1. 1
Privacy Kit
Manual of cyber awareness
Chapter-1
Safe Computing
What is Safe Computing?
Safety is a state of being protected from
potential harm or something that has been
designed to protect and prevent harm. An
Example of Safety is when you wear a
seatbelt.
Today, we are more dependent on
computers and the information that they
store than ever before. From spyware,
viruses, and Trojans to identity theft and
computer hardware malfunctions - any
disruption can have a huge impact on our lives. No matter how savvy the
user, safe computing software and security settings and the secure
actions of the user.
Below are some tips that will help you protect your computer.
1. Keep your Computer
Updated: Whether individuals
choose to update their
operating system software
automatically or manually, we
recommend making it a
continuous process. It is also
important to keep other
software on your computer
updated. Software updates
often include essential bug
fixes and security features that
address existing vulnerabilities.
2. 2
2. Keep up-to-date on
software patches:
Staying up-to-date
on the latest security
patches is critical in
today’s threat
environment. The
single most
important thing you
can do keep your
software and
computer safe is to
always run the most
up-to-date versions.
Why patch?
If your computer seems to be working fine, you may wonder why
you should apply a patch. By not applying a patch you might be
leaving the door open for a malware attack.
What to patch?
Not all the vulnerabilities that exist in products or technologies
will affect you. However, any software you use is a potential
source of vulnerabilities that could lead to compromise of security or
identity. The more commonly used a program is, the bigger target it
represents and the more likely it is that vulnerability will be exploited.
For the more obscure software you use, contact the vendor to
receive updates, patches, or vulnerability alerts. Additionally, don’t
forget to patch your Antivirus software.
3. 3
3. Do not use open Wi-Fi:
Everybody has done it. At least
once, probably a lot more. Maybe
daily, Maybe even hourly. But just
because everybody else is
connecting to the internet via free
public Wi-Fi doesn’t mean you
should, too. Instead, you should listen
to that little voice in your head that
asks, “is this safe?” every time you
connect to a public Wi-Fi network - because you know it really isn’t.
You’re not alone. Open public Wi-Fi networks are everywhere: coffee
shops, airports, restaurants, shopping malls, public Wi-Fi is
commonplace. And so are people’s concerns about their safety on
unsecured open Wi-Fi hotspot, but like you they go ahead and connect
anyway.
There are a few big problems with using a public Wi-Fi network. The
open nature of the network allows for snooping, the network could be
full of compromised machines, or - most worryingly - the hotspot itself
could be malicious.
When you connect to an open Wi-Fi network like one at a coffee shop
or airport, the network is generally unencrypted - you can tell because
you don’t have to enter a passphrase when connecting. Your
unencrypted network traffic is then clearly visible to everyone in range.
People can see what unencrypted web pages you’re visiting, what
you’re typing into unencrypted web forms, and even see which
encrypted websites you’re connected to - so if you’re connected to your
bank’s website, they’d know it, although they wouldn’t know what you
were doing.
4. 4
4. Lock the
computer/system when you
are not using: The physical
security of your devices is just
as important as their technical
security.
If you need to leave your
laptop, phone, or tablet for any
length of time - lock it up so no
one else can use it.
If you keep sensitive
information on a flash drive or external hard drive, make sure to keep
these locked as well. For desktop computers, shut-down the system when
not in use or lock your screen.
5. Download Files Legally:
Downloading from the internet
and sharing files are both
common, everyday practices,
and can come with a set of risks
you should be aware of. You
could unknowingly give others
access to your computer while
file sharing, who could
potentially copy private files.
This can happen when you’re
asked to disable or alter your firewall settings in order to use Peer-to-Peer
to upload to a file sharing program, which could leave your computer
vulnerable.
Downloading viruses, malware and spyware to your computer without you
knowing it, they’re often disguised as popular movie or song downloads.
Inadvertently spreading viruses and other malware that damage the
computers of those with whom you’re file sharing.
