Advanced Guide
Welcome to the Intermediate Guide on how to stay cyber secure! Help yourself with helpful tips and tricks underneath!
Malware
What types of malware exist?
There are many types of malware that target differing outcomes (Malwarebytes/Cisco) . The most common is Adware, software that places ads throughout your system, such as recurring pop-up browser ads. Another common type of malware is spyware, as the name suggests these software spy on your activities and sell collected data. Ransomware, like the example, is software that encrypts and locks files until a ransom is paid. Viruses are software that hide in programs and attempt to trick a user into activating them in order to spread and replicate. Worms are ‘viruses’ that replicate and spread without user action. Trojans are software that provide useful functions while harbouring access for an attacker user/program to log and collect data and or execute code. Finally, an increasingly popular type of malware are malicious crypto miners, software that hides in the background and steals system resources to mine cryptocurrencies/provide system resources for botnets. (networks of other infected computers that provide attackers with makeshift supercomputers).
How do I tell if there is malware on my devices?
Malware's telltale traits can be prominent throughout many areas of an affected system. The general rule is that one should look out for abnormalities on their system, i.e., higher-than-average prolonged internet usage, systems running hotter/with higher usage than normal, and mysterious losses in storage space. These signs are indicative of being infected with malware tracking your activities or exploiting system vulnerabilities.
How can I defend against malware?
The greatest defence against malware is caution when downloading and installing software, always using checked and verified programs, and not ignoring firewalls. Also, periodically run checks with organization-or-verified antivirus tools such as Malwarebytes or Bitdefender to scan for incursions and stay wary of unexpected changes in device behaviour.
In short, stay vigilant for unexpected behaviour and be smart with downloads.
Can I ever be 100% safe from malware?
While there is much you can do to prevent and ward off malware, sufficiently advanced malware can exploit an ‘unkown’ weakness known as a ‘zero-day exploit’ (Malwarebytes). These attacks use unknown vulnerabilities in software to execute code in ways antiviruses and firewalls do not detect. Hence while one can be vigilant, devices are never fully safe from malware attacks.
Is my device at risk?
All devices can be targeted by malware, and differing operating systems have unique weaknesses and flaws that can be exploited. While Apple/macOS and Linux systems are generally safer than Windows and Android-based devices, all are vulnerable to malware attacks.
Phishing
What is it?
Phishing Attacks are attempts to gain control of a personal or organizational account by tricking the user into providing access to their accounts and/or systems. These attacks are typically more formal and personalized to the user, disguising themselves as ‘in-organisation’ communications to get the user to install malicious software or provide key account access to attackers.
With these sophisticated attacks, how is one supposed to know when to trust their emails, and how can one recover from such an attack?
How common are phishing attacks?
Malware's telltale traits can be prominent throughout many areas of an affected system. The general rule is that one should look out for abnormalities on their system, i.e., higher-than-average prolonged internet usage, systems running hotter/with higher usage than normal, and mysterious losses in storage space. These signs are indicative of being infected with malware tracking your activities or exploiting system vulnerabilities.
How can we not fall for such attacks?
Phishing attacks are always attempts to breach the safety barriers that exist within an organization and their accounts. Hence the best way to detect these types of attacks is to check for signs of nonconformity. For example; phishing attacks will never be sent from an ‘in-organization’ address, and will try to pass as close or believable alternatives. Phishing attacks will also often contain links to fake websites, one can attempt to read the hyperlink address to check if it looks like it should, such as ‘mcmaster.ca’ compared to ‘McNaster.io/redirect’. Finally, one should always generally treat emails from unknown senders with caution, and check with its resources when they are not sure about an email's validity.
What can one do if they have fallen victim to an attack?
Malware's telltale traits can be prominent throughout many areas of an affected system. The general rule is that one should look out for abnormalities on their system, i.e., higher-than-average prolonged internet usage, systems running hotter/with higher usage than normal, and mysterious losses in storage space. These signs are indicative of being infected with malware tracking your activities or exploiting system vulnerabilities.
How can we not fall for such attacks?
It happens, just like our example, you were sure that the holiday promotion email was true, and now your account is compromised. The first step is not to approve any 2FA requests, and contact your organization's IT department. If your personal accounts are compromised, contact financial institutions and lock your accounts until you have resecured your devices.
An excellent way to train and prepare for attacks in future is to take the McMaster Phishing Awareness course: Phishing Awareness at McMaster University - Discover - McMaster University (cllmcmaster.ca)
Understanding AI Scams
How can you identify a forged phone call?
There are many key giveaways to allow you to identify and be aware of scam phone calls. The first of which is understanding some of the tactics used to engage you over the phone. A common framework used is the one-ring scam, with this scammers will call from a shown phone number for a short period of time usually before you can pick up an then hang up immediately. This creates curiosity in the target to call back at which time they will record your voice with the intent to imitate you. If you receive a call of this nature from a number you are not familiar with do not call back. If they truly need to reach out to you they will call you again or find another format to reach you at.
​ To continue this train of thought impersonations are an increasingly prevalent format of mobile phone scams. Through this scammers will gain access to the voice of a loved one or friend and call you requesting money as they are pretending to be in a life-threatening or serious situation. This is becoming an increasingly more common and successful mode of scam.
What can I do if I feel that my voice has been recorded or I'm worried?
Encryption is a key aspect of staying safe with the development of AI. Things like having a safe word and a question to ask someone posing to be a loved one or as yourself are a great way to be able to identify if you are under attack or not. It is important to note that you should not talk unless you are already under the impression that it is who they say you are.
Website Security Monitoring/VPNs
What are they?
When we are in public or in a dense location we are at higher risk of our internet connection being intercepted. If this occurs a hacker may gain access to any and all things that we do on the internet. Yet, fortunately there are a number of companies that will offer you a virtual private network (VPN) which builds a barrier around your online security.
Is there a cost-free way to stay protected in these situations?
The first step to take when connecting to public wifi is to confirm that you are connecting to the correct network as scammers now can host fake wifi networks that pose as the real thing. They will appear the same so it is important to confirm you are on the right one.
Am I safe on public WIFI networks?
In short, no one's data is safe on a public wifi network. Places such as airports and coffee shops are target locations for hackers looking to gain access to people's information. They will often target areas where you are likely to be making online purchases to gain your payment information.