Tag Archives: facebook safety

Cyber Safety – Part 2

Continuing…

 

Being safe from Identity and personal data theft.

 

 

1- The most important thing and the most common sense thing to do is to not put up any private info, including your full name, date of birth, or even address on any public forum.

 

2- Never give any of your bank information or credit card/debit card information to anyone who claims to be calling from the bank or from the credit card company. This can also happen if you get a call from one of your currently subscribed magazines, etc. If you want to renew the subscription, do it from the website itself, by typing the address in the address bar, never do it over the phone.

 

3- Never post any of your private pictures or family photos, photos of your home online or in a cloud storage, they can and have been easily hacked. (Example is the leaked celebrity pics scandal). Store them offline and off computer.

 

4- If you have any passwords written down, always store that file offline and off computer, store it in a usb drive and connect the usb only when you’re offline and encrypt the usb storage with  strong password. There are softwares available that help you create strong passwords.

 

5- Never give out your primary email. Always use a secondary email with not much information in it (like your name, address, location, etc, while signing up), to sign up to websites, etc. It’s called a dummy account. This can also help with avoiding spam emails in your main email inbox.

 

6- Always make sure to check the validity of the secure encryption certificate on websites, while making any transactions online. Usually if you have an anti-virus installed, it warns you of fake pages.

 

7- Always password protect your data with a strong password that contains letters, numbers and symbols.

 

8- Install a strong anti-virus that gives you protection from the latest threats and protects your offline data as well.

 

9- Never check your emails in a cyber café.

 

10- If you use Wi-Fi, make sure the connection is secure and password protected.

 

These are some simple tips to protect your data and online identity.

 

Moving  on to Facebook safety tips.

 

 

There are many things you can do to keep yourself safe from potential threats and cyber criminals on facebook.

 

1- The most important thing to do is to never make any personal photos public, especially of your kids wearing any swimming clothes. Your photos be used by predators to sell them to certain kinds of websites and are also sold to highest bidders. They can also use these photos to estimate and track your location, if you don‘t already have it mentioned on the profile.

 

2- Don’t make your day-to-day activities public and avoid posting updates about when and where you are traveling. If you do want to post them, make it private or for friends only, but that may not work, as if you add someone, they can now view your activities and jobs, etc. getting all they wanted from your profile.

 

3- Which brings me to my third point, never accept friend requests from individuals who you don’t know or haven’t spoken to. Especially avoid individuals with no profile pics or only a handful of friends when they’ve been members for years. Some of the fake profiles usually just spam search. It’s done by typing in the most common names, when the results show up, they send friend requests to all. Then when their request gets accepted by target, they get to their friends list as well and most accept requests due to them being mutual friends with someone they know and trust. Plus, there’s also a possibility of a sex offender or a PI creating a fake profile to see your ‘friends only’ posts.

 

4- Never post personal likes and dislikes as this can be used against you. Once an individual knows what you like and don’t like, whether it’s food or a movie or anything, they can use that data to either direct you to a phishing website if they’re a cyber predator or if they’re a predator who searches their victims online, they can strike up a conversation with you basing it on common grounds.

 

5- Don’t use the same password you did for you email and other accounts, for your face book account. In fact, never have the same password for all accounts as a general rule.

 

6- If you access facebook on your phone, log out of the facebook app you use, after each visit.

 

7- Post nothing on facebook that you wouldn’t want anyone to know about. Nothing, once it gets on the internet, is safe or private, especially on a social networking site like facebook.

 

8- Be sure to have a good anti-virus installed. There is a possibility of a virus infecting your email list, the virus then sends friend requests to everyone in your email contacts, infecting them with the same virus as well. IIRC, this is done to gain access to not only your personal email, but other email addresses as well, it also leads you to a fake site to get your personal information that you may enter in the form.

 

9- Report suspicious profiles.