5. 5
6. Backup on regular basis: Regular,
scheduled backups can protect you from
the unexpected. Keep a few months’ worth
of backups and make sure the files can be
retrieved if needed. If you are a victim of a
security incident, the only guaranteed way
to repair your computer is to erase and
reinstall the system.
7. Use HTTPS everywhere: HTTPS helps
prevent intruders from tampering with the
communications between your websites
and your user’s browsers. Intruders include
intentionally malicious attackers, and
legitimate but intrusive companies, such as
ISPs or hotels that inject ads into pages.
Intruders exploit unprotected communications to trick your users into
giving up sensitive information or installing malware, or to insert their own
advertisements into your resources. For examples, some third parties
inject advertisements into websites that potentially break user
experiences and create security vulnerabilities. Intruders exploit every
unprotected resource that travels between your websites and your users.
Images, cookies, scripts, HTML. they are all exploitable. Intrusions can
occur at any point in the network, including a user’s machine, a Wi-Fi
hotspot, or a compromised ISP.
8. Use Anti-Virus: Only install an antivirus
program from a known and trusted source.
Keep virus definitions, engines and software up
to date to ensure your antivirus program
remains effective.
Virus, worms and the like often perform
malicious acts, such as deleting files, accessing
personal data, or using your computer to attack
other computers. To help keep your computer healthy, install Anti-virus.
You must also ensure both the program and the virus signature files are
up to date.
6. 6
9. Use Anti-Malware: Anti-Malware is a type
of software program designed to prevent,
detect and remediate malicious programming
on individual computing devices and IT
systems. Antimalware software protects
against infections caused by many types of
malware, including viruses, worms, Trojan
horses, rootkits, spyware, key loggers,
ransomware and adware.
The intent of malware is that of promoting
rogue product, redirecting your legitimate browsing to their scam sites,
intercepting your transactions, and gathering as much of your personally
identifying information as possible, all for financial gain.
10. Turn on Firewall: Windows Firewall or
any other firewall app can help notify you
about suspicious activity if a virus or worm
tries to connect to your PC. it can also block
viruses, worms, and hackers from trying to
download potentially harmful apps to your
PC.
11. Use VPN or Proxy:
What is VPN? : A VPN is secure connection
between your computer and server. All your internet
traffic and browsing data goes through that remote
server. To the outside world, the anonymous server
is doing the browsing, not you. ISPs, government
agencies, hacker or anyone else can’t track your
activity online.
In the past, VPNs were mainly used by companies
to securely link remote branches together or
connect roaming employees to the office network, but today they’re an
important services for consumer too, protecting them from attacks when
they connect to public wireless networks.
7. 7
TOP 5 FREE VPNs
1. TunnelBear: Your IP address is
the unique number that websites
use to determine your physical
location and track you across
different sites. Use TunnelBear
VPN to keep your IP address
private from websites, hackers and
advertisers. TunnelBear VPN
shields your personal information
from prying third-parties and
hackers on public WiFi, ISPs and other local networks. Your
connection is secured with bear-grade (that’s strong) AES 256-bit
encryption.
2. OpenVPN: OpenVPN Access Server
is a full featured secure network
tunneling VPN software solution that
integrates OpenVPN server
capabilities, enterprise management
capabilities, simplified OpenVPN
Connect UI, and OpenVPN client
software packages that accommodate
Windows, MAC, Linux, Android, and
iOS environments. OpenVPN Access Server support a wide range
of configurations, including secure and granular remote access to
internal network and/ or private cloud network resources and
applications with fine-grained access control.
3. Hotspot Shield: Hotspot Shield is possibly the
most popular free VPN client in the world. It
made waves when Hulu was launched as it
allowed users to watch Hulu even when it was
blocked. Now, they have US & UK based VPN
services which you can use to protect yourself
from WiFi Snoopers, identity thefts, and
censorships. The best part is, Hotspot Shield
provides unlimited bandwidth and works on both PC & Mac.
8. 8
4. VPNBook: It’s a free VPN
service and comes with most
advanced cryptographic
techniques to keep you safe on
the internet. VPNBook strives
to keep the internet a safe and
free place by providing free and secure PPTP and OpenVPN service
access for everyone. From our tests, we have found that VPNBook
is Romania based and claims that they do not collect any
information or log any internet activity.
5. UltraVPN: UltraVPN is a French VPN client
that hides your connection from unwanted
ears and allows you to use blocked
applications. It is also based on OpenVPN
service. Traffic is quota is unlimited.
Bandwidth is 50kb/s depending on network
conditions.
What is Proxy? : A
Proxy server is a
computer that acts as
an intermediary
between the user’s
computer and the
Internet. It allows client
computers to make
indirect network
connection to other
network services. If
use proxy server.
Client computers will first connect to the proxy server, requesting some
resources like web pages, games, videos, mp3, e-books, and any other
resources which are available from various servers over internet.
Nowadays, we use proxy server for various purpose like sharing internet
connections on a local area network, hide our IP address, implement
Internet access control, access blocked websites and so on.
9. 9
To share Internet connection on a LAN. Some small
businesses and families have multiple computers but with only
one Internet connection, they can share Internet connection
for other computers on the LAN with a proxy server.
To hide the IP address of the client computer so that it can
surf anonymous, this is mostly for security reasons. A proxy
server can act as an intermediary between the user's
computer and the Internet to prevent from attack and
unexpected access.
Use Proxy Server for IE
Click "Tools" -> "Internet Options" -> "Connections" -> "LAN
Settings" -> select "Use a proxy server for your LAN" -> "Advanced",
configure as bellow.
10. 10
Use Proxy server for Firefox
Click "Tools" -> "Options" -> "Advanced" -> "Network" -> "Connections" -
> "Settings" -> "Manual proxy configuration", configure as bellow.
11. 11
Use Proxy server for Chrome
Click "Tools" -> "Settings" -> "Advanced" -> "Network" -> select "Change
Proxy Settings" -> "Connection" -> "LAN Settings" -> Select "Use a proxy
server for your LAN" -> "Advanced", configure as below.
12. 12
12. Use TOR: The Tor
network is a group of
volunteer-operated servers
that allows people to improve
their privacy and security on
the Internet. Tor's users
employ this network by
connecting through a series of
virtual tunnels rather than
making a direct connection,
thus allowing both
organizations and individuals
to share information over
public networks without compromising their privacy. Along the same line,
Tor is an effective censorship circumvention tool, allowing its users to
reach otherwise blocked destinations or content. Tor can also be used as
a building block for software developers to create new communication
tools with built-in privacy features.
Individuals use Tor to keep websites from tracking them and their family
members, or to connect to news sites, instant messaging services, or the
like when these are blocked by their local Internet providers. Tor's hidden
services let users publish web sites and other services without needing to
reveal the location of the site. Individuals also use Tor for socially sensitive
communication: chat rooms and web forums for rape and abuse survivors,
or people with illnesses.
Journalists use Tor to communicate more safely with whistle-blowers and
dissidents. Non-governmental organizations (NGOs) use Tor to allow their
workers to connect to their home website while they're in a foreign country,
without notifying everybody nearby that they're working with that
organization.
13. 13
13. Don’t store password in
browser: Most recent versions
of web browsers prompt you to
save usernames and
passwords for various sites on
the internet.
This feature can be useful, but
can also put your money and
personal information at risk if
you are not careful.
Information Services and
Technology recommends that
you do not save passwords with
your browser for sites which
have:
Private information about
you or someone else (e.g.,
medical records);
Private financial
information (e.g., credit
card numbers);
Private correspondence
(e.g., email).
You put yourself at risk when you save passwords for these types of sites.
Below are instructions to disable the password saving feature, or to force
the browser to clear all currently saved passwords, on commonly used
browsers.
14. 14
To disable password saving in internet Explorer on Windows:
1. Internet Explorer
2. Select Tools > Internet options > Content.
3. Under “AutoComplete”, click Settings.
4. To stop password saving, uncheck Usernames and password
forms.
15. 15
To clear all existing saved usernames and passwords, click on Clear
Passwords, then click OK in the warning dialog box.
To disable password saving in Firefox
on Windows:
1. Open Firefox
2. Click on open menu
3. Under “Menu”, Click on
Options
16. 16
4. Select Privacy & Security
5. To stop password saving, uncheck Remember Logins and
passwords for websites
17. 17
To disable password saving in Chrome on Windows:
1. Open the Chrome menu using the button on the far right of the
browser toolbar.
2. Choose the Settings menu option.
18. 18
3. Click the advanced settings…located at the bottom of the
page.
4. In the “Passwords and forms” section, click the Manage
passwords.
5. In the Manage passwords Section. To stop password
saving, turn it off this option.
19. 19
To disable password saving in Safari on Mac OS:
1. Go to Safari Preferences.
2. Select the Autofill tab, and for AutoFill web forms toggle the
option for Usernames and passwords option.
3. Select the Password tab. make sure 'AutoFill usernames and
passwords' is unchecked and use the 'Remove All' to clear any
saved passwords there.
14. Cover Mic and
Camera with Tape: It is
certainly possible for
hackers to install malware
on computers that allow
them to turn on a
computer's camera and
record or take screenshots
of what is going on.
The threat of this can be
mitigated by taking
common security steps -
installing anti-virus
software, having a firewall,
and not clicking any suspicious links in emails.
For those using desktops, the best way to ensure that you're not being
watched is simply to unplug your webcam. For laptop users, this isn't an
option, so the approach of covering it up might be best. The Electronic
Frontier Foundation even sells a specially-designed sticker set for the
purpose.
Mac users are a little safer - a green light next to the webcam is designed
to activate any time the camera is being used, so you should be alerted
to any unsolicited recording. This isn't always the case, however.
20. 20
15. Most Importantly, Stay Informed: Stay
current with the latest developments for
Windows, MacOS Linux, and UNIX systems
and in various smartphone operating systems.
Regularly browse for security updates and
important issues concerning various operating
systems and applications.
Most importantly, you should keep an ongoing
conversation about internet safety and privacy
issues. Update your children on any online
scams you learn about and initiate discussions about cyberbullying,
predators, sexting and more. Remember, there is no better way to protect
your children from bad decisions that nurturing critical thinking and raising
awareness. For tips on talking to your kids about online safety.
In an increasingly security-conscious world, many of us know the basics
about phishing, strong password parameters, VPNs and benefits of
encryption. Why we sometimes choose to disregard those rules is another
question: the important thing is that we know them and we make informed
decisions, which is not always true when it comes to our children. Being
security-conscious cyber citizens is not enough anymore. We must protect
our children until we teach them the basics of online security.
21. 21
Chapter-2
Internet Surfing Tips
What is Internet Surfing or Browsing?
A browser is a program on your
computer that enables you to search
("surf") and retrieve information on
the World Wide Web (WWW), which
is part of the Internet. The Web is
simply a large number of computers
linked together in a global network
that can be accessed using an
address in the same way that you
can phone anyone in the world given
their telephone number.
The Internet can be a confusing and dangerous place. Without a safety
net, people can fall into the danger zones of pornography, predators,
many online scams, Internet viruses, and spyware. With such free access
to the Internet around the world, many have abused it as an opportunity
to take advantage of others.
But, there's no reason to fear the Internet. When used properly, with the
right precautions and the right information; the Internet educates,
positively influences, and provides a creative outlet for today's kids.
Below are some tips for Surfing Internet.
1. Use private browsing in
Firefox: As you browse the
web, Firefox remembers
lots of information for you -
like the sites you've visited.
There may be times,
however, when you don't
want people with access to
your computer to see this
information, such as when
shopping for a present.
Private Browsing allows
you to browse the Internet
without saving any information about which sites and pages
22. 22
you’ve visited. Private Browsing also includes Tracking
Protection, which prevents companies from tracking your
browsing history across multiple sites.
2. Check for green lock and HTTPS in
URL: HTTPS is a modification of the HTTP
(Hyper Text Transfer Protocol) standard
used to allow the exchange of content on the
Internet. The “S” stands for secure, which
means the HTTP connection is encrypted —
preventing exchanged information from
being read in plain text, or “as you see it.”
Even if someone were to somehow obtain the encrypted data shared in
the exchange, it would be nonsense with nearly no means of decryption
to retrieve the original content. Think of HTTPS as locking a door before
starting a meeting; only the parties in the room can see what is happening.
3. Keep your browser
Up to Date: The most
important reason to keep
your browser up-to-date
is for your own safety and
security, and that of your
computer. There are
many different sorts of
security threats that you
can be subject to when
you're browsing the web:
identity theft, phishing
sites, viruses, Trojans, spyware, adware, and other sorts of malware.
23. 23
Another reason to keep your
browser up-to-date is that
you won't necessarily be
getting the best browsing
experience otherwise. You
won't always know when
you see a web page that
isn't displaying properly – a
well-designed site degrades
gracefully so that you don't
suffer unnecessarily with an
old browser – but for the
most up-to-date functions and features, you will need to update your
browser regularly.
4. Think before you click on unknown links: When you’re online, don’t
click something unless you know it’s from someone or something that you
recognize. But there’s a reason that it’s important to repeat this. Clicking
unknown links is STILL one of the most common forms of security
breaches.
A common thing to be aware of is that some
scammers look at what information is available
about you online. If your email address, job title,
websites you like, etc. is online, and then there is
ample opportunity for a scammer to craft
something that is customized to get your attention.
Your social media leaves you somewhat vulnerable because of the
amount of information available online. But it’s more than just what you
share.
24. 24
5. Use NOscript add-on blocker plugins: NoScript
(or NoScript Security Suite) is a free software
extension for Mozilla Firefox, SeaMonkey, and other
Mozilla-based web browsers, created and actively
maintained by Giorgio Maone, an Italian software
developer and member of the Mozilla Security Group.
It allows executable web content based on JavaScript,
Java, Flash, Silverlight, and other plugins only if the
site hosting is considered trusted by its user and has
been previously added to a whitelist. It also offers specific
countermeasures against security exploits.
NoScript blocks JavaScript, Java, Flash, Silverlight, and other "active"
content by default in Firefox. This is based on the assumption that
malicious websites can use these technologies in harmful ways. Users
can allow active content to execute on trusted websites, by giving explicit
permission, on a temporary or a more permanent basis. If "Temporarily
allow" is selected, then scripts are enabled for that site until the browser
session is closed.
25. 25
6. Turn on do not track button: Do Not Track,
the feature in web browsers and web sites that
asks advertisers and data miners not to track
your browsing habits, is a relatively new
service. It's also typically an opt-out feature.
So, here's everywhere that you can enable Do
Not Track so advertisers can't snoop in on your
habits.
Essentially, ad and analytics companies watch what you do online, and
then tailor the web experience based on your history. That means targeted
ads, specific articles, and more. They typically do this through cookies in
your browser.
Enable Do Not Track in These Browsers:
Chrome: Head into the Settings page and click "Show advanced
settings." Scroll down to the Privacy section and select Do Not Track.
Mobile Chrome: Head into the Settings and then Privacy > Do Not Track.
26. 26
Firefox: Select Preferences > Privacy and check the box marked, "Tell
websites I do not want to be tracked."
