In childhood, parents teach children not to trust strangers, this useful skill, along with an understanding of the proverb “free cheese is only in a mousetrap,” can save children who have already grown up from many troubles.
Interestingly, the translation of the same proverb from English sounds like this: “There’s always free cheese in the mouse traps, but the mice there ain’t happy. ”).
Below are some of the situations that can lead to loss of time, money, reputation … Imagine that convenience and safety are a swing. The more convenience, the often less security. Conversely, the more security, the more restrictions, and therefore the less usability associated with them. This is a generalization. Let’s see the specifics.
Recommendations for working with external drives
Assume that potentially every flash drive that may be connected to your computer may be with an unpleasant surprise. If something goes wrong, it doesn’t matter who decides to do it. There can be many reasons why this is so. Perhaps a competitor wants to put you out of a job or a colleague is a candidate for a promotion just like you. Or maybe a careless friend who secretly visits adult sites asked to record a movie on a flash drive.
Recommendation 1. If you really need and cannot refuse to see what’s on someone else’s flash drive, risk a little, not everything. For example, in a company, to reduce risks, keep a separate computer that accesses the Internet, for example, through a guest WIFI network, while this computer should not be connected to the internal network and it should be running anti-virus software with the latest updates.
You should be aware that there are special devices that look like a flash drive that disable the computer when in contact with the USB port. Therefore, a flash drive found at a stop may turn out to be a device for disabling a computer, and not a carrier.
For more advanced IT departments, you can keep a virtual machine with different operating systems. For example, it is safer to check a flash drive from under Linux or macOS, since a virus written for Windows will not start, and antivirus software can detect it. This option is called “sandbox” (Sandbox). Developers of anti-virus software also put a caught virus in the sandbox at the beginning, though where it can manifest itself on the contrary, in order to track its harmful effects.
Therefore, first of all, we check someone else’s flash drive where it is not a pity that everything can be lost, and only after checking can we bring it to a working computer.
Another way to harm yourself and your colleagues is to download and install a malicious program disguised as a useful one. It is clear that in medium and large enterprises it is not allowed to install every user. But in micro-enterprises, there is more freedom, fewer resources. Suppose you are looking for a media player that, in addition to playing music files, will forward your mail without your permission. More precisely, the program only needs your permission during installation. As a rule, even the warning of the operating system does not save. Do not forget that part of our life is spent in a smartphone, a smart TV with a camera. And the leak can happen there too. Owners of smart devices based on Android should be doubly careful with applications that are not installed through the Google Play Market. You should not treat the procedure for lifting the ban on installing software from unknown sources formally. Some manufacturers of smart devices will void their warranty obligations in the event of breakdowns for this reason.
Recommendation 2 Read reviews about the free program. Check out its counterparts. For example here https://alternativeto.net/category/productivity/word-processing/?license=free . Always critically evaluate when the operating system asks a permission-related question. Why does a media player need access to your location? Try to understand what you are changing to what. For example, the right to collect data about the user and his preferences in exchange for the right to use.
Work outside the office or school
It’s great at the airport to buy a transfer or bus ticket via free WIFI. (And in Tallinn there is free WIFI even on trams.) If you access the Internet through an unknown source, there is a risk that your passwords or credit card payment details will be intercepted and while you are flying pay for other people’s purchases. There may be an option with several steps. They will intercept your password from the mail to which the services of your favorite game are connected and transfer the mined diamonds or purchased add-ons to another account. There are also mentions in the mail that you play there on the same service. And the password can be recovered via mail to gain access.
Recommendation 3 It is risky to log in to any service when connected via public WI-FI. See the news, map how to get through – yes. I do not recommend going to the post office and paying for purchases. It is much safer to use your own mobile Internet. And if there are children nearby, it is safer for them to distribute the connection via Hotspot. (Yes, you can make a VPN encrypted connection and access the Internet through your native gateway. But this is not a recommendation for everyone). Get yourself a rule to separate the flow of information. One e-mail box for work and messaging, another for discount cards, a third for receiving bills for an apartment, a fourth for paid services.
