/w=3840,quality=90,fit=scale-down)
Staying secure, whilst accessing the Internet.
Anthony PejkovicUsing the internet in the year 2024 is a necessity. However, it’s also fallen victim to opportunists who are known as “hackers” or threat actors who abuse the explicit trust on the internet. They prey on people who are least expecting it, those who aren’t extremely tech literate and the elderly.
A substantial amount of attacks on organisations and individuals are related are phishing attacks, which typically come in the form of an email which includes a maliciously crafted link or attached file. The link would direct you to a look-alike page for a common service e.g. Microsoft Sign-in, internet banking, Spotify and cryptocurrency exchange.
A significant amount of these attacks on individuals are related to phishing attacks, what are they you ask? It’s a simple yet effective way of sending an email, that includes a malicious link made to look legitimate. Instead it’s aim is to redirect you to a look-alike page for internet banking, Spotify or Microsoft to name a few examples. These phishing emails can also include a QR code the threat actor hopes you’ll scan with your phone only to be redirected to a malicious link, or even an SMS message received including the same link.
Once you’ve visited the malicious link, you are asked to enter your credentials for this service essentially willingly giving your username and password to the attacker. In some cases these pages are also able to steal session tokens, allowing the threat actor to completely bypass MFA (Multi-factor authentication) in place. Once they have your password, due to it being common for people to recycle their password for everything the threat actor will try their luck with other services you potentially use and can lead to multiple account take overs.
So how can we make it harder for the threat actor? I’d like to share from my own research and experience what I recommend and use daily to keep myself safe online. Although it isn’t ever full proof it makes it significantly harder for the threat actor.
“Something you know, and something you have”
- Something you know? A password or pass-phrase.
- Something you have? A physical security key or Authenticator application.