Internet Explorer: Click the Tools button and then Internet Options >
Advanced. Select "Always send Do Not Track Header."
Safari: Head into Preferences > Privacy and check the box marked "Ask
website not to track me."
7. Erase your trail justdelete.me: Some Web sites make it difficult to
figure out how to delete your accounts. JustDelete.me can save you time
by providing direct links to the cancellation pages of numerous Internet
sites.
Web companies don't want you to close out your accounts with them,
which is understandable. If you leave, their revenue-earning potential
decreases. Some companies make the process of deleting your account
relatively easy, while others make it practically impossible or confusing.
Just Delete Me is a list of the most popular web apps and services with
links to delete your account from those services. Each one is color coded.
27. 27
Green is easy, yellow is medium, red is difficult, and black is impossible.
When you click on a service, you're automatically taken to the page where
you can delete your account so you don't have to go searching for it.
Likewise, you can snag the Chrome extension and be taken to the account
deletion page right from the URL bar when you're on a site, as well as get
up to date information about whether an account is easy to delete before
you sign up. If you want to keep track of your accounts and delete as many
as possible, this is a good place to start.
8. Use Sandboxie: Sandboxie uses isolation
technology to separate programs from your
underlying operating system preventing unwanted
changes from happening to your personal data,
programs and applications that rest safely on your
hard drive.
Web Browsing?
Secure your favourite web browser and block
malicious software, viruses, ransom-ware and zero
day threats by isolating such attacks in the Sandbox; leaving your system
protected.
Email
Run your favourite email program in Sandboxie so you never have to
worry about suspicious attachments or spear phishing attacks.
Data Protection
Sandboxie prevents internet websites and programs from modifying your
personal data (i.e. My Documents), files & folders on your system.
Application Testing
Safely test and try new programs and applications within Sandboxie and
prevent unauthorized changes to your underlying system that may occur.
28. 28
9. Use DuckDuckGo Search Engine: DuckDuckGo (DDG) is an Internet
search engine that emphasizes protecting searchers' privacy and avoiding
the filter bubble of personalized search results. DuckDuckGo
distinguishes itself from other search engines by not profiling its users and
by deliberately showing all users the same search results for a given
search term. DuckDuckGo emphasizes returning the best results, rather
than the most results, and generates those results from over 400
individual sources, including key crowdsourced sites such as Wikipedia,
and other search engines like Bing, Yahoo!, Yandex, and Yummly.
DuckDuckGo positions itself as a search engine that puts privacy first and
as such it does not store IP addresses, does not log user information and
uses cookies only when needed. By default, DuckDuckGo does not collect
or share personal information.
10. Use Disconnect Search Engine: Disconnect Search already makes
your searches—no matter what engine you choose, whether it's Google,
Bing, Yahoo, or even the already-private DuckDuckGo—completely
private and untraceable. Searches are routed through Disconnect and
29. 29
Anonymized, so they appear to come from Disconnect instead of a
specific user. Plus, those queries are encrypted, so ISPs (or anyone riding
their lines) can't see what you're looking for. Disconnect also never logs
keywords, IP addresses, or other personally identifiable information. Each
search is just as anonymous as the first one.
The service has been available in the form of a browser extension and an
Android app up to this point, but if you don't want to install anything (or
can't, because you're at work), you can head right over to their website to
search directly. Hit the link below to give it a try.
https://search.disconnect.me/
11. Lukol: Lukol uses a proxy server to deliver customized search results
from Google using its enhanced custom search yet conserves your
privacy by removing traceable entities. Lukol is considered as one of the
best private search engines that protects from online fraudsters and keeps
the spammers away by safeguarding you from misleading or inappropriate
sites. It ensures full anonymity of your searches.
https://www.lukol.com/
30. 30
12. Use lightbeam: Lightbeam is a Firefox add-on that enables you to
see the first and third party sites you interact with on the Web. Using
interactive visualizations, Lightbeam shows you the relationships between
these third parties and the sites you visit.
31. 31
13. Use TOR for no Digital Trace: Another way to go anonymous, when
you are browsing is to install the TOR browser. This one comes is based
on too many VPN-style features that make your Internet activity to bounce
around different parts of the world, making it a lot tougher for both the
government and companies to find. When you are using this, you should
not share your personal credentials at all.
14. Use uBlock Origin add-on for ad blocker:
uBlock Origin is a free and open source, cross-
platform browser extension for content-filtering,
including ad-blocking. The extension is
available for several browsers: Safari (Beta),
Chrome, Chromium, Edge, Firefox, and Opera.
uBlock Origin has received praise from
technology websites, and is reported to be much
less memory-intensive than other extensions with similar functionality.
uBlock Origin's stated purpose is to give users the means to enforce their
own (content-filtering) choices.
32. 32
15. Panopticlick: Panopticlick is a research project designed to better
uncover the tools and techniques of online trackers and test the efficacy
of privacy add-ons.
When you visit a website, you are allowing that site to access a lot of
information about your computer's configuration. Combined, this
information can create a kind of fingerprint — a signature that could be
used to identify you and your computer. Some companies use this
technology to try to identify individual computers.
33. 33
16. Use VirusTotal Website: VirusTotal, a subsidiary of Google, is a free
online service that analyzes files and URLs enabling the identification of
viruses, worms, trojans and other kinds of malicious content detected by
antivirus engines and website scanners. At the same time, it may be used
as a means to detect false positives, i.e. innocuous resources detected as
malicious by one or more scanners.
VirusTotal’s mission is to help in improving the antivirus and security
industry and make the internet a safer place through the development of
free tools and services.
https://www.virustotal.com/#/home/upload
34. 34
Chapter-3
Introduction To Mobile Security
Mobile Security is also known as
Mobile Device Security has become
increasingly important. According to
ABI Research number of unique
mobile threats grew by 261% in last
two quarters of 2012.There are
mainly three targets of an attacker
Data, Identity and Availability. Threats to mobile device include Botnets,
Malicious Applications, Malicious links on social networks, Spywares etc.
1. Lock your screen set passwords and user privileges: The best way
to protect your phone is setting up a screen lock. Screen lock won’t allow
an attacker to access your phone. You can set a screen lock in many
different ways such as setting screen lock using Password, PIN, Pattern,
Face Detection, Fingerprint etc. A user privilege is a right to execute a
particular type of SQL statement, or a right to access another user's
object. The types of privileges are defined by Oracle. Roles, on the other
hand, are created by users (usually administrators) and are used to group
together privileges or other roles.
35. 35
Step 1: Open the Settings
Step 2: Go to Security & Fingerprint
36. 36
Step 3: Choose Screen lock and set the password
2. Use Secured Network: It’s good
to be extra careful whenever you go
online using a network you don’t
know or trust – like using the free
Wi-Fi at your local cafe. The service
provider can monitor all traffic on
their network, which could include
your personal information. If you are
using a service that encrypts your
connection to the web service, it can make it much more difficult for
someone to snoop on your activity. When you connect through a public
Wi-Fi network, anyone in the vicinity can
monitor the information passing between
your device and the Wi-Fi hotspot if your
connection is not encrypted. Avoid doing
important activities like banking or shopping
over public networks. If you use Wi-Fi at
home, you should make sure you use a
password to secure your router by using
37. 37
strong password and avoid using default password. Using default
password may become an advantage for an attacker, they can change
your settings and snoop on your online activity. There are two main types
of encryption WPA (Wi-Fi Protected Access) and WEP (Wired Equivalent
Privacy).Your computer, router, and other equipment must use the same
encryption. WPA2 is strongest; use it if you have a choice. It should protect
you against most hackers. Some older routers use only WEP encryption,
which likely won’t protect you from some common hacking programs.