Text fraud
Unfortunately, many still grow up believing in fairy tales that a good wizard will fly in and give something desired. There is no other way to explain why they are caught by advertising promises received by e-mail. You may be told that you unexpectedly won the lottery or you will receive a super discount on the latest model with an “apple”. The main thing is to take a break and follow the link for the prize. Such messages are called phishing. That is, they are trying to “dissolve” and deceive you.
Wizard’s promise letters include offers of inheritance, requests for help in cashing out money through an ATM for 30% or 50% of the amount. In this case, by the way, it is possible to receive money. But this is a scheme of entry – one euro, exit – two. You are involved in a scheme to cash out stolen money. Therefore, you become the last link that the police can relatively easily find. Therefore, in such cases, they collect the full amount from the one who stood at the ATM. And whether there was a customer who took the second half will have to prove to your lawyer.
Recommendation 4 If you did not expect a message about a win, then do not hesitate to delete the message from the deceiver. Do not follow unknown links from the email itself. If you are interested in the offer, first go to the site itself, see if there are official company data in the contacts, and only then make an informed decision about clicking on the link.
Order without consent or read the fine print
Some time ago, this type of service ran through Estonia, they call you and ask if your company is ready for labor protection requirements or do you have a first aid kit. Answering no, the consultant on the phone asks: “Would you like not to break the law and get a kit that will solve everything?” Received “Yes” in response. You may be reminded that the call was being recorded and that you have agreed to order the kit. Stop. This is where the deception takes place. You have not received information about the price or the terms of payment and delivery. Therefore, if a package arrives in the mail a week later and the bill for the kit, we can assume that you did not order it. That is, you were deprived of the right to choose and compare, and the “correct” price was determined for you. The right price is for the seller, not for you. It will not be easy to return the goods, because the seller planned to receive 200 or 300 percent of the profit on this transaction. Therefore, specially trained people will argue with you that you have already agreed and cannot refuse to purchase goods at exorbitant prices.
Recommendation 5 If they sent you something that you did not order, send an email notification to the sender that they mistakenly sent the goods to such and such an address. You report that the goods can be collected within 5 working days by a member of the company’s board or its representative on the basis of a power of attorney. You can no longer guarantee its safety, as we do not provide storage services. If they come for the goods, then you can ask for a document and find out the name of the representative.
One of the common schemes is a contract with small print. You are sent a letter that you must complete or update your data in the European business register. According to the sender, this may be a requirement for all EU enterprises or a strict tax recommendation from the customs department. After filling out the questionnaire and sending it to the specified address, it turns out that you ordered an advertising service for posting data on the site. By signing and sending, you agree that you will receive and pay bills for posting your data on the Internet. Naturally, the price will not correspond to the expediency of the investment. And you can refuse the ordered service under the terms of the contract only after 3 years.
Test yourself. In the photo at the beginning of the article, find in the text how much they want to deceive gullible leaders. In the photo below, the advertising service order form under the guise of data control is presented in its entirety.
If you are too lazy to read the terms, then it is likely that you will also sign and agree to the proposed terms. This will mean damages or litigation to cancel the order for the amount of 2985 euros. After all, you could skip the condition that you agreed to pay 995 euros for 3 years.
Recommendation 6 Read what you sign, even if it is written in small print or if you are rushed and assured that everything is standard.
Are you ready to pay for someone else’s goods at the checkout of a store, and pay someone else’s bill?
We are used to receiving and paying bills by email. Now imagine that there are banks that allow payment only by account number without comparing the name of the company and IBAN. This makes possible the following scheme – the interception of an account and the expulsion of a counterfeit one for payment. In the same design, an invoice is sent to the client demanding immediate repayment of the debt. They can also call. If you pay such an invoice, then naturally your debt to the service provider will remain. And the money that was intended in the budget for payment for electricity, water, gas, Internet or goods will be received by a fraudster.
Recommendation 7 In order to avoid payment of false supplier invoices, specify the current account when concluding the contract. Bookmark it in the Internet bank and pay only for it. In extreme cases, make an overpayment and then recalculate. Abroad, in order to avoid such problems with regular customers, the payment invoice is also specified once at the conclusion of the contract, and the bank’s current account is not even indicated on the invoice itself.