 

10- Be careful of external and third-party applications and websites asking permission to access your facebook account information. Once you have given the permission to access your facebook account, the website or application now has access to all of your personal information, including email, number, posts, address, job and location. Never accept it, unless you are absolutely 100% sure that you trust the application and it is reputed as safe to use.

 

11- Visit the help center for more information on facebook safety.

 

12-  Some good tips are mentioned here in this info graphic; http://www.bedfordshire.police.uk/pdf/facebook_safety_tips.pdf

 

Next Part is Safety on Twitter

 

The following are some simple tips to stay safe on twitter.

 

1- Whenever you tweet, never add your location to it. Turn off the ‘add location to tweet’ option from the settings. You can also remove all location information by clicking ‘delete all location information’.

 

2- Strip geo-tag information from your photos before tweeting them. When a photo is tweeted, the location information that many camera phones add to the metadata of the photo file would be provided to anyone viewing the photo, any EXIF viewer software/application that can read the location information embedded in the photo would be able to determine the location of the picture. There are apps available that strip the geo-tag from the pictures; deGeo, metapho and pixelgarde are some of them.

 

3- Enable security and privacy options. The ‘HTTPS Only’ option ‘Settings’ menu will allow you to use Twitter over an encrypted connection which will help protect your login information from being hijacked by hackers using packet sniffers and hacking tools.

 

4- Twitter is actually more public than facebook, which means that you have to keep your personal information very minimal to virtually none. I.e. No phone numbers, no emails and no address in the location section.

 

5- Avoid using any third party apps on twitter. If you have any unrecognized app or an app you don’t remember installing, remove it by revoking its access to your account information from the app tab in your ‘settings’ menu.

 

6- Turn on the ‘protect my tweets’ option. This is a helpful tool when it comes to preventing unwanted individuals from following you on twitter. Once turned on, it will only show the tweets to people that are approved by you. This will not stop the current followers, it’s only for the future ones.

 

7- Remove unwanted or unknown followers. Delete the follower from your Followers list by blocking their account. The user is not notified when you block them, but your tweets no longer show up in their searches or timeline.

 

Here are some good sites with much more information about safety on twitter.

 

 

Safety Tips on Instagram

 

1- When you fill out your profile in instagram, there is a personal information section in the form. Avoid putting in as less information as possible. Avoid especially using your phone number. According to Instagram’s Privacy Policy, even though the phone number is marked as ‘private‘, it’s used by the service that gets you ‘found’ on the network, so anyone with your number can find your instagram account.

 

2- Just like twitter’s geo-tagging, do not tag the location in the images you post on instagram. Especially if you’re on a vacation or something and wanna share the moments.

 

3- Which brings me to my next point, if you post regularly while going to your regular places, and you add locations to those pics, you are basically putting up your schedule on the net for everyone to see. Now anyone can see where you are at what time, especially if your profile is public.

 

4- If you are linking your instagram account to facebook or twitter, make sure the privacy settings on the linked account is private as well, otherwise all your private photos will be posted to facebook and twitter as public.

 

5- This point relates to the above, make your instagram account private, I.e. only visible to those who you give permission to.

 

6- Be careful of the spam links on your account.

 

7- Review the privacy policy of instagram before you begin. https://www.instagram.com/about/legal/privacy/

 

I do not have an instagram account, so I don’t have much knowledge besides what I wrote, here’s a link to help you understand it better. http://sociallyactive.com/instagram-and-kids-a-parents-guide/

 

 

Safety Tips for emailing

 

These are very simple tips. Most of them you might be aware of already.

 

1- Most common one is to never open an email from someone you don’t know/recognize.

 

2- Never open spam emails or reply to them. Use a spam filter.

 

3- Never download or open an attachment, if it is from someone you know, do not open it without scanning it first. For me, Norton is useful for that. Auto-protect does the job.

 

4- Never send any sensitive information or confidential information over email.

 

5- Always log out from the account and delete the form data and history.

