270 likes | 300 Views
Yellow Slice is an UI UX design company in Mumbai. We are leading UI/UX design agency in India offering services like UI (User Interface) , UX (User Experience) Audit, UX Research, UX Motion & Usability Testing.<br><br>
E N D
Cybersecurity Understanding security threats and how to implement secure solutions to protect data and systems from cyber attacks.
Cybersecurity Our world today is ruled by technology and we can't do without it at all. From booking our flight tickets, to catching up with an old friend. ● Cyber security, alongside physical commercial security has slowly become one of the most important topics in the business industry to be talked about. ● With an increasing amount of people getting connected to Internet, the security threats that cause massive harmare increasing also ●
What are the Most common security mistakes? Poor password management Not locking the computer while unattended Opening email attachments from unknown addresses Not running anti-virus programs Sharing information (and machines) Not reporting security violations Unattended Paper Documents Unprotected Electronic Data (while at rest and in motion).E.g: Emails, USB's, CD's, etc. Improper Information Handling Passing of information over Phone. ● ● ● ● ● ● ● ● ● ●
How to Keep Instagram Safe and Secure? Enable two-factor authentication ● Update your phone number and email ● Report content and accounts you find questionable ● Report on this website https://cybercrime.gov.in/ ● Keep your Account PRIVATE ●
Safeguarding your Digital Identity In this digital age, social media has become an integral part of our lives, connecting us with friends, family, and the world at large. However, with this connectivity comes the need for heightened cybersecurity awareness to protect our personal information and maintain a safe online presence. Cybersecurity is the responsibility of the platforms we use, us as designers as well as us as individual users. Cyber attacks could be platform related breaches or hacker attacks. Let’s look at both the various types of attacks.
Account Takeover Attackers gain unauthorized access to a user's social media account Phishing This is a type of attack in which the attacker sends a fake email or text message to the victim, claiming to be from a legitimate company or service. The message typically contains a link that, when clicked, takes the victim to a fake login page that is designed to look like the real login page for the company or service. When the victim enters their login credentials on this page, the attacker captures them and can use them to take over the account. Brute Force Attacks In this type of attack, the attacker uses a computer program to guess the victim’s login credentials by trying every possible combination of characters. This can be done quickly, and if the victim’s password is weak, it may be possible for the attacker to guess it successfully. Stolen Login Credentials If the attacker has obtained a list of login credentials that were previously stolen in a data breach, they can use these credentials to try to take over accounts on different websites and services. This can be done by simply trying the stolen login credentials on various sites until they find one where they work. Man In the Middle Attack Internet traffic goes through various server routes before reaching a website. If, during that process, a cybercriminal were to intercept the traffic while en route, and if it isn’t encrypted, they can view and track all the movement on the internet, including the victim’s username and password. Here, features like end to end encryption can provide safety to the platform users.
Privacy Breaches Unauthorized access or exposure of personal ● information. Example: The 2018 Facebook-Cambridge ● Analytica scandal resulted in the harvesting of personal data from millions of users by a third-party app developer. Safeguarding: Review and adjust privacy ● settings, limit sharing of personal information, and carefully consider permissions granted to third-party apps.
Camfecting : Unauthorized access to a laptop or mobile camera 1. Malware Installation: The hacker may trick the target into unknowingly installing malware on their device. This can be done through malicious link, download a compromised file, or open an infected email attachment. 2. Exploiting Vulnerabilities: Hackers often search for vulnerabilities that allow them to gain remote access to the camera without the user's knowledge or consent. 3. Remote Control: They may use specific commands or tools to access the webcam, initiate recording, and potentially transmit the video feed back to their own system.
Is Facebook and Instagram listening to your conversations? No. But Instagram and Facebook both use extensive data mining algorithms to generate an incredibly detailed and accurate understanding of you as a person. These services know where you live, how much you earn, your political and sexual preferences, who your friends are and your likes and dislikes for instance. All of these details are collected based on what you share online and the type of content you interact with – including on other websites. These algorithms then try to display adverts that are most relevant to you at a specific moment in time. It is very likely that your conversations relate to content you have seen online, and because Instagram knows what you have read/watched recently, it displays an advert related to that subject. ● ● ● How to protect yourself The only definite way to protect yourself against spooky, invasive ads is to avoid social media altogether – but for most of us that’s not an option. So even if Instagram isn’t listening to your conversations, their ad targeting mechanism is probably a lot more creepy than you realise. ● ●
Crypto & NFT (Non Fungible Token) Blockchain technology is slowly and steadily evolving in different fields of life. More and more people are interested in investing in crypto-assets, and many companies are embracing the possibility of accepting payments via cryptocurrency. The crypto and NFT worlds are extremely dynamic and opportunity-rich. They’re an attractive space for investors, gamers, developers, and people enthusiastic about the decentralization of the digital world in Web3. However, the blockchain environment, NFTs, and cryptocurrencies, in particular, are extremely attractive to hackers.
Risks Ransomware Attacks It’s a form of malware, typically infiltrates a system by using a malicious attachment or embedded link. ● Scams Investment schemes, phishing attacks and rug pull scams. ● Darknet Market & Illicit Trade These are the websites hoisted on the dark web also known as the onion services. ● Crypto Theft Cryptojacking is a form of cybercrime specific to cryptocurrencies that has been used on websites to hijack victims resources. ●
Fake Bitcoin wallet Screenshot Fake Identity Selling NFT
Blockchain bridges as a cybersecurity threat One of blockchain’s biggest problems is interoperability. Although successful on their own, separate networks don’t have the ability to communicate with other blockchain networks in the ecosystem. Blockchain bridges were created as an interoperability solution, permitting transactions and exchanges from one blockchain to another. For example, a blockchain bridge could enable someone who owns Bitcoin to spend Ethereum.
