Stay safe from online scam in 2020
What Is Hacking?
- Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks.
- And while hacking might not always be for malicious purposes, nowadays most references to hacking, and hackers, characterize it/them as an unlawful activity by cybercriminals—motivated by financial gain, protest, information gathering (spying), and even just for the “fun” of the challenge.
What Is Social Engineering?
- Hacking is typically technical (like creating malvertising that deposits malware in a drive-by attack requiring no user interaction).
- But hackers can also use psychology to trick the user into clicking on a malicious attachment or providing personal data. These tactics are referred to as “social engineering.”
Different Type Of Hackers
White Hat Hacker
- First up, we have the perfect hacker to break the stereotype.The white-hat hacker is a good guy, as ironic as it may sound.
- White Hackers, white hat hackers, or ethical hackers are the people who test existing internet infrastructures to research loopholes in the system.
- They create algorithms and perform multiple methodologies to break into systems, only to strengthen them.
- Think of this as a lock pick, who would work his way around locks, only to inform the owners of how to make the locks work better.
- Famous white hat hackers have historically been pivotal in ensuring that large corporations maintain a strong network framework so it is unbreakable against all other types of hacking.
- From being employees of the Government to being private consultants, white hackers help the internet be a better and safer place.
Black Hat Hacker
- Put, these are the bad guys.
- Black hat hackers are responsible for all that is wrong with hacking.
- These guys break into systems purely with negative intentions.
- From stealing credit card information to altering public databases, a black hat hacker looks to gain fame or monetary enjoys exploiting the loopholes in internet frameworks.
- Famous black hat hackers have notoriously robbed banks and financial institutions of millions of dollars and invaluable private data.
Grey Hat Hacker
- A grey hat hacker usually has mixed intentions.
- As the color code implies, this hacker type does not have the good intentions of a white hat hacker, nor does he have the ill intentions of a black hacker.
- A grey hat would break into systems, but never for his own benefit.
- Famous grey hat hackers have exploited systems only to make the information public, and to bring to limelight vast datasets of information that contains wrongdoings.
What Is A Trojan?
- A Trojan horse, or Trojan, is a malicious code or software that looks legitimate but can take control of your computer.
- Trojan damages, disrupt, steal, or inflict some other harmful action on your data or network.
- A Trojan acts as a bona fide application or file to trick you. It seeks to deceive you into loading and executing the malware on your device.
- Once installed, a Trojan can perform the action it was designed for.
- A Trojan is sometimes called a Trojan virus or a Trojan horse virus, but that’s a misnomer. Viruses can execute and replicate themselves.
- A user has to execute Trojans. Trojan malware and Trojan virus are often used interchangeably.
- Whether you prefer calling it Trojan malware or a Trojan virus, it’s smart to know how this infiltrator works and what you can do to keep your devices safe.
How Do Trojans Work?
Here’s a Trojan malware example to show how it works.
- You might think you’ve received an email from someone you know and click on what looks like a legitimate attachment. But you’ve been fooled. The email is from a cybercriminal, and the file you clicked on — and downloaded and opened — has installed a malware on your device.
- When you execute the program, the malware can spread to other files and damage your computer.
- How? It varies. Trojans do different things. But you’ll probably wish they weren’t doing any of them on your device.
Common Types Of Trojan Malware, From A to Z
- Backdoor Trojan – This Trojan can create a “backdoor” on your computer. It lets an attacker access your computer and control it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your device.
- Distributed Denial of Service (DDoS) attack Trojan – This Trojan performs DDoS attacks. The idea is to take down a network by flooding it with traffic. That traffic comes from your infected computer and others.
- Downloader Trojan – This Trojan targets your already-infected computer. It downloads and installs new versions of malicious programs. These can include Trojans and adware.
- Fake AV Trojan – This Trojan behaves like antivirus software but demands money from you to detect and remove threats, whether they’re real or fake.
- Game-thief Trojan – The losers here may be online gamers. This Trojan seeks to steal their account information.
- Infostealer Trojan – As it sounds, this Trojan is after data on your infected computer.
- Mailfinder Trojan – This Trojan seeks to steal the email addresses you’ve accumulated on your device.
- Ransom Trojan – This Trojan seeks a ransom to undo the damage it has done to your computer. This can include blocking your data or impairing your computer’s performance.
- Remote Access Trojan – This Trojan can give an attacker full control over your computer via a remote network connection. Its uses include stealing your information or spying on you.
