Cyberattacks, phishing, phone and online fraud – these are phenomena that have turned into massive threats to society and the state.

They are also an invisible aspect of modern confrontations and hybrid warfare. We can’t see, hear, or touch them. However, they can pose a threat to the safety of each and every one of us.

How can you protect your data on the Internet? Why should you not post your family photos on social media? How can children be protected from such threats? Digital hygiene can help you deal with these issues.

How can you strengthen your personal “dam” in the whole “ocean” of cyber and information threats? We talk about all these issues in this latest episode of the “Infobridge”.

What is cybersecurity?

Almost every one of us uses social media and messengers and does shopping on the Internet. About 65 per cent of the world’s population now has access to the Internet with the number growing every year.

The modern world is easy to use. On the Internet, we can buy new clothes, pay utilities, watch a movie, read a book, or communicate with our family members. And the number of these options is growing. Virtual field trips. Online testing of a new lipstick. Distance learning. However, threats are also increasing exponentially.

“In 2022, Ukraine faced 7,000 cyberattacks on information infrastructure. In that year, 2.8 times more cyber incidents were registered in Ukraine than in 2021,” Forbes Ukraine says in an article.

And the same statistics are valid all over the world. Cyberattacks are the actions of cybercriminals or malicious programs, aimed at stealing information data of a remote computer, gaining full control over computer resources, or disabling a system. Cyberattacks have become especially frequent in temporarily occupied territories.

“The temporarily occupied territories in eastern Ukraine are now a ‘grey zone’, particularly in cyberspace. A lot of challenges in investigations, the lack of accountability for cybercrimes, and the lack of cybersecurity professionals have led to the formation of an uncontrolled infrastructure used by hackers from around the world for carrying out cyberattacks. It is also actively used by the aggressor country’s security services. It can be confidently said that the uncontrolled situation with information systems in the territory of the so-called ‘grey zone’ poses threats to both Ukraine and other countries. It is worth noting that now attackers include many Asian countries, with Russia being the key attacking country earlier,” Army.Inform says in an article.

There is a myth that cyberattacks affect only the state – the work of institutions, banks, and mobile network operators. However, in reality, they pose significant threats to all people using the Internet.

“Everything you put on the Internet stays there forever. You can provide information in exchange for using social media or a messenger, in which case your personal data will be a fee for use. Another case is when you buy, for example, Netflix. You provide your email address and some payment data and pay for the services. In this case, you are a customer because you pay,” says cybersecurity expert Kostiantyn Korsun.

All your personal data can be used by the enemy. And it is not necessarily about a certain country, large corporations, or security agencies. Online fraudsters are a huge threat to your personal data.

“Their aim is to cast their nets as wide as possible and collect absolutely ‘all the fish in this sea’. This is what we primarily use: financial data, access to banking accounts, bank card details, bonds, securities, etc.,” explainsKostiantyn Korsun.

This is also about blackmailing and gaining access to important information or even your property. And this is where cybersecurity can come to the rescue. Cybersecurity is a set of measures to protect your personal data on the Internet, including your phone number, email address, or location.

Remember that it is not only you who can publish data about yourself on the Internet: check the data published by your relatives, friends, or colleagues. If necessary, ask them to delete your personal data.

Make a checklist based on the telltale signs of phishing and check emails that arouse suspicion using it. If the email you have received is suspicious, notify an IT administrator or email service provider about this and then delete the suspicious email.

To avoid becoming a victim of phishing or scams, do not click on shortened or unrecognised links. Remember that real institutions never ask for your personal information online. It is better to contact an institution directly using their official phone number to see if they have tried to contact you.

How can you protect your data on the Internet?

In order not to swallow the bait of cyber fraudsters, you need to carefully protect your personal data. How can you do this? You can use the following tips from the State Service of Special Communications and Information Protection of Ukraine.

1. Use licensed operating systems and update them on time.

2. Use anti-virus software.

3. Make backup copies of data: save important data to the cloud or on external media – flash drives, hard drives, etc.

4. Trust only your own devices and be careful with those you receive from other people for work or other purposes.

5. Do not store passwords or logins in easily accessible places: for example, on the desktop or in smartphone notes.

6. When you log into an online banking application or other electronic payment systems, do not access the Internet through public networks, for example, in cafes, bars, or airports.

7. Be especially careful when you open email attachments sent by unknown people, because you can get malware from a link.

8. Use two-factor authentication when creating an account.

In order to check whether a link is reliable, you can copy it and check it through the VirusTotal service. It will show whether it is safe to visit a site.

Be sure to create a strong password for a site. You should not use your date of birth, the names of your family members, or the name of the city where you live: such passwords would be very easy to crack. To check whether a password is reliable, use appropriate resources.

After creating a secure password, be sure to set up two-factor authentication.

“Two-factor authentication is one of the ways to more reliably protect your account on resources. In simple words, two-factor authentication involves two protection factors: password + FaceID, fingerprint, SMS or email verification, etc. It is very convenient, because you will always know when someone tries to log into your account and can cancel this attempt. So, you can protect yourself from hacking your account or email,” says Zaxid.net in an article.