How to protect yourself against cybersecurity threats in cryptos and NFTs? Research before Investing Recognising Malicious Behavior Use of hardware or air-gapped wallets Not replying to unknown personnel Refusing to share private keys & Passwords Beware on spammy airdrops ● ● ● ● ● ● Last but not least, if it sounds too good to be true, it probably is a scam.
Finance? Cyber Security? Finance and Cybersecurity are two crucial domains that intersect in the modern digital landscape. Finance refers to the management of money, assets, and investments, while cybersecurity pertains to the protection of computer systems, networks, and data from unauthorized access, damage, or theft. The integration of technology in financial processes has revolutionized the industry, making it more efficient and accessible. ● ● ●
Finance + Technology ● In the realm of finance, technology has enabled the development of online banking, mobile payment systems, and digital currencies, among other innovations. ● These advancements have made financial services more convenient and inclusive, allowing users to conduct transactions and manage their finances from anywhere at any time. ● However, this reliance on technology has also exposed financial institutions, businesses, and individuals to cyber threats. “Cybersecurity is instrumental in maintaining the stability, trust, and integrity of the finance sector. By implementing robust cybersecurity practices, financial institutions can mitigate risks, protect valuable assets and data, comply with regulatory requirements, and ensure the ongoing delivery of secure financial services.”
Finance - Cyber Security = Problems ● Financial online fraud refers to fraudulent activities conducted through digital channels with the intent to deceive and unlawfully obtain financial assets or sensitive information. ● These frauds exploit vulnerabilities in online platforms, payment systems, and digital communications to carry out illegal activities. ● Here are some common types of financial online fraud:
Phishing Phishing involves the use of deceptive emails, ● messages, or websites that appear legitimate to trick individuals into divulging sensitive information such as login credentials, credit card numbers, or social security numbers. Phishing attacks often mimic trusted ● organizations or financial institutions, aiming to steal personal or financial data.
Ransomware Ransomware is a type of malware that encrypts ● files on a victim's computer or network, rendering them inaccessible until a ransom is paid. In the context of financial fraud, ransomware ● attacks may target financial institutions, holding critical data or systems hostage until a ransom is paid, disrupting operations and potentially compromising sensitive customer information. https://www.cpomagazine.com/cyber-security/ransomware-att ack-hits-fintech-company-finastra/
Investment Scams Investment scams are fraudulent schemes that ● lure individuals into making investments in fictitious or non-existent opportunities. These scams can be conducted through online ● platforms, social media, or unsolicited communications, promising high returns and using deceptive tactics to defraud victims of their money.
Card Skimming Card skimming involves the installation of ● devices on ATMs, payment terminals, or gas pumps to capture credit or debit card information. Skimmers can be physical devices placed over ● card slots or malicious software installed on compromised machines. The stolen card data is then used to create ● counterfeit cards or conduct unauthorized transactions. https://www.investopedia.com/articles/pf/08/avoid-atm-scams-atm-fraud.asp#: ~:text=ATM%20scams%20can%20involve%20stealing,the%20front%20of%20the %20machine.
Cash on Delivery Frauds and scammers tend to keep a check on ● customers who receive delivery packages very often and disguise themselves as delivery agents at the doorsteps of the customers to ask for the OTP. Furthermore, they ask for the order amount ● stating that it is a cash on delivery. In case the customers refuse to receive the delivery package, they pretend as if they are cancelling the delivery. To finalise the cancellation of the order, scammers ● trick the customers and ask for OTP.
Tackling Scams Education and Awareness: Educating individuals and employees about different types of online fraud, common red flags, and best practices for secure online behavior is crucial. Training programs and awareness campaigns can help individuals recognize and avoid fraudulent schemes, phishing attempts, and suspicious activities. Strong Authentication: Implementing strong authentication methods adds an extra layer of security. Two-factor authentication (2FA) or multi-factor authentication (MFA) should be used whenever possible, requiring users to provide additional verification beyond passwords, such as a unique code sent to their mobile devices. Regular Software Updates: Keep all software, including operating systems, web browsers, and security software, up to date with the latest patches and updates. Software updates often include security enhancements and bug fixes that protect against known vulnerabilities. Anti-Malware and Firewalls: Install reputable anti-malware software and firewalls on devices to detect and prevent malicious software from compromising systems. Regularly scan devices for malware and ensure firewalls are properly configured to block unauthorized access. ● ● ● ●
Tackling Scams Secure Website Connections: Verify that websites are secure before entering sensitive information by looking for the padlock symbol and "https://" in the URL. Avoid entering personal or financial details on unsecured websites or suspicious links received via email or other channels. Fraud Monitoring and Detection: Financial institutions and businesses should implement robust fraud monitoring systems to detect suspicious activities, such as unusual account access, transaction patterns, or changes in customer behavior. Automated systems can flag potentially fraudulent transactions for manual review. Collaboration and Information Sharing: Engage in collaborative efforts with industry peers, law enforcement agencies, and cybersecurity organizations to share information on emerging fraud trends, threat intelligence, and best practices. This collective approach helps to identify and prevent fraudulent activities more effectively ● ● ●