Could someone, who intentionally uses malware to commit punishable actions get away, nowadays?!
Well… Sure he could!
The idea and the purpose are to avoid getting robbed, not to trap and punish the robber!
Always prefer the “better prevent than cure” approach when it comes to security.
The background behind anyone using or intent to use malware is not that different to a criminal act. The majority of people use Laptops, computers, smartphones to ease their otherwise time-costly activities, in daily basis. Could that be a bank transfer, an online order, or an email that someone will manage to exploit and benefit on your expense? Yes, it could and to be realistic- it already has happened to many of us!
What we hardly realize today is that all the complex electronic devices we use -not necessarily own- and for the time being used by us, are becoming our assets’ “manager”. Thereby, for these few moments they are becoming vulnerable, and target for the cyber-vultures!
Not differing from common thieves, cyber-criminals will disguise their identity and purpose to steal from you. Their loot could be money, personal files or valuable to them information to keep them going.
The intention of someone who uses malicious software will always be masqueraded. Sometimes is easy and straight forward to identify the scam served to you in a goofy way, but on the other hand there are scams well-planed and highly sophisticated that could easily deceive anyone, even experts!
To protect our privacy and assets, we need to consider cyber-criminals as common thieves! Their true identity will be masqueraded, their purposes will appear to be pure and innocent and the fuel to feed their success is mostly the Human error!
We need to realize that the highest value “currency” in this post-modern era, undoubtably is information! That is what they go for and therefore what we need to fortify and keep safe!
A noble idea, in theory, but in practice, a western luxury.
How could we counter sophisticated malware, well-planned attacks and disguised intruders from stealing us?
At first, we should not hand the keys over and if we did, we should change the lock at once! Do not share your password and do not either write it down on a post-it hanging proudly like “Free Entrance” label on your PC monitor.
Change your credentials often, create a linked habit for it, do it every month along with your bills payments so you don’t forget it.
Use passwords with high complexity!
I know you don’t want to forget the marvelous summer holidays you had on this exotic Greek island, that apart from relaxation and some salt on your skin, gave you a nice password idea “naxos2020”. But don’t be humble about your feelings, add up some enthusiasm and turn it into “naxos2020!”. Try to avoid Grammar and Spelling Police also by turning it into “Naxos2020!”. Get some stars decorating its sky “*Naxos2020!*” and maybe a few extra dollars “*Naxos2020!$$*” just in case! By the way, why not mentioning this new funny friend you made there…. “*Naxos2020!$$*peter”. And I know everyone is counting down to next summer holidays… so keep counting and adjust it accordingly every month so you don’t lose track… “*Naxos2020!$$*peter10” . Don’t forget about Spelling Police and use capitals, they love them even when not necessary!
And there you go… “*Naxos2020!$$*PeteR10”.
Remember that if you get targeted by someone who really wants to break your password, complexity and short time rotation (15-30days) are your allies!
Do not stick to a patronized schedule and change your credentials as soon as possible if you suspect someone might have them, and fully utilize your imagination when creating a password. It is a routine that after a while gets exhausting for many people, but you must keep doing it for your safety! Better safe than sorry.
Be social but do not get dragged into social engineering traps! Socializing with friends and colleagues is more than necessary for most of us, but walls have ears and doors have eyes. You can never know who lays hands on simple information you exchange during the innocent chatting you have with your friends. For example, talking loud with your friends about your vacation this year, the great friend you made and the months you count until next summer are valuable hints that someone could maliciously use to build a library of potential password combinations!
Information mostly extorted for this purpose are names, birthplaces, birthdays, pet names and anniversaries.
Don’t let your devices unattended and unlocked. Doesn’t matter if you are on a coffee shop with friends or in the University’s library, always lock your device if you are intending to leave them unattended! It takes seconds for a successful malware deployment on a mobile or a laptop!
Be skeptical and doubtful when communicating with someone over emails or any other web platform in general. Someone’s claiming to be the Pope, or more commonly a Nigerian Prince, doesn’t mean it’s true!!
Always try to verify the identity of the person on the other end of the network-line! Check the full sender’s mail when you receive something in your mailbox and be suspicious if something doesn’t seem normal. Think and corelate sender’s name, sender’s email, subject of the email, attached files, purpose of the email. If something doesn’t feel right double check its validity! Could be a weird front used, a mail signature out of position, expressions used not matching the sender’s personality, generic or vague references or even (too) personal details requested.
Majority of people use the same credentials for several applications, emails, bank accounts etc.
As prompted before, I suggest you use your imagination to weaponize your credentials’ library.
Use the password “*Naxos2020!$$*peter10” for your email, but use a variation you can easily remember for laptop e.g. “*Naxos2020!$$*peter10Lap” or “*Naxos2020!$$*peter10ScroogeMcDuck” for your bank account. This way you get a strong complexity password, with irrelevant elements and easy to remember at same time.
Keep in mind that any password that is easy for you to remember and type, is 10x times easier for the attacker to obtain!
Using a single password for all your electronic “assets” gives you zero fault tolerance!
Therefore, compromising one of them gets the gate open and the king killed!