Posts Tagged ‘digital security’

Digital Self-defence

Posted: March 24, 2020 by Jonathan Fader in Self-defence in General
Tags: , , , ,

This is the first of three sections expanding on the original piece titled, Self-defense is Not Just Physical.

As much as you may try to resist, myself included, the future of humanity is looking more and more digital. I am a member of the “bridge generation;” I was born before the wide spread use of the internet, but was also fortunate to have it in my home early. Though I am not a tech wiz, I am fairly comfortable with technology (to a degree). For some tasks I prefer the old ways, like taking notes by hand (who am I kidding? I won’t read them either way), for others I prefer the new ways, like listening to audio books rather than reading (It’s more efficient since I can’t read and drive, but I can listen and drive!)

No matter your preference, it is here and it is not going anywhere; so you need to adapt or proverbially die. While it is easy to simply think of self-defence as responding to a physical attack, don’t forget that there are many ways you need to protect yourself in the 21st century; which now includes our digital self.

While your data and information is more secure, there are alos more ways to attack it. Additionally, many companies, like Google or Apple, are selling your information to the highest bidder. Remember, their “free” services are not the real product, you are. The thought of which, as a human being who prefers some level of privacy, can be quite disturbing. So how do you protect yourself in the increasingly digital world?

First off, get educated. If you are one of those people who refuses to learn how to use technology, I am sorry, but you will find yourself in the dust as you become more and more reliant on those around you who do understand it. If you are a parent, this often means your children. Consider also that, trust me, if they know how to use technology better than you, there is very little you will be able to do to protect them from all the internet has to offer; they will find a path to it. When it comes to technology and how to use it, your kids may actually be smarter than you.

So now is the time Start learning!

When it comes to protecting your online data, something to remember is that criminals are always looking for new ways to steal from you. So, learning a few ways to protect yourself will help stop them, as cyber-criminals generally do not want to waste their time on difficult targets. Like on the street, predators attack the weak.

Passwords

There is a reason that passwords are no longer the only way to protect digital content. Most people choose garbage ones. If your password is a standard one that anyone might use, or is easy to guess by perusing your Facebook page, then you may find yourself getting hacked; especially if all your information is public.

Terrible passwords are still shockingly common, for example “password,” “123456,” or “QWERTY.” You are not clever, you are being lazy if these are what you are using. Also, using anything related to your birthday, your children, or your pet’s name can be very easy for hackers to figure out.

Modern standards recommend passwords that are comprised of long strings of randomly generated numbers and symbols. These are not only impossible to guess, they are also impossible to remember. Example: dtN6Vn-X@2yqGhe^

While these are very strong passwords, as it would take forever to decrypt one, you will likely rely on Google or Apple to remember them for you, making it unlikely you will remember it in an emergency.

Though not as strong as a random string, a “Passphrase” is a good option. This is a string of unconnected words, with both caps and lower case, maybe even 1 or 2 numbers or symbols added in, that are much easier to remember. Example: PurpleMonkeyHeart1(

No these are not passwords I use so don’t bother trying.

By being random and having unconnected words, passphrases make it much harder for even the best hacker to “brute force” through.

With that being said, if they really want to they can probably get in, that is why they started adding multi-factor authentication to most systems. The most common of these being two-factor authentication (2FA) or two-step verification, confirming you identity via a code sent to your e-mail or phone number. Though, as I recently found out, there are scams that can even get around this!

The best two-step verification is actually to have a verification program on your phone that randomly generates a verification code when you log in, which changes every minute or so. These are very, very, very difficult to get around, but, if you lose the device it is on you may end up getting locked out in the end (it happened with a lot of crypto-currency accounts that required such security).

No matter what password you use, just make sure you don’t use the same one for everything, that you change them periodically, and that you ensure they are strong and something you can remember with out help.

IP Protection

Before looking at Internet Protocol (IP) protection, let’s talk about what an IP is.

An IP is essentially your digital address. Every device connected to the internet has one.

They look like this 45.85.91.20

While it’s a bit more complicated than that, for the sake of this article let’s keep it to that.

Why should you protect your IP? Easy, it is another way to help prevent people easily getting into your computer and data. This includes both malicious hackers, data-mining companies, and the government.

Where it once took high level tech, knowledge, and skills to mask your IP address, now you can purchase and set up what is called a Virtual Private Network (VPN).

Essentially, a VPN sets up a second IP to mask your actual one. You can even set your false IP to indicate that you are in another country, making it hard for people to figure out where exactly you are. Yes, this includes the government. Generally, unlike the movies, most government agencies will have a hard time tracking you if you have a VPN, or multiple VPNs, set up. While eventually they could track you, it will take time and resources; which, in most cases, is not worth their time.

Outside of protecting yourself from “Big Brother” it really just makes it harder for hackers to break into your computer or network, encouraging them to seek easier prey.

Consider also, if you regularly use public wifi and do not have a VPN set up on your computer, phone, or tablet you may not be as protected as you think. Public networks, such as those at Starbucks, are easy targets for criminals looking to get into your computer. And trust me, you will not even know they are there in your device until it is to late.

So what are you waiting for? Mask your IP and protect your devices today!

