When it comes to cybercrime, real-life hackers are generally much more interested in companies with deep pockets than individuals, but individuals can be at risk. Particularly for identity theft or account takeover situations. Some issues can be avoided by understanding the Threat Landscape.
Computer Security Terminology
Social Engineering is the use of deception to manipulate individuals into divulging
confidential or personal information that may be used for fraudulent purposes.
Phishing is a type of social engineering that casts a wide net, by sending a message to many, imitating a company of authority with a harmful link or attachment.
Spear Phishing is a type of social engineering that has specific targeting to an individual or group
with the purpose of gaining intel to penetrate defenses
File types txt is really the only safe file type to click on.
Malware is software that infects a computer, some can record keystrokes or turn on the camera.
Some ransomware will hold your data hostage demanding payment to release it and payment does not necessarily insure release.
Identity theft is a process in which an individual obtains key pieces of information to fake being another individual to a third party. And at that point, they can open accounts, take loans, etc.
Social Media threats
Account takeover – A common attack is to take control of a social media account,
state that the individual been robbed while on vacation/traveling, and ask friends/family for money.
Smart Phones can be at risk.
Spoofed messages with bad links can compromise your confidential data.
If the device is stolen, you better be sure that have some pass code on it, or someone could have access to any app on your device.
Fingerprint and facial recognition have come a long way. When facial recognition security was first introduced to mobile devices, I was able to hack into my friends phone in about 20 seconds using his photo. Personally, I use a pattern or fingerprint. Using a pin is also a good option.
Many websites are likely to have dangerous links or software, given the nature of the website,
specifically (pirate) file sharing or porn sites.
Drive by download is a type of attack where just being on an infected page can infect your device.
Countries of origin
There are many motivations for hacking. Stealing money or intellectual property, corporate or state espionage, terrorism. There are also ethical hackers that are working to make systems more secure.
Most Russian hacking rings are in the market to gain permission and access to steal money. Additional goals are to influence politics and carry out cyber attacks on the Ukraine in a not so secret war.
Chinese hacking has focused on stealing intellectual property (patented prototypes, blueprints, processes, etc) and producing to sell at a lower price. Also some is espionage related, stealing state secrets from other countries.
Estimates also place the US, Turkey, Brazil and even Taiwan, high on the list for producing cyber attack based traffic.
- Password security – A strong password should have more than just a word. It should be a combination of more than one word, capital letters and lowercase, and special characters.
- Never share your password or leave it written down somewhere easily found.
- Avoid file sharing and porn sites/software.
- Use firewalls and antivirus/anti-malware software.
- Backup your data regularly to another drive or location.
- Shred or burn financial documents rather than putting them in the trash or recycling bin.
- Don’t set your phone down and have a lock of some type on it.
- Keep some lock on any computer that you have.
- Change the manufacture password on your router. Most people don’t, and I have seen it exploited.
Don’t agree to cash money orders and/or wire money to the Nigerian prince. No, you do not need to pay an upfront fee because you won the lottery or are pre-approved for a credit card or loan. And they are not going to pay you more than your asking price on you craigslist ad. If you see something that it is too good to be true, it probably is. Check it on snopes or hoax-slayer. The wise do the same before forwarding any warning messages.
Please see my new review page for product recommendations: