ESI UCLM

uclm website

logo
mobile-logo
HomeOpinionOn the Internet, do not be fooled

On the Internet, do not be fooled

Opinion
Professor David García Rosado esi uclm
1119 Readings
7

On the Internet, do not be fooled

By David Garcia (University Professor)

The constant use of the internet at any time of the day makes the network an essential element in our lives. The rise and massive use of applications and services on the Internet for all kinds of needs (shopping, banking, education, leisure, etc.) has made people change our habits, both social and professional, making everything flow around the Internet.

This massive use of the network is not without its dangers, and cybercriminals who are attackers who seek to take advantage of the security flaws of the applications and the absent-mindedness of the users to make some kind of profit, either economic, ideological or for revenge. It is necessary to distinguish between “hacker” and “cybercriminal”, since the word hacker is misused by society in general (helped by the multitude of movies and television series that almost always give them a negative meaning), attributing harmful qualities to it. A hacker is a person with extensive knowledge in computer security (just like a cybercriminal) but his goal is to seek to improve the security of applications, report and solve the errors found to protect them from possible attacks caused by cybercriminals. Therefore, the distinction between a hacker and a cybercriminal is practically in the motivation they have, or help solve problems (the former), or make a profit (the latter).

Cybercriminals have extensive knowledge about computer security and, in addition, they make use of tools prepared to facilitate cyberattacks, making it more or less easy to steal your data stored on your device, or launch more sophisticated attacks on companies and large companies to steal a larger amount of data and information that may be sold to third parties or used for blackmail or extortion. The cyberattack on SEPE in 2021 was well known, but the European Medicines Agency also suffered cyberattacks in the midst of a pandemic, companies such as Adif, Mapfre, or also the well-known attack on Telefónica in 2017 by a ransomware (encryption of all your data and request for a ransom to be able to recover them). But not only companies are attacked, anyone can be the victim of a cyberattack, and to carry out these attacks, one of the techniques most used by cybercriminals is social engineering.

Social engineering or art of deception is tricking or manipulating people to get their personal information, such as passwords and bank details, or to gain access to their computers in order to inadvertently install malicious software or malware, in order to appropriate and have control of our devices and be able to access any information that we have stored, including the use of the applications installed on our devices. What they want is to capture our attention with some claim for us to act in a certain way. If a cybercriminal wants you to click on a link to download a virus to your computer, what will he use as a claim? a) “Click here to download a virus [link]”, or b) “The State will give aid if you are of legal age [link]“. It is clear that the second option is more attractive and arouses more interest by making people click on the malicious link and fall into the trap. This type of social engineering or deception can appear in emails, instant messages or social networks and often uses excuses such as natural disasters, celebrity news, product offers at low prices, traffic tickets, bank account security problems, etc. notifications from the Tax Agency, or sending electronic invoices.

To prevent this type of deception, it is convenient to follow these recommendations: 1) Never provide our passwords to anyone, nor share them by email or social networks; 2) We never provide our personal or banking data over the internet even if they request it by email or by phone; 3) If we add private or sensitive information to a web page, make sure that the web page or url is correct (for example, this url “http://sede23.agenciatributaria.234gob.es” is suspicious as it has a series of numbers to strange characters, it is best to type or search for the link directly instead of clicking on one provided in an email); 4) Never open a strange file if we don't know the sender or weren't expecting it, or if the message is misspelled or poorly worded. In addition, it is always convenient to have backup copies of important data, activate biometric authentication methods for mobile devices (fingerprint, face, etc.) and double-factor authentication (such as password and SMS) for Internet applications (online banking, purchases, etc.), and not to put the same password for all services and change them often, that they are robust (at least 8 characters, some capital letters, numbers and special symbols) being able to use a password manager so that it is managed automatically and not have to memorize them.

Man is the weakest link in the chain, so let's not make it easy for the cybercriminal, if he wants to steal your online banking access passwords, for example, having to resort to more complex and costly technical procedures and take a long time to do it. Both the Internet Security Office (www.osi.es) such as the National Cybersecurity Institute (www.incibe.es) help you protect yourself and become aware of the dangers of the internet.

David Garcia Rosado

Associate Professor

GSyA Research Group (https://gsya.esi.uclm.es)

School of Computer Science

University of Castilla-La Mancha

Share with:
Rate this item
Related publications