Phishing is a known scam to most people, if not all. In a phishing scam, the Internet users are lured with potential monetary or other gains. Moreover, sometimes they are scared with fear of financial losses. For identifying phishing scams many posts have been written. However, they do not discuss complex multi-party ‘phishing for money scams’, where individuals have lost thousands, corporations have lost millions, and FBI estimates total losses exceeds billions. In this post I explain with illustrations how phishing for your money scam works.
© 2019 by cybersecurity1hub.com
Cybersecurity risks during travel are usually higher than while your are at home or at your work. This post provides a number of cybersecurity tips for travelers. If you are traveling international, you need to be extra careful and prepare accordingly. Three steps you ought to take are: Security measures before, during and after your trip. Also, you must protect the device physically; you must connect to the Internet carefully; and you must have software protection. First, let us consider what cybersecurity measures you should take before you start your trip.
© 2019 by cybersecurity1hub.com
Our life is integrated with cyberspace. Cyberspace use becoming as normal as breathing air. But there is a BIG difference between the air we breathe and cyberspace we use. When we breathe foul air, we know from its smell that something is not right. Unfortunately, danger signs in the cyberspace are not as obvious to us as the foul smell of air. Hence, we need to stay alert to avoid safety hazards larking in the cyberspace. Cybersafety rules must be observed to stay safe in the cyberspace, because predators are relentlessly trying to find ways to steal our money and our personally sensitive information. Below are 11 top tips for online safety.
© 2019 by cybersecurity1hub.com
For cybersecurity, teen online-safety rules ought to match with their Internet use profiles. The rules presented below are in addition to 11 tips I have in another post. Keeping an adult in the loop is a very important item in the list of online-safety tips for cybersafety. This not because teens cannot be trusted, but it is for their guidance. Supervising adults should make it clear to the teens they are supervising that they are not a gatekeeper, but a mature friend for to help teir development. For examples, some personal information posted online may have longterm implication, but it may not be obvious to a teen.
© 2019 by cybersecurity1hub.com
Phishing emails will not have a subject or heading that says they are a Phishing emails But if you look closely, you can see many tell-tell signs in a phishing email. You may find spoofed email address and spoofed domain name among others. Moreover, they use social engineering.
You know that phishing is a big problem. They attempt to obtain personally sensitive information (PSI) such as banking and credit card details, and password etc., usually for malicious reasons, by disguising as a legitimate entity or business. Let us review some tell-tell signs.
If you want to test your ability to identify phishing emails, then click here to take a quiz.
Suppose part of an email you received from your bank says, “… on Sunday at 6:00 AM money was withdrawn from you account. If you didn’t make the withdrawal, you MUST take security measure now.”
If you didn’t do a withdrawal, the fear of loss of money from bank and unauthorized activity in your bank account are likely to make you act swiftly.
Do you know what a `zombie computer’ is? Many malware (malicious software) may turn a computer into a zombie that appears too slow to the user(s) of the computer, because they are using computer’s processor, memory, and other resources. Moreover, they can steal personally identifiable information (PII) and personally sensitive information (PSI) stored in the computer. We have a post on information types.
The diagram below shows a classification malwares. A brief introduction to each are provided next.
The reader should be warned that this classification is not universality accepted and it is possible to regroup them. Also, the description and function of each are short for brevity. If you think your computer (or digital device) is infected with one or more malwares, you may need professional help.
On September 8th 2017 FTC (Federal Trade Commission) reported that the Equifax data breach exposed sensitive personal information. This is just another BIG data breach that has affected information security of hundreds of millions of people. Before we move forward, a good question is: security of which information? Of course, security concerns are for information that are somewhere in the cyberspace and that may be exploited by cyber-criminals to jeopardize our life, living, and assets.
Information Security is for Protecting Sensitive Information
Not all personal information are equally valuable to cyber-criminals. Security of PII (Personally Indefinable Information) and PSI (Personally Sensitive Information) are of critical importance in the context of information security, because of their potential value to cybercriminals. Thus, cybersecurity professionals are concerned about protection of PII and PSI. But it should be of concern to you and me, because if my PII or PSI is compromised, it may be used now or anytime in the future.
So what are PII and PSI? How are they created? We will address those issues in this section.
In the cyberspace, thousands of cybersecurity attacks and numerous security breached are happening every moment; only a fraction of all these breaches are known. Even breaches those are known, common news sources reports only those that are most appealing to common people, and not necessarily those that are most dangerous to the people. Moreover, they hardly recommend any defensive action that one can or should take to protect himself or herself. Here we intend to provide most recent cybersecurity news as well as past big events including big security breaches that directly affected millions of common people and those malware infections that were catastrophic in nature and directly or indirectly affected millions of people. The content will be divided into several categories to find information that interest you most now.
Uber was hacked about a year back. The hacker stole records of 57 million customers and drivers. According to Uber, no PSI (personally sensitive information) of users were exposed.
Hacker got PSI of Uber drivers
But the Uber drivers were not that fortunate. Their driver-license and other related information were exposed. To most of us, cybersecurity breakdown of companies are becoming common events. Moreover, delay in acknowledging the security breakdown and underreporting the number of people affected from it are not unusual (although people are dismayed). Because, this how typically most of the companies reduce the adverse reaction from the customers.
Hacker was paid $100,000
But what is very strange in Uber’s case is that the company paid $100,000 (should we call it ransom) to the hacker for deleting the hacked data and keeping his silence. The question the cyberspace experts are asking: how do Uber know that the hacker has not kept any data and will not make more money selling in them in the dark web.
I will keep watching statements from my credit card statements more closely than I do. I think those who used Uber in the past they should do the same.
The purpose of this post is to provide fast answers to a reader who has one or few specific questions on Cybersecurity. You can quickly browse through the post until you got answer to your question. If your question is not included here, please post your question in the comment section and I will answer it.
Cybersecurity is a very complex problem. Any discussion on it requires use of some technical term, especially types of malwares. I have tried to minimize the use of technical terms. But it you are not familiar with various types of malware you want to read ‘Malwares: an Overview‘. That will not only make your reading this section easier, it also will expand your knowledge of malwares.
What is Cybesecurity?
Cybersecurity is security in cyberspace, including, but not limited to, security of (a) systems that make cyberspace, (b) systems that provide services to the users of cyberspace, (c) devices that are part of cyberspace, (d) devices that cyber-travelers (cyberspace users) use to get services from cyberspace, and (e) information of stored and streaming through cyber-highway.
From the answer above, cybersecurity seems to be a very complex problem. How such a complex problem can be to dealt with?
Cybersecurity is really a very complex problem. To solve this complex problem, it is divided into many smaller problems. Then, each smaller problem is addressed individually.
What are the smaller cybersecurity problems?
A four layer-architecture model of cyberspace divides it into (a) User layer, (b) App or application-layer software, (c) system software, and (d) physical layer. Then, security problems at each of these layers is addressed one at a time. For example, security of a device consists of physical security, firmware security, and software security problems; each of these security problems is considered as separately, and it is addressed individually.