So big, but you believe in fairy tales!
We are used to the fact that the information delivered by the state TV channel can be trusted. Ask yourself: Can the ads we watch on the same channel be trusted too? I think the idea is clear. Also with the internet. If the found link in the search engine is in the first places, this does not mean that it is safe. Cybercriminals can also pay for website promotion.
Recommendation 8 Always be critical of clicks to new sites. To reduce the risk of a vulnerability, keep both your operating system and browser up to date. For Chrome, you can go to the menu section help / about the browser and check for an update there, after which the browser will ask you to restart.
Commercial espionage of personal data through photos and videos
We often harm ourselves more, we can imagine. For example, children after watching music videos publish their photos on TikTok, Instagram in the style of “luxury” (luxurious life in parental jewelry with cash casually scattered around). Parents may not know that their children have already attracted the attention of burglars. And now the thieves just have to wait for their parents to post vacation photos on Facebook away from home. If, for fun, a father puts up a photograph of a child with a weapon, then one should not be surprised that the police came with a search. They are also responsible for public safety. But you called her to the house yourself. Yes, the task of car thieves is also simplified if the owner likes to pose for a photo of a newly acquired car and then share the joy with the whole world.
Recommendation 9 When posting a photo or video, critically evaluate what is in the frame that can be used against you. Talk about these risks with your children.
This is not paranoia. You may be surprised, but now you can patent the shape of an object. Who needs it? For clarity, let’s consider a particular case of interest from manufacturers of mobile phone cases. They want to know in advance what the new smartphone model will look like. Therefore, they will browse the social networks of the smartphone manufacturer’s partners, who can boast that they already have a device on the test. By comparing items, you can estimate the size and start to make the layout before the competition.
Access to camera and microphone. Some models of webcams have an LED indicator that should light up when it is used, but this does not always work. On some models of laptops and webcams, curtains have appeared that cover the lens. Just like electrical tape, they save from video recording, but do not save from sound recording.
Recommendation 10. It is safer to purchase desktop computers (without built-in microphones) and monitors without a webcam in the development office and connect the webcam physically via USB only at the time of negotiations. In this sense, I like the Mac Mini 2020 model, don’t take it for advertising. If you have a laptop with a built-in webcam, turning it off at the driver level will help you to some extent. In the Device manager, find the webcam and disable it (disable). Under Windows, in Privacy settings, you can also configure access to the camera and microphone.
Sim-sim, Sesame – open up! About passwords
When choosing an iron door for home, we think about locks. We know that all doors can be broken, the only question is the opening time and tools. At the same time, we hope for an alarm system, vigilant neighbors and insurance. The same can be said about the denial of access to cyberspace. The fewer doors, and the more inconspicuous the very place of entry and location of the castle, the less likely it is to be attacked. Statistics say that most of us have 10 passwords. And three of them are the main ones. That is, there are repetitions. Nobody argues that using the same password on different sites is more convenient, but … you understand everything.
Now the browser prompts you to remember your password. And it’s convenient. We are not surprised that the browser itself can be used by the website we visit to get settings, the operating system, or the browser itself. And if the browser transmits information to the network, then it can potentially be used to transmit passwords too.
Recommendation 10. We treat with the understanding that it is easier to steal passwords from a browser. After all, everything is in one place. Passwords for payment-related services are best stored in separate password managers that store the data locally in encrypted database files or record payment-critical credentials in a paper notebook that is stored in a secure place. OK, a paper notepad is too awkward a usage approach. For example, you can store passwords in APP https://keepassxc.org/ and encrypted DB with passwords locate to an encrypted folder on Google drive. If you want to achieve more security, you can save the same file to a USB flash drive or an external hard drive that allows fingerprint access, such as Samsung external SSD 1TB T7 Touch USB 3.2. There are also paid services like Bitwarden and apps like Lastpassthat differ in features. For example, their functionality may include checking passwords for leaks and restoring access in the event of the owner’s death by heirs.