Set security settings in your profile: hide your phone number, date of birth, email address, and friends list.

Moreover, avoid posting photos on the Internet. If you go somewhere with your family members, it is better to take photos of scenery or sunset, for example. After all, blackmail in virtual networks always targets loved ones, and photos featuring sunset will not do any harm. Geolocation data is stored in each photo we take on our phones. If geolocation is enabled on your device, criminals can find your location.

Photos can also show the quality of your relationship and your property. All this can later become a subject for blackmail or a scam.

“Social media were invented for entertainment. You can use social media for showing your great life and mind-blowing parties and bragging about yourself. You can brag about your car and unintentionally show its license-plate number. And then criminals can ascertain your identity. You can show your house and accidentally show its number and street,” explains Kostiantyn Korsun.

And these data should really be treated very carefully. Sometimes it seems to us that a data breach, phishing or scam involves only famous people or companies.

Unknown persons hack the account of the Ukrainska Pravda media outlet on Х

Hacker attack on Kyiv Regional Council website with threats to Zelenskyi

Kyivstar CEO: hackers used compromised employee account to carry out attack

However, such a story can happen to anyone. For example, Suspilne tells the story of Anna from Zhytomyr, whose Facebook page was hacked by fraudsters. At first, the woman did not pay attention to this, but by the time Anna realised she had been hacked, her friends had already transferred more than UAH 100,000 to the bank card account indicated in a message.

“People started calling me and I realised how much money they had transferred. I began to panic,” says Anna Verbytska.

On the same day, law enforcement officers detained three people and served them with a notice of charges for extorting money by hacking personal pages on social media.

The dev.ua portal shares a similar story. ІТ expert Roman published a post on social media, warning that his Instagram account had been hacked by fraudsters. He lost access to his account after clicking on the link to the survey “Which is better: Viber or Telegram?”

There is one more important security aspect for people residing in the temporarily occupied territories: they should protect their personal data from enemy military or security services.

“In fact, information is not deleted from your smartphone. Even if you click “Delete” – when you want to delete any photos or messages – the smartphone just marks these data as no longer needed, but they remain on it,” explains Kostiantyn Korsun.

Does this mean the end of the world is coming? Absolutely not. Nevertheless, you should clear “unsafe” browsing data in your browser or applications. So, they will not be able to be read during a superficial inspection. You should delete any patriotic information from your smartphone. You should also delete any messages that pose a threat to you or your family members.

“That is, a soldier with an assault rifle will just check your smartphone whether it has any yellow and blue flags or tridents and will let you go. Also, you can have a special smartphone for inspections. However, you should switch off and hide your real smartphone,” advises Kostiantyn Korsun.

Moreover, use VPN services and encrypted messengers. You should turn on a virtual private network so that third parties do not gain access to the information that you transmit, receive, or store. Such services include NordVPN, Surfshark, ProtonVPN, TunnelBear, or NewNode.

As for messengers, Signal, WhatsApp, and Threema are the most secure ones. These applications provide end-to-end encryption for all messages by default. This way of data transmission ensures that only communicating users can access messages.

Moreover, do not provide your personal data (your full name, phone number, banking details) to third parties; once a year, factory reset your smartphone – if you have created backup copies, of course; after using a third-party gadget, do not forget to sign out of all accounts; check the accounts of your friends whether they are fake or not.

How to protect children?

In short, this is a series of measures that you will use for yourself. It is especially important to emphasise the dangers lurking on the Internet: children shouldn’t share their personal data, communicate with strangers, or do shopping on the Internet without parental permission.

You can also set control over the content consumed by your child. This feature helps you manage your child’s accounts, devices, applications, and screen time. Google “How to set up parental controls?” and get detailed guidance on the gadget and social media used by your child.

With parental controls, you can check the content consumed by your child: the pages he or she follows, persons allowed to send direct messages, etc. You can reduce all of these threats by communicating with your children and monitoring the applications they use.

Moreover, you should not publish photos featuring children without their permission or without the permission of their parents if you take photos of other children. Research commissioned by Nominet shows that on average, 973 photos are posted online by a child’s fifth birthday.

First of all, it is almost impossible to remove anything that gets on the Internet. These photos create a digital footprint for children and can haunt them during their lifetime.

Secondly, it is not only with good intentions that people look for photos of children on the Internet. To protect your child, it is better to store photos exclusively offline.

Thirdly, once a photo is published on a social network, it becomes very difficult to control its further path: to check whether criminals can track the geolocation or target their crimes at the children shown in the photo. Moreover, photos of children can be used for advertising some products without their parents’ knowledge. Therefore, it is better to share them with family members or on private accounts on social media.

“And in general, the less information about yourself, your work, hobbies, and family you provide on the Internet, the safer you feel,” emphasises Kostiantyn Korsun.

If your family members are residing in temporarily occupied territories, please share this information with them. Share these tips and recommendations with people who need to protect their personal data. Stay in the Ukrainian information space and don’t lose hope.

Authors: Ivan Mahuriak, Sofiia Troshchuk  

Article published in Ukrainian by 24TV.UA