- Rootkit Trojan – A rootkit aims to hide or obscure an object on your infected computer. The idea? To extend the time a malicious program runs on your device.
- SMS Trojan – This Trojan infects your mobile device and can send and intercept text messages. Texts to premium-rate numbers can drive up your phone costs.
- Trojan banker – This Trojan takes aim at your financial accounts. It’s designed to steal your account information for all the things you do online. That includes banking, credit card, and bill payment data.
- Trojan IM – This Trojan targets instant messaging. It steals your logins and passwords on IM platforms.
- That’s just a sample. There are a lot more.
Examples Of Trojan
Emotet Banking Trojan
- After a long hiatus, Emotet’s activity increased in the last few months of 2017, according to the Symantec 2018 Internet Security Threat Report. Detections increased by 2,000 percent in that period. Emotet steals financial information.
- This malware has been around since 2013. More recently, it can deliver ransomware or a crypto Jacker (allowing criminals to use your device to mine for cryptocurrency) to infected computers. “The growth in coin mining in the final months of 2017 was immense,” the 2018 Internet Security Threat Report notes. “Overall coin-mining activity increased by 34,000 percent over the course of the year.”
- This banking Trojan is another oldie but baddie. Zeus/Zbot source code was first released in 2011. It uses keystroke logging — recording your keystrokes as you log into your bank account, for instance — to steal your credentials and perhaps your account balance.
How Trojans Impact Mobile Devices?
- Trojans aren’t problems for only laptop and desktop computers.
- They can also impact your mobile devices, including cell phones and tablets.
- A Trojan comes attached to what looks like a legitimate program.
- In reality, it is a fake version of the app, loaded up with malware.
- Cybercriminals will usually place them on unofficial and pirate app markets for unsuspecting users to download.
- In addition, these apps can also steal information from your device, and generate revenue by sending premium SMS texts.
- One form of Trojan malware has targeted Android devices specifically.
- Called Switcher Trojan, it infects users’ devices to attack the routers on their wireless networks.
- The result? Cybercriminals could redirect traffic on the Wi-Fi-connected devices and use them to commit various crimes.
What Is Encryption And How Does It Protect Your Data?
- Encryption is the process that scrambles readable text so it can only be read by the person who has the secret code, or decryption key. It helps provide data security for sensitive information.
- Vast amounts of personal information are managed online and stored in the cloud or on servers with an ongoing connection to the web.
- It’s nearly impossible to do the business of any kind without your personal data ending up in an organization’s networked computer system, which is why it’s important to know how to help keep that data private.
- Encryption plays an essential role.
How Does Encryption Work?
- Encryption is taking plain text, like a text message or email, and scrambling it into an unreadable format — called “ciphertext.”
- This helps protect the confidentiality of digital data either stored on computer systems or transmitted through a network like the internet.
- When the intended recipient accesses the message, the information is translated back to its original form. This is called decryption.
- To unlock the message, both the sender and the recipient have to use a “secret” encryption key — a collection of algorithms that scramble and unscramble data back to a readable format.
Symmetric & Asymmetric Encryption: What’s The Difference?
- An encryption key is a series of numbers used to encrypt and decrypt data. Encryption keys are created with algorithms. Each key is random and unique.
- There are two types of encryption systems: symmetric encryption and asymmetric encryption. Here’s how they’re different.
- Symmetric encryption uses a single password to encrypt and decrypt data.
- Asymmetric encryption uses two keys for encryption and decryption. A public key, which is shared among users encrypts the data. A private key, which is not shared decrypts the data.
Types Of Encryption
There are several types of encryption, each developed with different needs and security needs in mind. Here are the most common examples of encryption.
Data Encryption Standard (DES)
- Data Encryption Standard is considered a low-level encryption standard. The U.S. government established the standard in 1977.
- Because of advances in technology and decreases in the cost of hardware, DES is obsolete for protecting sensitive data.
- Triple DES runs DES encryption three times. Here’s how it works: It encrypts, decrypts, and encrypts data — thus, “triple.”
- It strengthens the original DES standard, which became regarded as too weak an encryption for sensitive data.
- RSA takes its name from the familial initials of three computer scientists. It uses a strong and popular algorithm for encryption.
- RSA is popular because of its key length and therefore widely used for secure data transmission.
Advanced Encryption Standard (AES)
- Advanced Encryption Standard is the U.S. government standard as of 2002. AES is used worldwide.
