15:05 31.01.2023

Author IVAN KOPYCHENKO

Digital Hygiene (Anti-)Advisor

8 min read
Digital Hygiene (Anti-)Advisor

Ivan Kopychenko, expert in digital technologies, EGAP Program regional coordinator in the Odesa Oblast at East Europe Foundation

 

Systematic check is a must not only for the human body, but also for all the electronic devices that are used on a daily basis. Smartphones, laptops, tablets, and even a coffee machine know more about us than we think! And they can easily become tools for fraudsters who want to steal our personal data.

Despite this, Ukrainians often take lightly the dangers that lurk online. I have put together five pieces of anti-advice that are most often heeded by people who neglect their own cyber hygiene. Check if this list contains anything that you might misuse occasionally.

Advice 1. Ignore legal software

- What, another update on my smartphone? I’ll do it later!

Almost 100% of updates on our smartphones protect against data vulnerabilities. When they lose their relevance, they may be published online. If you fail to update your gadget promptly, fraudsters can take advantage of this and carry out a hacker attack.

- Okay, Google, what about other devices?

Software updates are one of the key security factors not only for your smartphone, but also for all devices that have access to the Internet.

At present, a problem exists in Ukraine with unlicensed, or the so-called ‘pirated’ software. Its use dramatically raises the risk of computer damage by a virus, may result in your confidential information being leaked publicly or even in any home appliance connected to the network being hacked.

This was proved by an experiment performed by Avast employees who were able to hack the coffee machine software and make it spray water randomly, demanding via a menu a ransom to stop this outrage.

To secure your gadgets, use commercial software or its free official alternatives. For example, the Open Office suite is a great alternative to the popular Office 365. Whereas CCleaner, the cache cleaning utility, is in no way inferior to the commercial LifeLock.

Advice 2. Install free antivirus software of unknown origin

If you never saw the film ‘The Secret’ and have no idea of a secret that had caused global mass hysteria in the ‘noughties’, here’s a spoiler alert for you.

Sometimes antivirus software on your PC is not what it seems!

Using antivirus software on your computer or smartphone is one of the best cybersecurity practices. It can protect your device from most known cyber-attacks. However, not all antivirus programmes are in fact useful.

Sometimes malware often masquerades as free ‘antivirus programme’ to steal user data. VPNPro researchers found several such antivirus viruses for smartphones in 2019:

●       Security Master — 500 million downloads;

●       Virus Cleaner 2019 — 50 million downloads;

●       Virus Cleaner, Antivirus, Cleaner (Max Security) — 50 million downloads;

●       Super Phone Cleaner: Virus Cleaner, Phone Cleaner — 50 million downloads;

●       Antivirus Free 2019 — 10 million downloads;

●      Clean Master — 1 million downloads.

 

 

How to make the right choice and identify a bona fide antivirus programme? First, pay attention to well-known antivirus software that was not developed in the countries from the sanctions list, such as Russia, Iran, Syria, North Korea, Venezuela, Myanmar, Eritrea or Cuba. Download software from official sources only. If you have Microsoft Windows installed, switch to a version that was released after 2010 — older releases like Windows 7 have not received updates for quite a while.

You can also use VirusTotal, a free online service. It offers more than 70 antivirus utilities that would check your files online for threats without the need for downloads.


 

Advice 3. Use the same password for all accounts

According to a password security report published in 2019, more than half of respondents share passwords with their co-workers. 50% of them use the same password for multiple accounts, and only one third use two-factor authentication to protect their accounts.

Each account must have a password that is resistant to hacker manipulation. What should it look like?

First, it must contain many mixed case characters. It is also advisable to add numbers and special symbols, such as percent sign, hash, copyright symbol — anything that would confuse fraudsters and prevent them from hacking the account by guessing the password (staging a brute force attack).

Two-factor authentication should also be kept in mind. Should your password be stolen, criminals would be unable to log in to your account without knowing your phone number.

Besides, using password managers and data encryption is recommended. This may include asymmetric PGP encryption for email, where dedicated software exists, or secret chats for instant messengers.

 Advice 4. Always share your personal data on demand, especially if this is Diia’s official website!

Phishing websites are among the most common online scams. These are chameleon resources that masquerade as websites of banks, official institutions, or even charitable organisations in order to lure personal data from users. Whenever you visit such a site, your phone number, usernames and passwords to your accounts, along with bank card codes are potentially exposed.

An example of such scam was a fake website of the Unified State Register of Declarations of Persons Authorised to Perform the Functions of the State or Local Self-government, which was set up in 2018. Missing letters in the website title, along with the wrong domain address in the browser’s address bar helped to distinguish the fake from the original.

And in 2021, hackers imitated a Diia portal page to harvest credit card and ID numbers of Ukrainians. The fake website promised payments of eight thousand hryvnias to those citizens who found themselves in the red zone during the COVID-19 epidemic.

Source: cybercalm

Note the font and errors in the description — the real Diia portal has none of them.

How the hook of phishing websites can be avoided? Pay attention to the visual component — an unusual design and the presence of grammatical errors may already indicate a fake.

Phishing resources can be sometimes well disguised; therefore, you need to check the website’s domain name (for example, criminals used privatbank.in.ua instead of the actual address privatbank.ua, or and mono.org.ua instead of monobank.ua).

Update your browser to the latest version to receive timely notifications about security hazards. Furthermore, never enter your personal data on any resources!

Baiting is another example of cyber fraud. This is a scheme where malicious USB flash drives are planted on your computer in order to infect it with viruses, destroy confidential or official information, or even to install ‘wiretapping’. A USB flash drive may contain links to the same phishing websites used by criminals in order to lure your funds.

This fraud is especially widespread in office environment where it is difficult to keep track of all actions on your work PC. To protect yourself, check all the USB devices that get connected to your computer (yes, yes, even the USB flash drive that a colleague gave you as a new year gift!). If the medium has some suspicious files, you should better delete them without even opening.

Advice 5. Fact-checking is for nerds. True pros would only rely on their gut feelings!

In layman’s terms, fact-checking means good digital hygiene skills, ability to counteract fakes and verify facts.

Chicken Little, a 1943 Disney cartoon, is a good example of the effect that fake information may have on the collective subconscious. In the story, the fox manipulates chickens, convincing them that the sky is about to fall on their heads (source: the ‘How to avoid becoming a vegetable’ YouTube channel). The birds ignore checking this information, pin their faith on this hoax, fall under the influence of the herd instinct and start to panic. Eventually, they hide in a cave, where the fox is already waiting for them, expecting a nice dinner.

So, how fakes can be avoided? Check information across three, or better yet, five sources, and always look for the original source. Pay attention to news headlines — respectable resources would tend to avoid clickbait (flashy) headlines in capital letters.

Do not let any manipulations related to massive shelling take over your mind. Don’t read dubious Telegram channels or Internet cesspits. Even the national intelligence service has no information about any attacks that are about to happen tomorrow; obviously, this information can never be available to administrators of the channel that advertises top 20 films worth watching during the blackout.

After heavy shelling is over, Ukrainians tend to channel their rage into the support for the Armed Forces of Ukraine, which is the time when fraudsters become particularly active. Therefore, we recommend donating only to well-established charities, such as Come Back Alive, Hospitallers, Serhii Prytula Foundation, United 24, and using banking details from official and Internet banking sources.

If you don’t care about your personal cyber hygiene, you put under risk your family, the ‘health’ of your employer’s workflow system, and even the country’s welfare. So, let us march towards victory not only digitalised, but also well-informed!

AD
AD
AD
AD
AD