 

6- Avoid clicking on the ‘remember me’ option when you log in.

 

7- Change your password fairly regularly and make it a long and strong password with letters, numbers and symbols.

 

8- Never give your emails to suspicious sites or shopping sites. Use an alternate disposable email address for that.

 

9- Avoid using your main email for social media accounts. They store it, if it’s hacked, the hacker now not only has your social media account information, but your email and all of the contacts in it as well.

 

10- Use different emails for different social media accounts.

 

11- Never use the same or similar passwords for any two accounts. Password should be unique to each account.

 

12- Be careful of the phishing scams. Never give your password if asked for, never click on a link that leads to a website directly from your email message, type the main address of the site in the address bar instead, but only after checking its safety rating, there are sites that provide that information.

 

13- Never check email on a public connection.

 

14- Never check email on a public computer and if you do, don‘t forget to log out, clear the form data and cookies. Be in a habit of clearing your history, cookies and form information.

 

Some additional good tips here. http://itservices.tri-c.edu/announcements/email-safety.html

 

Safety tips to secure your wireless connection

 

Without going into too much technical details, I’ll make this category simple and direct to the point as if I did go into details, you‘ll have to spend a whole day on the internet googling the terms. So to begin;

 

1- Turn on WPA2 Encryption on Your Wireless Router. If you have an older router, it will have an older encryption which is easily hackable. You’ll need to upgrade your firmware to WPA2.

 

2- Use the most unique and uncommon name for your network. If it’s one of the common names, you will be on the list with the most common names and will be more susceptible to your password being cracked. According to some sources, even WPA2 may be vulnerable to this kind of hacking.

 

3- This connects to the above point. Use a long and unusual password for your wireless network. The longer the password, the harder it is to crack using the rainbow tables. The max password limit is 64 characters, so go crazy. Wi-fi devices usually store the password as cache, you will have to do this only once, when you connect a new device.

 

4- Turn off the admin via wireless option. What this will do is restrict the hacker’s access to your wireless router’s administrative settings.

 

5- Enable firewall (If your router has it built-in, most do).

 

6- If you are in a smaller house, but the range of the wireless connection is high, reduce it. Decrease the signal range or hide it in a box or in any enclosure that could restrict the signal direction.

 

7- Be careful of something called piggybacking. https://en.wikipedia.org/wiki/Piggybacking_(Internet_access)

 

Remember, nothing is ever truly private once it’s on the internet, despite the profiles being private, they have been hacked and private photos have been leaked. Especially the data on cloud servers. Having a strong password helps, but only so much. Avoid storing any personal information or photos, videos, etc. or anything else you wouldn’t want a stranger to see, offline on a secure usb, scan it every time you plug it in and never plug it in while you‘re connected to the internet.

 

 

A little note – If this article sounded too robotic, it’s due to the detailed subject matter. I had to limit the use of words to make it short, yet informative as possible. This subject is often over-looked when it comes to safety and I had to make sure things weren‘t missed. So I hope you found it useful.

 

That’s it. Thanks for reading.

Advertisements

Cyber safety (This is a reeeeally long one)

In this article I’ll be including a list of cyber threats to watch out for and some tips to be safe against identity and personal data thefts, along with some facebook safety points.

 

Starting with the list of threats. There are a lot of different types of threats, but I’m just going to include the most common ones and how to avoid them. I gathered the following data from different sources that list security threats.

 

Botnets

 

Undetected.

 

A collection of software robots, or ‘bots’, that creates an army of infected computers (known as ‘zombies’) that are remotely controlled by the originator.

 

  • They can send spam emails with viruses attached.
  • They can spread all types of malware.
  • They can use computer as part of a denial of service attack against other systems.

 

Distributed denial-of-service (DDoS) attack

 

When a user gets a network of ‘zombie’ computers to sabotage a specific website or server. The attack happens when the user tells all the zombie computers to contact a specific website or server over and over again. That increase in the volume of traffic overloads the website or server causing it to be slow for legitimate users, sometimes to the point that the website or server shuts down completely.