- TwoFish is one of the fastest encryption algorithms and is free for anyone to use. It’s used in hardware and software.
3 Reasons Why Encryption Matters
Why is encryption important? Here are three reasons:
Internet privacy concerns are real
- Encryption helps protect your online privacy by turning personal information into “for your eyes only” messages intended only for the parties that need them — and no one else.
- You should make sure that your emails are being sent over an encrypted connection, or that you are encrypting each message.
- Most email clients come with the option for encryption in their Settings menu, and if you check your email with a web browser, take a moment to ensure that SSL encryption is available.
Hacking is big business
- Cybercrime is a global business, often run by multinational outfits.
- Many of the large-scale data breaches that you may have heard about in the news show that cybercriminals are often out to steal personal information for financial gain.
Regulations demand it
- The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers to implement security features that help protect patients’ sensitive health information online.
- Institutions of higher learning must take similar steps under the Family Education Rights and Privacy Act (FERPA) to protect student records.
- Retailers must contend with the Fair Credit Practices Act (FCPA) and similar laws that help protect consumers.
Encryption helps businesses stay compliant with regulatory requirements and standards. It also helps protect the valuable data of their customers.
Using Encryption Via SSL
- Most legitimate websites use what is called “secure sockets layer” (SSL), which is a form of encrypting data when it is being sent to and from a website. This keeps attackers from accessing that data while it is in transit.
- Look for the padlock icon in the URL bar, and the “s” in the “HTTP://” to make sure you are conducting secure, encrypted transactions online.
It’s a good idea to access sites using SSL when:
- You store or send sensitive data online. If you use the internet to carry out tasks such as filing your taxes, making purchases, renewing your driver’s license, or conducting any other personal business, visiting sites using SSL is a good idea.
- Your work requires it. Your workplace may have encryption protocols, or it may be subject to regulations that require encryption. In these cases, encryption is a must.
How Ransomware Uses Encryption To Commit Cyber-crimes?
Encryption protects your data, but encryption can also be used against you.
For instance, targeted ransomware is a cybercrime that can impact organizations of all sizes, including government offices. Ransomware can also target individual computer users.
How do ransomware attacks occur?
- Attackers deploy ransomware to encrypt various devices, including computers and servers.
- The attackers often demand a ransom before they provide a key to decrypt the encrypted data.
- Ransomware attacks against government agencies can shut down services, making it hard to get a permit, get a marriage license, or pay a tax bill, for instance.
- Targeted attacks are often aimed at large organizations, but ransomware attacks can also happen to you.
How to Keep Your Online Activity and Identity Private ?
Today, your continuously connected lives are leaving behind a trail of data from your electronic devices.
From the apps on your smartphones, your browser history on your computer, to the data on your fitness tracking device- anything that is connected to the Internet is storing information.
What Information is Okay to Share Online?
- While all this abundance of information sharing may seem alarming, there are good reasons for it.
- It’s very natural to hit the “accept” popup when your device asks for allowing Cookies, location services, or to access other features of your device to be used by certain Apps or programs.
- We often do this without thinking of the privacy ramifications. Companies actually need to track certain information in order for their products to work.
- Therefore, these technologies help facilitate GPS directions, localized search results to find a nearby restaurant, and help improve the targeting of ads.
- Remember- You are in control of what information you share about yourself online.
- Research privacy policies and block access to suspicious requests from Apps or programs.
- If you have social media accounts, be sure to check those privacy settings too.
Risks to Privacy with Connected Devices
- The downside to this information sharing is that there are also ways in which your privacy can be compromised, illegally or unintentionally.
- Unfortunately, some companies do not think of security first and focus on the functionality of their product primarily.
- With the emerging Internet of Things, most of the new gadgets we bring into our homes now can connect to Wi-Fi.
- This means Internet-connected devices such as streaming security cameras, light bulbs, thermostats, and smart home products all have computers in them that store data.
- Most of these technologies have security issues, such as default passwords left unchanged once installed, to unsecured routers protecting these devices.
- As a result, cybercriminals with nefarious intent can bypass the poor security included in these devices.
- The key to protecting your privacy is learning how to properly set up and secure all of your connected devices.
Online/Internet Scams and How to Stay Safe from Online Scam?
Internet scams are different methodologies of Fraud, facilitated by cybercriminals on the Internet.
Scams can happen in a myriad of ways- via phishing emails, social media, SMS messages on your mobile phone, fake tech support phone calls, shareware, and more.
