In simple words, Smishing is “phishing” with a text message. It has greater success ratio, as people trust text messages more than emails. Most people are aware of the potential threats on clicking links in an email, but not so for text messages. Smishing generally leverages social engineering to gather personal information.
How to Protect Ourselves from Smishing?
Watch this video made by HSBC bank for its consumers:
A computer virus is a malicious code or program which alters a computer negatively. It may attach itself to a legitimate program or document and execute itself remotely.
They travel as an attachment to an e-mail message, and usually replicate by automatically mailing themselves to the contacts in the victim's e-mail address book. Some e-mail viruses don't even require a double click to launch themselves. They can also spread through downloads and social media links.
What Damage Viruses may Cause?
In the spring of 1999, a man named David L. Smith created a computer virus based on Microsoft Word macro. He built a virus that could spread through e-mail messages. Smith named the virus "Melissa," saying that he named it after an exotic dancer from Florida [source: CNN].
Rather than shaking its money-maker, the Melissa computer virus tempts recipients into opening a document with an e-mail message like "Here is that document you asked for, don't show it to anybody else." Once activated, the virus replicates itself and sends itself out to the top 50 people in the recipient's e-mail address book.
The virus spread rapidly after Smith unleashed it to the world. The United States federal government became very interested in Smith's work - according to statements made by FBI officials to Congress, the Melissa virus "wreaked havoc on government and private sector networks" [source: FBI]. The increase in the e-mail traffic forced some companies to discontinue their e-mail programs until the virus was contained.
What are the Signs of a Computer Virus?
A computer virus attack can produce a variety of symptoms including:
How to Prevent Email Viruses?
Spoofing attacks involve impersonating another device or user for malicious ends. Different types of spoofing include:
Spoofing attacks are used to get personal information like credit card number or passwords or to make user do something not in their best interests.
We shall discuss here E-mail, SMS and Call spoofing.
The sender information shown in the e-mails (the "From" field) can be spoofed easily. This technique is commonly used by spammers to hide the origin of their e-mails and leads to misdirected bounces (i.e. e-mail spam backscatter).
SMS spoofing is very similar to e-mail spoofing. However, instead of a mail ID, a cell number is spoofed and instead of a spoofed e-mail, a spoofed SMS is sent.
Caller ID Spoofing:
Some technologies especially Voice over IP (VoIP) allow callers to forge caller ID information and display false names and numbers.
The above photo gives a fairly clear picture of “call spoofing”. The article below shows the potential for its grave misuse:
Police are issuing warning about a sophisticated new phone scam in which the victim is targeted with a phone call from a loved one’s phone number. North Yorkshire Police have issued a warning after a man received a call from his wife’s mobile number. On answering the call, a man with a “foreign sounding accent introduced himself as a doctor form the “Friarage Hospital” stating that his wife had met a car accident and required emergency surgery”.
Also, he was told that the procedure was not covered by the NHS and requested bank details to make a transfer of $300 to cover the surgery.
The police warning added “The reportee replied by stating he would make his way to the hospital immediately and so the caller hung up”. He then called his wife, who answered fit and well. The perpetrators appear to be using sophisticated methods to link two mobile numbers together, in order to achieve the necessary impact, to fulfil their scam. “This incident has been distressing for the parties involved, but luckily no bank details were given out”. According to the replies on the force’s Facebook page, the scam has spread to other parts of Yorkshire”.
Vishing is “phishing” with the help of phone. It’s a form of phone fraud, to obtain valuable personal information. Attackers often spoof a number and pose as an authority figure, technician or fellow employee to obtain sensitive information. Some may even use voice changers to conceal their identity.
Vishing frauds have lead to global loss of $46.3 billion per year! It’s one of the most successful method to gain information needed to breach an organization.
How to Protect from Vishing Attacks?
It’s very difficult for police to monitor or trace vishing, so people need to protect themselves. For example, never share financial information or One Time Password (OTP) over the phone. Jamtara district in Jharkhand has emerged as the Vishing capital of India, with most of the fraudulent financial transactions being linked to this district.
The Video below shows how manipulative Vishing guys can be, and their superb potential to gain any personal information.
Worms spread by exploiting the Operating System's vulnerabilities. They consume band-width and over-load the web servers. They may also contain “payloads” to damage the host computer. Its special feature is the ability to replicate itself on other computers.
Computer Worm Examples:
Computer worms have caused billions of dollars in damages over the past decade.
The Stuxnet virus is a computer worm discovered in June 2010. Stuxnet was created by the United States and Israel to target Iran’s Uranium Enrichment Program. Stuxnet was created as part of a top-secret cyber war program codenamed “Olympic Games.” The computer worm crashed 984 centrifuges at Iranian nuclear power plants between 2008 and 2012, setting back Nuclear weapons production capabilities in Iran by about two years.
The Flame virus was discovered in 2012 and is regarded as one of the most sophisticated computer worms ever found. Flame’s code shares many similarities with the Stuxnet code, and Flame, like Stuxnet, was designed as part of a government-sponsored cyber program. While the Stuxnet computer worm was designed to sabotage nuclear weapons production, Flame is believed to have been created purely for cyber spying. Flame has infected thousands of computers since its deployment, mostly in Iran and other Middle Eastern countries.
