The data we send to the outside world using the internet can be compared to a bird we release into the sky. Not protected from winds and predators, and even a boy can shoot it down with a slingshot. And even if you are not a Hollywood star who likes to be topless by the pool, your reputation, or the funds in your account can suffer from unauthorized access.
Whether you’re just thinking about it, or life has already forced you to take measures to protect yourself from information leaks, we have two pieces of news for you. The first is that there are precautions you can take to protect your personal data.
The second is that online security, unfortunately, is not some magic button you have to push to sleep well. Protecting personal information requires constant attention and work with your accounts and settings, choosing trustworthy websites and apps. Like brushing your teeth and washing your face — you do it regularly, right?
Today we will talk about simple and effective methods to protect yourself from information leakage or theft, about the main causes of data leakage.
First and last name. Knowing your first and last name allows someone to impersonate you, and forge your identity to engage in fraud under your name.
Living address. Information about your residence can be used to commit property crimes — theft, burglary, robbery.
Phone number and email address. This information suffers most often, it can be used by criminals to send you spam, phishing emails, and malicious messages. Your phone number can be used to call you to send money or access your bank account.
Passwords and accounts. These are data that should be guarded carefully — they can be used by scammers to gain access to your messages, financial data, and other sensitive information.
Bank account and card details. A bank account or credit card data leak can lead to money theft, fraud, and loss of control over your finances.
One of the most favorite techniques of hackers hunting for your data is phishing. Mainly used through email, social media, and messengers. With phishing, an attacker can spoof both links by adding a barely visible symbol to them and entire web pages.
The victim visits a malicious link and sees information that may interest a curious user: the possibility of winning a million, access to all correspondence of friends, or downloading a unique training course for free. If a person is gullible, and believe me, there are many of them, he will enter the card details to get the coveted “free”. What will follow — it is not difficult to imagine.
Note that, as a rule, such e-mails go to the “Spam” folder, but still sometimes get into the “inbox” or “mailing list”.
A common technique of attackers is to use malware such as viruses, worms, or Trojans that can get onto your device without your consent and pass your personal information to crooks.
One such method is Keylogger, which can lie hidden on your PC and log every click on your keyboard, thereby leaking your login or password from some service to the attacker.
In this case, too, site spoofing is often used. For example, you receive a fake link to pay for delivery in a messenger. Going through it you get to the site, which may look like a real one, no wonder that there are still many victims of this method.
Your data can end up in the hands of outsiders as a result of errors in the companies that store your data. A company could accidentally send your information to the wrong email address, or more likely, a hack of their database could leak it. Protecting your data is an ongoing process that requires constant attention and care. What do we advise you to pay attention to first?
Unauthorized access to email is the main cause of personal data leakage. To obtain information, an attacker only needs to send a malicious script, often with an active link — just click on it and the malicious program will get the login and password from the mailbox using the API functions of the mail client. Attackers also use such methods as password mining, gaining access to a phone number, and attacks on the site servers.
Minimum digital hygiene protections available to everyone include choosing reliable email services with a free account: Gmail, Yahoo, Outlook and Yandex. But only encrypted email services with end-to-end encryption can guarantee against theft of your data.
Two-factor authentication. In addition to login and password to enter the account you need to enter a digital code, which is sent to the “linked” phone number.
Additional mail address. To restore the account, another mail address is used, which the user specifies when registering.
Use trusted IP addresses from which the user plans to access the account, and access from other addresses is blocked.
The possibility of data loss because of the developer’s fault cannot be completely excluded. It is better not to store work e-mails, information about registrations and purchases, and personal correspondence in one place. To ensure the safety of personal data, it is best to have several services, which will help to avoid losing all data at once.
Social networks have long become, for some — a place to share information, and for some — a “chest” in which we store long-forgotten messages, files, photos, and videos. Remember, if you use the default settings, much of this data can be seen by literally anyone. Be sure to check the privacy settings on all the social networks you use! What’s worth showing to everyone, what only your friends can see, and what only you can see is up to you.
From the information we post on social networks, attackers can find out when no one is home, what the layout of your apartment is like, what school your child attends, or the name of your pet — a common question for visitor identification on many sites.
Change your privacy settings and check your settings from time to time to see if anything new has been added, like not allowing your profile to be searched by phone number — a useful thing.
Your web browser is chatty and tells interested parties a lot of things about you and what sites you visit. With this information, marketing professionals profile you and show you targeted ads. Incognito mode doesn’t protect you from such tracking — you need to use specialized tools for this.
Delete temporary web browser files. By default, browsers store some information about the sites you visit on your computer. Cache — this is where pictures and other permanent interface elements are stored, which can be later not downloaded from the server. As a result, pages open faster.
Cookies — small files that, among other things, allow sites to remember your device and not log you out when you close your browser.
Clean up your browsing history.
Fraudsters often send messages with active links that supposedly open the way to super-favorable special offers. And they work only now — or you will “forever miss your chance”. Clicking on the link, you are very likely to find yourself on a mirror site of a popular store with a field where you need to enter your bank card details.
As a rule, in such schemes you are forced to do everything immediately — the more you will be in a hurry, the more likely it is that you will lose your vigilance. Always pay attention to the source of the message and the address of the links — the difference with the real one can be one letter.
Scammers can create networks disguised as ordinary open wi-fi of a shopping center or subway. With the help of such a doppelganger, they intercept information, for example, information to access mobile banking. Official public networks can also be dangerous — they are usually characterized by a low degree of protection.
Get a bank card with a small amount of money for online payments. Do not use your payroll card, a credit card with a high limit, or one where you keep all your savings.
Online stores and delivery services are often subject to hacker attacks. In addition, the user may lose vigilance and fall into a mirror site and, unsuspecting, post information about his card. Even if, despite all precautions, fraudsters gain access to your card, it will be easier to accept the loss of a small amount of money.
Set the maximum amount of purchases you allow to be paid with your card in your mobile app. This will help protect yourself from unnecessary charges.
Be sure to set up push notifications of all card transactions — this way you will instantly know about any change in your account.
For online payments, you can open a virtual bank card — a specially created product designed for online payments.
A website is obliged to tell its visitors exactly what information it collects, and how it stores and uses it. And not just informing, but making sure visitors have no objections is the one checkbox on the data collection form. You probably check it without giving it a second thought. However, privacy policies deserve a closer look.
Because an attacker can exploit inactive user accounts, keeping an account you don’t use poses a significant risk. If an attacker gains access to one of your inactive accounts, they could gain access to your personal information.
Outdated software is a significant security vulnerability because it can have bugs that put you at risk if not addressed. Updating your software to the latest version is crucial because updates can prevent security issues. Obsolete programs may have vulnerabilities that open opportunities for attackers. It is also more susceptible to viruses. Viruses not only affect the infected device but can be transferred to your coworkers’ devices.
Updated software allows you to utilize the latest patches and improvements. These updates were made for a reason. They provide enhanced security and improve the end-user experience.
To reiterate an elementary requirement: stop using the same password for all accounts. Instead, use a password generator to create unique passwords for each account to prevent credential theft. Password generators create strong passwords by creating a string of random characters that are nearly impossible to guess.
Use additional authentication, such as answering a personal secret question, sending a code to your smartphone, or scanning your face or fingerprint.
This will help you avoid becoming a victim of malicious hackers and understand current cyberattack strategies, allowing you to learn from others’ mistakes and prevent similar problems from happening to you.