Articles

They put pressure on your emotions, demand that you take some sudden action, or simply inform you of some tragic event. This way, they engage you on a certain emotional level, without giving you time to recover and understand why you received this message. In addition, phishing messages are sent by fraudsters, not large commercial companies, so there may be spelling mistakes and no branding. There are various small markers that can let you know something is wrong.

In addition to avoiding clicking on strange links, you can set up two-factor authentication on your key accounts, such as email. In addition to entering your password, you will also need to confirm your identity with your mobile phone. In this case, an attacker will not be able to get past this second factor because they will not have your phone.

If you receive such a message, you need to validate it first, as it requires you to take action to transfer funds. There are several ways to do this. The account from which you are being contacted may have already been taken over by a fraudster. And you will see that this is supposedly your friend. In this case, you can verify their identity. For example, by asking them what you and they know. There’s another tricky way: talk about things that didn’t really happen, asking “Do you remember…?”.

If the person begins to confirm this fiction, then you are obviously dealing with a scammer. 

Also, if the message seems suspicious, you can call the contact and confirm that it is from them.

They vary in how they work. Some of them can lock your computer, encrypt your hard drive or SD card, and demand money for unlocking it. These programs are called “ransomware”.  There are “keyloggers” that simply read your actions, i.e. keystrokes on the keyboard, and send it to the attacker. This way, they can get your login and password and use them. What are the mechanisms to protect against such programmes? Two-factor authentication is the most effective and simplest protection mechanism. It’s important not to open strange attachments sent by email or personal messages, or visit sites you don’t trust, know nothing about, or find suspicious. You also need to have an up-to-date operating system, updated on time, and anti-virus software. This will give you a fairly strong level of protection.

It’s important to remember that the greatest danger in the context of malware is not so much viruses as unauthorised actions of applications. I mean, there are applications that ask you for some kind of access to your contacts, to your geolocation. And you don’t know how this will be used. There are applications that can use a touch sensor to understand what buttons you press and thus, for example, read your logins and passwords. Therefore, you should also be very careful with the applications you install for your daily use.

Open Wi-Fi networks are easy to read. When you log in to a banking system, you transmit your login and password so that you can be identified as a specific person who has access to that account. All of this data should be protected, but on an open Wi-Fi network, there is nothing stopping an attacker from buying an analogue device for a few tens of dollars, installing it, and starting to intercept this traffic. In this way, logins, passwords, and credit card details can be stolen.

It’s okay to use open Wi-Fi networks, for example, in a cafe, but don’t do any sensitive transactions there. Don’t log in to your email with your username and password, don’t shop online, don’t use banking systems. Or just use your mobile internet for this.

If your email is stolen, for example, this is perhaps the biggest danger. Because it is the key to all your other accounts. When you sign up for a new service, you always provide your email and password. Why does this happen? Because the system needs an identifier, and your identifier is always your email. What happens if you forget your password? You click on the “forgot password” button on this resource, and you get an email with a password recovery mechanism. Now imagine that a thief has gained access to your email. He has your account. The first thing he will do is change your password so that you can no longer use your account. Second, he will check all your registrations that are linked to this email and click “forgot password” everywhere.

And now password recovery mechanisms will be sent to your email, but to which he has access. The result: you lose access to all accounts. 

And this means that the person with these accounts can then do what they want. If he has access to your banking system, he will transfer money, buy goods.

The second aspect concerns credit cards. I had an unpleasant experience with Google Pay. I suddenly noticed that my card was being charged with transactions of 4,000 hryvnias with a pause of a few seconds. In this case, you should immediately block the card.  

Then you write two complaints. The first one is to Google Pay. You say that these are not authorised transactions because you have not made them. Secondly, you contact the bank that maintains the card from which the payments are made and also inform them about this story. I got my money back. The story ended positively for me.