The main purpose of these types of scams can range from credit card theft, capturing user login and password credentials, and even identity theft.
Most Common Types of Online Scams
- The top online scam today is Phishing. Internet thieves prey on unsuspecting users by sending out phishing emails. In these emails, a cybercriminal tries to trick you into believing you are logging into a trusted website that you normally do business with. This could be a bank, your social media account, an online shopping website, shipping companies, cloud storage companies and more.
- Another type of popular phishing scam is the Nigerian Prince or 419 scams. These are phishing emails in which you’re asked to help bring large sums of money into the country, cash phony money orders, or wire money to the thief. The trick is that the scammer first asks you for a small fee because the larger sum of money is “tied up” whether it be in wire transfer fees, processing fees, or some other tall tale.
- One close to our industry is fake security software, which is also known as shareware. These start with a pop-up warning saying that you have a virus. Then the pop-up leads the user to believe that if they click on the link, the infection will get cleaned up. Cybercriminals use the promise of “Free Anti-Virus” to instead implant malware on a victim’s device.
Social Media Scams
- Social media scams are a variety of posts you will see in your news feeds- all with the goal of getting you to click on a link that could potentially host malware.
- Mobile scams can come in many forms, but the most common are phishing apps. These apps look like the real thing, just like phishing emails. It is exactly the same premise, however, instead of emails, the malware is passed through a fake app.
Social Engineering Scams
- Social engineering is a way that cybercriminals use human-to-human interaction to get the user to divulge sensitive information. Since social engineering is based on human nature and emotional reactions, there are many ways that attackers can try to trick you- online and offline.
How To Help Protect Against Trojans?
- Here are some DOs and DON’Ts to help protect against Trojan malware.
- First, the DOs :
- Computer security begins with installing and running an internet security suite. Run periodic diagnostic scans with your software. You can set it up so the program runs scans automatically during regular intervals.
- Update your operating system’s software as soon as updates are made available from the software company. Cybercriminals exploit security holes in outdated software programs. Besides operating system updates, also check for updates on other software that you use on your computer.
- Protect your accounts with complex, unique passwords. Create a unique password for each account using a complex combination of letters, numbers, and symbols.
- Keep your personal information safe with firewalls.
- Back up your files regularly. If a Trojan infects your computer, this will help you restore your data.
- Be careful with email attachments. To help stay safe, scan an email attachment first.
- A lot of things you should come with a corresponding thing not to do — like, be careful with email attachments, and don’t click on suspicious email attachments.
- Here are some more don’ts.
- Don’t visit unsafe websites. Some internet security software will alert you you’re about to visit an unsafe site, such as Norton Safe Web.
- Don’t open a link in an email unless you’re confident it comes from a legitimate source. Avoid opening unsolicited emails from senders you don’t know.
- Don’t download or install programs if you don’t have complete trust in the publisher.
- Don’t click on pop-up windows that promise free programs that perform useful tasks.
- Never open a link in an email unless you know exactly what it is.
- First, the DOs :
Tips To Help Protect Your Devices Against Ransomware Attacks
- Install and use trusted security software on all your devices, including your mobile phone.
- Keep your security software up to date. It can help protect your devices against cyberattacks.
- Update your operating system and other software. This can patch security vulnerabilities.
- Avoid reflexively opening email attachments. Why? Email is one of the principal methods for delivering ransomware.
- Be wary of any email attachment that advises you to enable macros to view its content. If you enable macros, macro malware can infect multiple files.
- Back up your data to an external hard drive. If you’re the victim of a ransomware attack, you’ll likely be able to restore your files once the malware has been cleaned up.
- Consider using cloud services. This can help mitigate ransomware infection, since many clouds services keep previous versions of files, allowing you to “roll back” to the unencrypted form.
- Don’t pay the ransom. You could pay a ransom hoping to get your files back — but you might not get them back. There’s no guarantee the cybercriminal will release your data.
- Encryption is essential to help protect your sensitive personal information. But with ransomware attacks, it can be used against you. It’s smart to help you gain the benefits and avoid the harm.
130+ Ransomware Decryption Tools – Protect your System (Prevention Advice)
130+ Ransomware Decryption Tools
- Before downloading and starting the solution, read the how-to guide. Make sure you remove the malware from your system first, otherwise it will repeatedly lock your system or encrypt files. Any reliable antivirus solution can do this for you.
That’s all for today’s detailed guide on how to stay safe from online scam in the year 2020.