 

It could be possible for users to use our computer in one of these attacks. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of our computer. They could then force our computer to send huge amounts of data to a website or send spam to particular email addresses. The attacks are “distributed” because the attacker is using multiple computers, including ours, to launch the denial-of-service attacks.

 

 

The most common and obvious type of DDoS attack occurs when an attacker “floods” a network with useless information. When we type a URL into our browser, we are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once. So if an attacker overloads the server with requests, it can’t process ours. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying access to legitimate users.

 

 

Steps to reduce the risk:

  • Anti-virus softwares.
  • Install a powerful Firewall, and configure it to restrict traffic coming into and leaving your computer.
  • Applying email filters may help manage unwanted emails, by automatically processing incoming messages based on certain preset criteria.
  • If the Internet connection is unusually slow or I can’t access certain sites (and that your Internet connection is not down).
  • Avoid opening email attachments, especially if they are from people you don’t know.
  • If signs of a DDoS attack appear and/or persist, contact the ISP.

 

 

Hacking

 

Hacking is a term used to describe actions taken by someone to gain unauthorized access to a computer. The availability of information online on the tools, techniques, and malware makes it easier for even non-technical people to undertake malicious activities.

 

  • They find weaknesses (or pre-existing bugs) in our security settings and exploit them in order to access our information.
  • Install a Trojan horse, providing a back door for hackers to enter and search for our information.

 

 

 

 

Malware

 

Malicious software that infects our computer, such as computer viruses, worms, Trojan horses, spyware, and adware.

 

 

  • Intimidate with ‘scareware‘, which is usually a pop-up message that tells us our computer has a security problem or other false information.
  • Reformat the hard drive of our computer causing us to lose all our information.
  • Alter or delete files on hard drive.
  • Steal private information.
  • Send emails on our behalf.

Take control of our computer and the softwares running on it.

 

Pharming

 

A means to point us to a malicious and illegitimate website by redirecting the legitimate URL. Even if the URL is entered correctly, it can still be redirected to a fake website. Copies the original site down to it’s smallest details to get us to enter our personal details.

 

Phishing

 

Fake emails, text messages and websites created to look like they’re from authentic companies. They’re sent by criminals to steal personal and financial information from us. This is also known as “spoofing”.

 

 

  • Trick us into giving them information by asking us to update, validate or confirm our account. It is often presented in a manner than seems official and intimidating, to encourage us to take action.
  • Provides cyber criminals with our usernames and passwords so that they can access our online bank account, shopping accounts, etc. and steal our credit card information.

 

 

 

Ransomware

 

Ransomware is a type of malware that restricts access to our computer or our files and displays a message that demands payment in order for the restriction to be removed. The two most common means of infection are via phishing emails that contain malicious attachments and website pop-up advertisements.

 

Two types of ransomware;

 

  • Lockscreen: displays an image that prevents us from accessing our computer.
  • Encryption ransomware: encrypts files on our system’s hard drive and sometimes on shared network drives, USB drives, external hard drives, and even some cloud storage drives, preventing us from opening them

 

 

Sometimes the notification states that authorities have detected illegal activity on our computer, and that the payment is a fine to avoid prosecution.

 

Paying doesn’t help.

Regularly back-up data with a removable external storage drive.

 

 

 

Spam

 

Mass distribution of unsolicited messages, advertising or pornography to addresses which can be easily found on the Internet through things like social networking sites, company websites and personal blogs.

 

Phish for your information by tricking you into following links or entering details with too-good-to-be-true offers and promotions.

Provide a vehicle for malware, scams, fraud and threats to your privacy.

 

 

Spoofing

 

Often used with phishing in an attempt to steal information.

 

A website or email address that is created to look like it comes from a legitimate source. An email address may even include our name, or the name of someone we know, making it difficult to discern whether the sender is real or not.