Devices with Bluetooth capabilities, especially the mobile phones can be targeted in multiple ways.
Blue-bugging is the most serious form of attack. It allows the blue-bugger to virtually “take over” the victim’s phone. The attacker can then:
Blue-jacking is the milder version of Blue-bugging, and involves sending anonymous, unwanted or threatening messages to other Blue-tooth enabled devices. If the messages sent by the hacker are used for criminal activities, the owner of the phone would appear to be the culprit to the police. And the phone owner may end up getting prosecuted!
Blue-snarfing is theft of data from a Blue-tooth enabled device. For this, the hacker connects to a nearby Blue-tooth device without its owner’s confirmation, and then downloads the data including photos, videos, contacts, emails etc.
The cyber world was envisaged to ease our life and now it dominates almost all the aspects of our lives. However, the great powers of internet are now increasingly being used for malicious purposes. Therefore, the need to understand the various cyber threats.
“No product is made today, no person moves today, nothing is collected, analyzed or communicated without some ‘digital technology’ being an integral part of it. That, in itself, speaks to the overwhelming ‘value’ of digital technology”.
- Louis Rossetto, founder, Wired magazine
In the previous chapter we learnt about the various cyber-threats. Now, we must secure our systems to the best of our abilities. Though it’s never full-proof, but an optimum layer of protection often makes the adversary move on to some other target. This chapter discusses the best strategies to protect our systems, including The Onion Router and VPN.
In the previous chapter, we read how dangerous computer viruses are. So, we must have an anti-virus in place. For Windows users, we simply recommend Microsoft’s products:
They are pre-installed and provide a decent level of protection. However, Microsoft products are intrusive in nature, as they collect and analyse the data about computer usage. Unfortunately, their core operating system also does this, and it is difficult to dislodge them long-term.
They do not have any in-built anti-virus protection. However, their software architecture is much more secure. Hence, their users rarely contract viruses. For privacy enthusiasts, we recommend open source anti-virus solutions – “ClamAV”. It’s a community driven anti-virus database and freely available to anyone. It executes only when desired and can be removed easily.
Protection from malicious soft-ware is as important as against the computer viruses. There are numerous free options, but we recommend 'Malware Bytes' for both Windows and Mac. It is completely free and users should execute, update and scan their systems at least once in a week. The procedure to install and use 'Malware Bytes' is:
As we browse through the internet and use different softwares and applications, unnecessary files accumulate which slows down the Operating System. A cleaner program is then required to remove the undesired files and invalid Windows Registry entries from the computer. We recommend 'CCleaner' for both Windows and Mac users. The steps to download and install the free version are:
Clicking the "Analyse button" enables the user to view the files, before clicking the “Run Cleaner” to remove them. The "Registry tab" removes missing and unnecessary registries. This helps the computer to operate more efficiently. Finally, tapping “Fix Selected Issues” completes the process.
Sadly, any anti-virus or malware protection is not full proof. They do not stop everything. The newest virus can often bypasses the best known anti-viruses today.
So, instead of only relying on software solutions, we must improve our browsing habits. Similarly, we must upgrade and customize our web browsers to their most effective form.
We can download and install the Firefox from their official website https://mozilla.org/. As of writing this book, 66.0.3 (64 bit) is its most recent version. If you already have Firefox installed, then you can check its version by tapping on the Menu button in the upper right corner i.e, three horizontal lines, then the Help button (?) and finally the option “About Firefox”. It displays the version of the Firefox you are running or a warning that the version you are using is out-of-date. If it’s not the recent version, please upgrade it to the most recent one i.e, 66.0.3 (64 bit). Always ensure that the browser is up to date.
The newest version has much better speed and also supports legacy extensions/ add-ons. We shall read about extensions in the later part of this chapter. The default Firefox browser is one of the most secure browsers today. However, we can make the following changes to make it even more robust.
Appropriate Settings for the Firefox:
The latest version shows a blank page by default; an ideal scenario. This makes the browser open faster as it eliminates the loading of a default web page.
To apply the customized settings:
If Firefox is not your default browser, you will see "Firefox is not your default browser" and an option "Make default". Tapping "Make default", shall direct you to a new page.
In the pop up page, you shall see Microsoft Edge as the “Web browser” by default. Tap on it and choose “Firefox”. It will show a message “Before you Switch – Try Microsoft Edge - It’s new, it’s fast and it’s build for Windows”. Ignore it and tap “Switch anyway” to complete the process.
The “Search” option is below the “Home” option. Here, the default search engine is “Google”, the most invasive search engine today. We recommend “Duck-duck-go”, which we shall read in detail in the chapter “Alternatives to Google”.
Privacy And Security:
The “Privacy and Security” option is directly below the “Search” option.
We shall understand cookies in detail in later part of this chapter.
Cookies And Site Data:
Third-party cookies are set up by websites other than the website we are currently browsing on the internet. For example, 25% websites have Facebook trackers and 75% of the top million websites have Google trackers. They track the user's behaviour and hence should be blocked.
Login And Password:
Firefox Data Collection And Use: