Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
security:start [2021/03/25 09:18]
stefan Improve formatting
security:start [2021/04/04 08:28] (current)
stefan fix typos
Line 7: Line 7:
   * That is, there must be anti-virus software installed.   * That is, there must be anti-virus software installed.
   * Security updates to Windows/MacOS/Android and other software must also be installed. Preferably, they should be set to install automatically, but, if that is not possible, they should be installed as soon as the notification appears.   * Security updates to Windows/MacOS/Android and other software must also be installed. Preferably, they should be set to install automatically, but, if that is not possible, they should be installed as soon as the notification appears.
-  * Care must also be taken not to install dodgy software. That could be apps on your phone or browser plugins.The Android store in particular contains thousands of dodgy apps and care should be taken when installing new apps.+  * Care must also be taken not to install dodgy software. That could be apps on your phone or browser plugins. The Android store in particular contains thousands of dodgy apps and care should be taken when installing new apps.
  
 ==== Web browsers ==== ==== Web browsers ====
  
-Secondly, most browsers (including Firefox and Chrome) are notoriously ridden with security holes, many which are not yet publicly known. Determined attackers could use these to steal your information simply by tricking you to visit a specially crafted website. They can easily produce very legitimate looking emails masquerading as coming from your bank, internet provider, phone company, Facebook, Amazon etc., but where links will send you to such a malicious site. +Secondly, most browsers (including Firefox and Chrome) are notoriously ridden with security holes, many of which are not yet publicly known. Determined attackers could use these to steal your information simply by tricking you to visit a specially crafted website. They can easily produce very legitimate looking emails masquerading as coming from your bank, internet provider, phone company, Facebook, Amazon etc., but where links will send you to such a malicious site. 
  
   * If you receive something from e.g. Facebook that needs your attention, manually open a new browser window and manually type the URL for the website and login there.    * If you receive something from e.g. Facebook that needs your attention, manually open a new browser window and manually type the URL for the website and login there. 
-  * All Yahoo users’ address books were compromised a couple of years ago, so be extra careful when clicking on links that come from yahoo addresses, including people you know. +  * All Yahoo users’ address books were compromised a couple of years ago, so be extra careful when clicking on links that come from Yahoo addresses, including people you know. 
   * Also, never click on any links in spam email, or links randomly sent to you by strangers.    * Also, never click on any links in spam email, or links randomly sent to you by strangers. 
  
Line 23: Line 23:
 ==== Social engineering ==== ==== Social engineering ====
  
-For social engineering attacks, pay attention to how you react to something. More often than not these attacks will try to elicit an emotional response and then exploit your impulses. +According to Wikipedia, "social engineering is the psychological manipulation of people into performing actions or divulging confidential information". An attacker will try to exploit your reactions to get you to give them information such as personal details or passwords. 
 + 
 +Here are some basic techniques to protect against this: 
 + 
 +  * Be wary of anyone contacting you out of the blue asking "innocent" questions. 
 +  * Never reply to requests for personal information or passwords. No one will ever legitimately ask you for your password, not even for verification of your identity. 
 +  * Reject requests for help or offers of help. An attacker might pose as technical support and offer to "help", but no computer support will contact you unless you have contacted them first. 
 +  * "Break the loop". Most attacks try to force you into a sense of urgency. But what is the rush? Slow down, and always //take the time to think//. If someone is rushing you, that in itself is a major red flag. 
 +  * Ask for verification of identity. Research it, and don't trust it blindly. 
 +  * All offers and prizes or sent to you are fake. ("Get the latest iPhone for only 200 euros", "Fill out these questionswin a ferret"
 + 
 +Pay attention to how you react to something. More often than not these attacks will try to elicit an emotional response and then exploit your impulses.