 

  • Spends spam using our email address, or a variation of our email address, to our contact list.
  • Recreates websites that closely resemble the authentic site. This could be a financial institution or other site that requires login or other personal information.

 

 

 

Spyware

 

Software that collects personal information about us without us knowing. They are usually a ‘free’ download and are installed automatically with or without your consent. They are difficult to remove and can infect a computer with viruses.

 

  • It collects information about us without us knowing about it and give it to third parties.
  • Send our usernames, passwords, surfing habits, list of applications we’ve downloaded, settings, and even the version of our operating system to third parties.
  • Change the way our computer runs without our knowledge.
  • Take us to unwanted sites or force uncontrollable pop-up ads on our screen.

 

 

Trojan Horses

 

A program that is disguised as, or embedded within, legitimate software. It is an executable (.exe) file that will install itself and run automatically once it’s downloaded.

 

 

  • Delete our files.
  • Use our computer to hack other computers.
  • Watch us through our web cam (even without turning on the light on the cam).
  • Log our keystrokes (such as a credit card numbers, passwords, etc.).
  • Record usernames, passwords and other personal information.
  • Uploading or downloading of files
  • Viewing the screen of the user
  • Wasting of computer storage and memory resources
  • Causing the computer to crash

 

 

 

Viruses

 

Computer programs that are often sent as an email attachment or a download with the intent of infecting our computer, as well as the computers of everyone in our contact list. Just visiting an insecure site can start an automatic download of a virus.

 

 

  • Send spam.
  • Provide criminals with access to our computer and contact lists.
  • Scan and find personal information like passwords on our computer.
  • Hijack our web browser.
  • Disable our security settings and antivirus programs.
  • Display unwanted ads.

 

 

When a program is running, the virus attached to it could infiltrate our hard drive and also spread to USB keys and external hard drives. Any attachment we create using this program and send to someone else could also infect them with the virus.

 

Things to check for:

  • It takes longer than usual for the computer to start up, it restarts on its own or doesn’t start up at all.
  • It takes a long time to launch a program.
  • Files and data have disappeared.
  • System and programs crash constantly.
  • The homepage set on the web browser is different (note that this could be caused by Adware that has been installed on the computer).
  • Web pages are slow to load.
  • Computer screen looks distorted.
  • Programs are running without our control.

 

 

Wi-Fi Eavesdropping

 

Virtual “listening in” on information that’s shared over an unsecure (not encrypted) WiFi network.

 

 

 

Worms

 

A worm, unlike a virus, goes to work on its own without attaching itself to files or programs. It lives in our computer memory, doesn’t damage or alter the hard drive and propagates by sending itself to other computers in a network – whether within a company or the Internet itself.

 

 

  • Spread to everyone in our contact list.
  • Cause a tremendous amount of damage by shutting down parts of the Internet, wreaking havoc on an internal network and costing companies enormous amounts of lost revenue.

 

 

Different Network Threats

 

The majority of security professionals group the various threats to network security in one of two significant categories. They are logic attacks or resource attacks.

 

 

Logic attacks

…are famed for taking advantage of already extant vulnerabilities and bugs in programs with the stated intention of causing a system to crash. There are cyber criminals who exploit this attack with the intention of willfully gaining illegal access to the system, or alternatively of downgrading the performance of a given network.

 

 

Resource Attacks

…are primarily meant to overwhelm important system resources, like RAM and CPU resources. This is principally accomplished via dispatching numerous forged requests or IP packets to the network in question.

 

 

Keylogger

 

Keeps a record of every keystroke you made on your keyboard. Keylogger is a very powerful threat to steal people’s login credential such as username and password. It is also usually a sub-function of a powerful Trojan (see above).

 

 

Adware

 

Form of threat where our computer will start popping out a lot of advertisement. It can be from non-adult materials to adult materials because any ads will make the host some money. It is not really harmful threat but can be pretty annoying.

