MOSCOW, Feb 9 – RIA Novosti. The massive shift to remote work related to the coronavirus pandemic has created favorable conditions for the activities of cybercriminals. Experts interviewed by RIA Novosti spoke about how Russians do not become an easy target for cyber fraudsters and how to secure their data and money online.
World Safer Internet Day is celebrated annually on the second Tuesday of February. In 2021, it will fall on February 9th. Its purpose is to inform people about the responsible and safe use of the World Wide Web.
Sergey Zabula, the head of the group of systems engineers for work with partners of Check Point Software Technologies in Russia, believes that this holiday is a good reason to once again recall the main risks in the network.
The expert noted that the last year has been difficult in terms of cybersecurity. “In 2020, a huge number of our usual things went online: work, study, shopping, visits to doctors, etc. Fraudsters could not help but take advantage of this: according to Check Point's report on the most active cyber threats in the first half of 2020, attackers actively used the pandemic and related topics for deploying attacks, “he explained.” Between February and April 2020, the number of phishing and malicious attacks motivated by the coronavirus increased 40 times: from 5,000 per week to 200,000. In May and June, when some countries began to weaken the self-isolation regime, the scammers, on the contrary, increased their malicious activity not related to COVID-19. At the end of June, the total number of cyber attacks increased by 34% compared to March and April, “Zabula added.
According to Evgeny Sukhanov, director of the information security department of Oberon, the number of confirmed cases of online fraud and leaks of personal data of citizens is growing annually by an average of 20%. The most popular of them remain e-mails with infected links, visits to phishing sites, as well as theft of personal data and payment card numbers using social engineering tools – using methods of psychological influence under various pretexts, information is extorted from victims, which is subsequently used for illegal actions and theft of funds, the expert noted.
The pandemic is not over yet, and many are still in no hurry to return offline. Most likely, attackers will exploit this. Experts gave recommendations on how users should be extremely careful online.
Digital hygiene is the foundation of all foundations
Digital hygiene is the same essential thing as caring for loved ones, attention to health, financial well-being, personal safety, reminded IT Director of ESET Ruslan Suleymanov.
The expert recommends a conscious approach to privacy and cybersecurity. “Do not forget that information about each Internet user is necessarily saved and analyzed. This is done not by special services, but by specially trained algorithms. Your queries in search engines are processed to display ads. Video views are also taken into account. That is, your portrait based on an array of the processed data on the Internet has already been formed. And if you do not take care of the safety of the “electronic trace”, then private information can fall into the hands of intruders, “Suleimanov said.
The expert advises to get a separate SIM card for authorization on all kinds of services, use complex privacy protection services for a smartphone, create a separate e-mail for one-time registrations, do not indicate the real name in Internet services, if this is possible and we are not talking about public service portals. You need to be especially careful with banking, financial and government services.
“Of course, in such accounts, you cannot use invented data, but you should take seriously access protection: set a strong password, change it regularly, enable two-factor authentication. Leaking access to such services can lead to financial losses and legally significant consequences,” Suleimanov cautioned …
In turn, Kaspersky Lab cybersecurity expert Dmitry Galov advises downloading programs only from official app stores, not clicking on questionable links in mail, instant messengers or social networks, carefully checking the name of the site in the address bar before entering your personal information on it. or payment information, and regularly update installed applications and operating system.
“Be wary of calls from people who claim to be bank employees: do not disclose information about your account or card, do not provide one-time passwords in sms or push notifications, do not install third-party applications on your devices, it is better to end the conversation and call the bank yourself – the number can be found on the official website or on the back of the card, “Galov said.
Alexey Fedorov, the head of Avast's representative office in Russia and the CIS, also recommends downloading applications only from official application stores: App Store and Google PlayStore. “Before the applications get there, they are examined by experts, but even after all the checks, a malicious application can get into the official store,” he said.
In addition, it is important to look at the rating of the application and the reviews about it: most likely, it will have both sharply negative and overly positive reviews, among which there may be fake ones. “Look at its developer – if he has only one application, this should alert. Another way to understand that something is wrong with the application is to look at what functions of the smartphone it asks for permissions. If, say, a flashlight requests access to contacts or a camera, that is, to those functions that he does not need to work – this should raise suspicion, “Fedorov said.
The expert also recalled the importance of strong passwords. Much of the power we have on the web today requires creating accounts and protecting them with passwords. This is the first step towards data protection in the digital world.
“The ideal password consists of 16 characters, including uppercase and lowercase letters and numbers, and is easy to remember but difficult to crack. It is important to make sure that one password is used for only one account. Remembering all passwords is difficult – so you can use a password manager. automatically imports all passwords stored in the browser. When using a password manager, all you have to do is remember one secure password to access your account for the password manager itself, “Fedorov said.
In turn, Timurbulat Sultangaliev, director of information security practice at AT Consulting (part of the League of Digital Economy), advises not to enter personal data on sites without encryption. “Pay attention to the” lock “on the left side of the address bar and the beginning of the site address – it must start with https,” he explained.
The expert also recommends using a VPN to exchange confidential information and connect to corporate resources, use two-factor authentication, and be careful when sending confidential data (photos, passport data, scans of passports and other documents, bank details).
Mindfulness is a guarantee of protection
The Internet is a tidbit for scammers. Users need to be very attentive to this system, said Ilya Kireev, lead promotion manager at CrossTech Solutions Group.
“Firstly, you need to be extremely wary of various messages about emergencies, for example,” your bank “may send a letter stating that your card is blocked, and in order to unblock it, you need to verify it by entering your personal data. call the number provided on the website, or come directly to the bank branch itself, “Kireev warns.
In addition, fraudsters are constantly and everywhere looking for various ways to obtain personal information, so the expert advises never to send confidential data through instant messengers.
“Also, be sure to check which Wi-Fi connection you are connecting to, because it may be a fraudulent network that steals personal data. Because of this, never go to the online bank via Wi-Fi on the street or on the subway. if you try to create different passwords for each service and use two-factor authentication. And in the end, be sure to keep the operating system of your smartphone or computer, as well as your applications up to date. Outdated versions are more susceptible to fraudulent attacks, “Kireev summed up.
“We always advise users not to visit unverified and unreliable sites, when paying for goods and services, use only the infrastructure of the online store and not transfer funds to personal accounts … Users need to be careful about clicking on links from different sources, especially if this please enter your personal data or payment card details, “advises Sukhanov.
Zabula recommends that you beware of overly lucrative or exclusive online offers: for example, significant discounts on popular products or the opportunity to purchase a medicine / foreign vaccine against COVID-19, protect your account data, remember about phishing attacks, and not be influenced by cybercriminals. “Always remember that cybercriminals are prone to manipulation: they take into account the peculiarities of human behavior and know where to push, so that you do what they want,” he said.
“Take care of your information: remember that if you don’t pay for something with money and allegedly get it for free, then you still pay, only with your data. Now information about you is a valuable commodity, and you cannot know exactly how they will be used. Therefore, carefully check who you are giving them to, “concluded Zabula.