Various Scams

Last but not least, Scammers. These are, generally, the main threats that you have to protect yourself from. Once someone is able to get into your system they can steal all your information. While there are numerous ongoing scams out there, I am only going to cover a few to give you an idea of how people can bypass security. From least sophisticated to most sophisticated:

Send me money…

These scams are as old as, well, people and society (I think). The only difference is now, instead of getting a person at the door or a physical mail, you will get an email. These scams are easy to spot if you know how to look, and they usually target vulnerable groups like the elderly and immigrants. (To accomplish this, they are often written with poor grammar, as the sub-par writing eliminates people who are too educated or discerning to be viable targets.)

Actually, as a martial arts gym I regularly get these.

An email that starts with “Dear Sir or Madam” is usually a red flag, as it’s probably someone who paid to get your email and does not actually know who you are.

Common approaches are people pretending to be long lost relatives in need of money because of financial hardship, or someone stuck in another country.

In general, the best way to deal with them, other than learning to spot them right away, is to start asking questions. If they cannot give you detailed answers without you giving them information first, it might just be a scam.

The example I am going to use is the one I usually have to deal with:

It’s typically someone asking for private lessons for 2-3 kids. They state that they will send a private driver with a (fake) cashier’s check for much more than the agreed amount, asking that reimburse them for the difference and give the cash to the driver. Usually they want cash, or if they say “give the credit card to the driver” it means they want to copy it.

The first time I got this I took it seriously, now any time someone asks for private lessons involving a private driver and kids, I usually just ignore it. Remember, if it sounds to good to be true, it probably is. Additionally, if it seems suspicious (and convoluted), it probably is.

Guard your information, particularly your credit card information, and never give money to someone who is supposed to pay you (that one should be a no-brainier)

Phishing Scams

What is a phising scam? Wikipedia says this:

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.[1][2] Typically carried out by email spoofing[3] or instant messaging,[4] it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.[5]

Phishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sitesauction sites, banks, online payment processors or IT administrators.[6]

These scams usually require you clicking on a link, and can come in email or text message form. These days they can even look like they are coming from a legitimate source, such as your phone provider or a Federal department.

In fact, this was the kind of scam used in the infamous Hillary Clinton emails scandal. While the focus was on her having a private server, the crucial fact was that intruders gained access because some fool clicked on a link disguised as an official-looking password reset. Except, the sucker victim never requested a password reset… but because it “looked legitimate” they clicked away.

Never click on a link you are not sure about, did not request, or is within a message containing spelling errors, incorrect logos, or odd URLS.

If you are not sure, always check online to find the appropriate contact information for the actual company or group involved, and double-check with them if it is legit or not.

By the way, these scams cause havoc for legitimate business entities as well, as real messages often get ignored because they appear fraudulent (eg. private lessons emails). When in doubt double-check and never click that link if you are not sure.

Though this type of scam is more sophisticated, as it requires actual computer and tech skills not just the gift of the gab like the previous one, it still requires the victim (you!) to actively do something for it to work.

Port Scams

This last one is the MOST sophisticated, as it is fairly recent and often by the time you have realized anything has happened all your money is gone, credit card is maxed out, Amazon and PayPal accounts racked up, and you are sitting there wondering why the hell the companies you were paying did nothing to stop it.

This is a scam that actually targets your cellphone information.

Remember how we said that many accounts now require a two-factor verification, which usually means sending a confirmation text to your phone for actions such as password resets? This scam targets that system.

It seems to have popped up in the last few years, but even with media coverage very little has been done about it; as what phone company wants to admit they have glaring holes in their client security.

How the Hackers get your phone and personal information, which often includes your email, I am not entirely sure. It is possible that they pay-off some low level employee at the phone companies (another reason why you should be nice to people), or perhaps they get one bit of your info and employ “social engineering” across a few services.

Once they acquire enough information they are able to contact the phone company and pretend to be you in order to “port” (transfer) your phone number over to another carrier on their device, which is most likely on a burner phone.

They will now receive all of the password reset texts.

Now all they have to do is go into your email, Amazon, PayPal, etc… follow the “forgot password” steps and, since they now receive the verification text, they change your password to one of their choosing and log into your accounts.

See, your phone carrier, email provider, Amazon, etc. just got duped and their entire sophisticated security network is now breached, and within less than 24 hours you are totally and utterly screwed. By the way, if you lose your email this will include any personal material you have stored there, such as x-rated photos or sensitive personal and work information.

Sometimes these hackers will even blackmail you, demanding money in exchange for not releasing this private material.

Insidious, I know.

You will now be on phone call after phone call, losing your sanity as every single person you call (usually low level, call-center people) probably don’t even know this is a real thing yet.

How do I know it is? It happened to someone very close to me!

So, no matter how good the security is, “where there’s a will, there’s a way.” Those pesky scammers and hackers will keep evolving, and they will find ways around the newest security. Be careful, and always, immediately follow up on any text or email that mentions your number being ported. Because if you get that, it probably is, and it will only take 10 minutes for them to do it.

How you can stop this? Call your phone provider and ask for port protection if its not already there. It means your number cannot be ported with out a lengthy process, which is too long for most scammers.

At this point I don’t know why this is not already automatic, but I suppose it means the phone companies would have to admit they are at risk, which they never do!

Conclusion

The best way to protect yourself is through education and due diligence. Avoiding technology because you do not like it or don’t understand it means you are actually an easy target. Don’t trust anything suspicious and follow up if you need to. Soon the world will be more digital than analog, and just like physical self-defence, you are responsible for yourself because no one else really cares, or if they do, you are the front-line and are able to react faster to stop potential data leaks or hacks. So, be educated, be proactive, and keep your wits about you.

Advertisements