 

 

 

Backdoor

 

It’s not really a Malware, but it is a form of method where once a system is vulnerable to this method, attacker will be able to bypass all the regular authentication service. It is usually installed before any virus or Trojan infection because having a backdoor installed will ease the transfer effort of those threats.

 

 

 

Wabbits

 

It’s a self-replicating threat but it does not work like a Virus or Worms. It does not harm our system like a Virus and it does not replicate via our LAN network like a Worm. An example of Wabbit’s attack is the fork bomb, a form of DDoS attack.

 

 

Exploit

 

Exploit is a form of software which is programmed specifically to attack certain vulnerability. If our web browser is vulnerable to some out-dated vulnerable flash plugin, an exploit will work only on our web browser and plugin. The way to avoid hitting into exploit is to always patch our programs with software patches, they’re made to fix vulnerabilities.

 

 

 

Dialer

 

This threat is more existent where we still access the internet using a dial-up modem. What it does is it will make use of our internet modem to dial international numbers which are pretty costly. Today, this type of threat is more existent on Android phones because it can make use of the phone call to send SMS to premium numbers.

 

 

 

Dropper

 

Looking at the name, a Dropper is designed to drop into a computer and install something useful to the attacker such as Malware or Backdoor. There are two types of Dropper where one is to immediately drop and install to avoid Antivirus detection. Another type of Dropper is it will only drop a small file where this small file will auto trigger a download process to download the Malware.

 

 

 

Fake AV

 

Fake Antivirus threat is a very popular threat among Mac users. Due to the reason that Mac users seldom face a virus infection, scaring them with message which tells them that their computer is infected with virus is pretty useful where it results them into purchasing a bogus antivirus which does nothing.

 

 

 

Cookies

 

Cookies is not really a Malware. It is just something used by most websites to store something into our computer. It is here because it has the ability to store things into our computer and track our activities within the site. We can choose to reject using cookies for some of the sites which we do not know.

 

 

 

Bluesnarfing

 

Bluesnarfing  is all about having an unauthorized access to a specific mobile phones, laptop, or PDA via Bluetooth connection. By having such unauthorized access, personal stuff such as photos, calender, contacts and SMS will all be revealed and probably even stolen.

 

 

 

Bluejacking

 

Bluejacking is also uses the Bluetooth technology but it is not as serious as Bluesnarfing. What it does is it will connect to our Bluetooth device and send some message to another Bluetooth device. It is not as damaging to our privacy or device and system compared to Bluesnarfing.

 

 

 

 

 

Boot Sector Virus

 

It is a virus that places its own codes into computer DOS boot sector or also known as the Master Boot Record. It will only start if there it is injected during the boot up period where the damage is high but difficult to infect. All the victim need to do if they realize there is a boot sector virus is to remove all the bootable drive so that this particular virus will not be able to boot.

 

 

Browser Hijackers

 

A browser hijacker uses the Trojan Malware to take control of the victim’s web browsing session. It is extremely dangerous especially when the victim is trying to send some money via online banking because that is the best time for the hijacker to alter the destination of the bank account and even amount.

 

 

 

Mousetrapping

 

It traps our web browser to a particular website. If we try to go to another website, it will automatically redirect us back. If we try clicking forward/backward navigation buttons, it will still redirect back to it. If we close our browser and re-open it, it will set the homepage to that website and we can’t get out of this threat unless we remove it.

 

 

SQL Injection

 

SQL injection does not infect the end users directly. It is more towards infecting a website which is vulnerable to this attack. What it does is it will gain unauthorized access to the database and the attacker can retrieve all the valuable information stored in the site database.

 

There are sub-threats of these main threats. Different variations of these threats exist as well. There are over 500,000 different kinds of threats on the internet (estimated).

 

Here is a security threat list site for some interesting articles – https://securelist.com/

 

That’s the end of part 1 – Part 2 Covers some additional online safety measures for social media.