Digital Hygiene

In this tutorial BANKEX will tell you how to be secured online.

1. Computer remote control —

one of the most widespread methods used by criminal groups to manage botnets.

Signs of illegitimate remote control:

  • Arbitrary system actions (the appearance/disappearance/execution of files, processes etc.);
  • Illegitimate connections by processes;

Countermeasures:

  • Timely software updates;
  • Careful handling of e-mail attachments;
  • Secure passwords;
  • Whitelists and firewall rules;
  • Connection monitoring;
  • Connection node creation

2. Phishing and Spam —

a social engineering technique used by attackers aiming to receive the users’ personal data.

Phishing attacks can provide an attacker with access to the following personal data:

  • Credentials for any electronic service (electronic wallets, mailboxes, payment services, social network and other accounts etc.);
  • Personal data to be further used in other types of attacks;

Methods used by attackers:

  • Personal e-mails (can have a particularly powerful psychological effect on a person);
  • Bulk spam mail (a widespread, cheap technology that can reach a large target audience);
  • Any online resources (efficiency stems from the carelessness of the visitors of web resources).

How to recognize phishing?

  • Use of brands and well-known trademarks with a slight difference from the original;
  • Similar links and copycat sites (use of similar interfaces or addresses);
  • Incorrect domain name of the mail server or mailbox name of the sender.

Countermeasures:

  • Careful handling of attachments and links in e-mails;
  • Scanning downloadable files and resources with VirusTotal;
  • Checking connection security.

3. Messenger security

  • Use secure messengers (ChatSecure, Signal);
  • Use secret chats (Telegram, WhatsApp);
  • Use two-factor authentication;
  • Disable location services.

4. Data Exchange via File-Sharing Sites and Flash Drives

Countermeasures:

  • Using trusted sources;
  • Scanning downloaded files (VirusTotal);
  • When uploading files to a file-sharing site, use password-protected archives and asymmetric encryption.

5. Rules for E-mail

  • Account activity monitoring (IP address, time zone);
  • Two-factor authentication;
  • Creation of complicated passwords.

6. Rules for Browsers

  • Account activity monitoring (IP address, time zone);
  • Use of plugins;
  • Disabling the browser’s password auto-fill functionality.

7. Rules for social networks

  • Two-factor authentication;
  • A complicated password;
  • Responsibility for published posts.

8. Secure password creation rules

PasswordStrengthWeakness
«qwerty
123456»
Convenient and familiarCan be found in a dictionary
«*?4U(!»The computer’s favourite password6 symbols →«Brute force»
«Some-where
over the rainbow»
26 symbols, spaces and special characters

It is also recommended to create and store passwords in a secure password manager such as KeePass.