-created copy of your bank's website to fill in your details. You'll only find out about their malicious intrusion when you realise you've lost your funds, and that your identity has been stolen.
You are hacked. Where to now?
Your email or Facebook or other social network account has been compromised? Notify the administrators immediately, and if you are able to log in, change your passwords. You can also use antivirus software to scan your devices and clean them of malware. In the meantime, try to warn your friends that a hacker may have sent them a malicious link.
How can you protect yourself from cyber attacks?
If you've never been the victim of a hacker attack or even had an attempt made to break into your account or email, congratulations! Although you seem to be doing a good job of building a solid anti-hacking defense, let us give you a few tips to further strengthen your safety.
It's to your benefit to make a habit of changing your passwords every month, making them different for different accounts. The more often you do this, the harder it will be for a cybercriminal to get to your personal data. Another important condition is - don't share them with anyone, even a close friend or relative. This will ensure that only you have access to your account and email.
It's nice to show off a driving test you've just passed by taking a photo of yourself with your licence, but is it a good idea? If the shot is a close-up you're exposing your privacy, and social media isn't nearly as safe as you think. Always keep one thing in mind when uploading photos - review the background well, because even there, your desktop may accidentally be present with important information open on it. You never know who might take advantage of it.
Apps and files
If you are unsure about the safety of an address from which an attachment was sent, by all means do not download it! The same goes for tempting free apps that you can install from a questionable site.
Check the authenticity of the sites
The safest way to protect yourself is by checking the URL of the sites you visit, and more specifically, whether they match your certificate. For example, you want to log in to Twitter.com - make sure the top bar says exactly that, as there are fake duplicates whose name won't match the real one, but will be something like - Twitter.hk.com. It's common practice for hackers to send shortened URLs (bit.ly) to fool you, but there is a way to deal with them too. You'll find Long URL tools on the web that will allow you to expand the shortened URLs.
Most of you probably have antivirus software installed on your computer. Whether at work or at home, it's important to get it right. Don't skimp when it comes to your safety. Don't be complacent with any of the free programs, but search the internet for the best rated , such as TOTAL AV, Bitdefender or Norton and invest in one of them. It's worth it.
Recently, more and more social networks support the two-factor authentication feature, where (in addition to the current password) a generated mobile phone code is also sent.
Two-factor authentication (or 2FA for short) offers authentication that is a combination of two different components.
The 2FA mechanism available on the Control Panel consists of:
1. The Control Panel password and
2. A security token that can be generated with any program that supports the Time-based One-time Password (TOTP for short) algorithm. Tokens are generated based on the current astronomical time and a randomly generated secret key. This key is stored on the server and is provided solely to you for use in your TOTP device.
These are just some of the programs you can use on your mobile device to generate tokens:
No one can take care of your online safety better than you. Even if you're terribly tired and don't feel like bothering, it's better to take a few minutes to update your passwords now than spend hours wondering how to repair the damage hackers have done.
If you want to get really serious about beefing up your security, we present our Information Security eLearning. In it, you'll learn how to protect your company's information assets and how to organize your information security.