Consider buying a new router with WPA2 capability.
3. Use Anti-virus Software: Antivirus or anti-virus software (often
abbreviated as AV), sometimes known as anti-malware software, is
computer software used to prevent,
detect and remove malicious
software. Antivirus software was
originally developed to detect and
remove computer viruses. Antivirus
software is program that help to
protect your computer against most
viruses, worms, Trojan horses, and other unwanted invaders that can
make your computer "sick." Viruses, worms etc. performs malicious acts,
such as deleting files, accessing personal data, or using your computer to
attack other computers. For avoiding such malicious activities and to keep
your computer healthy, install Antivirus. It is important to constantly update
the anti-virus software on a computer because computers are regularly
threatened by new viruses. The anti-virus updates contain the latest files
needed to combat new viruses and protect your computer. These updates
are generally available through your subscription. Viruses can be
prevented by taking sensible precautions, including:
Keeping your operating system up to date
Using up to date anti-virus software
Not opening an email attachment unless you are expecting it and
know the source (many email servers scan emails with anti-virus
software on the user's behalf)
Back up your computer
Use a strong password
Use a firewall
Use a pop-up blocker
Scan your system weekly
38. 38
4. Update your Mobile OS: Updating mobile’s OS is necessary because
it keeps your mobile free from the viruses. If one will not update its
mobile’s operating system regularly he/she needs to face the
repercussions and the repercussions may lead to the loss of sensitive
data. Before you proceed, be sure to backup all of your data, just in case
something goes wrong with the update. You should be backing up your
information regularly. There is a multitude of backup apps available out
there from carriers, manufacturers, and third parties, download and use it
(Verify before using third party applications). Download and use How to
update your mobile’s Operating System:
Step 1: Go to Settings
40. 40
Rooting is always an option - If you want the latest OS as soon as it's
available, you can always choose to root your phone, which enables you
to access updates when you want them. That's just one of the many
benefits of rooting your Android device. You'll also be able to access
features not yet available to unrooted Android smartphones and tablets,
and you'll have more control over your device to boot.
Steps for rooting – (Rooting may lead to some disadvantages)
Step 1: Free download KingoRoot.apk.
Step 2: Install KingoRoot.apk on your device.
Step 3: Launch "Kingo ROOT" app and start rooting.
Step 4: Waiting for a few seconds till the result screen appear.
Step 5: Succeeded or Failed.
41. 41
5. Use Lock Code Apps and Vaults : Use of lock codes and vaults is
mainly for the applications that you have downloaded on your device. Lock
codes and vaults can help you in securing your apps by some code or
password. It is as same as putting PIN, Pattern or Password on your
device, you can download Vaults or Lock Code Apps from the PlayStore.
Using Lock Code Apps or Vaults will help you in maintaining confidentiality
of your personal information. According to survey 60% of the total
population doesn’t use Lock Code Apps or Vaults and hence results to the
personal information expose. How to download Lock Code Apps and
Vaults:
Step 1: Go to PlayStore
Step 2: Search for the App Locks
43. 43
6. Use Kids/Guest modes: Guest mode is one of many new features of
the new version of Android Lollipop 5.0 it mainly add two accounts first for
the User and second for the Guest (unknown user). These new feature
Guest Mode, which lets you hand your phone over to someone else
without giving them access to any of your data. How to enable guest
mode:
Step 1: Go to Settings -> User
Step 2: Click on Guest or Add user
44. 44
7. Set up SIM Lock: A SIM lock, simlock, network lock, carrier lock or
(master) subsidy lock is a technical restriction built into GSM (Global
System for Mobile) and CDMA (Code Division Multiple Access) mobile
phones by mobile phone manufacturers for use by service providers to
restrict the use of these phones to specific countries and/or networks. Lock
your SIM card with a PIN (personal identification number) to require an
identification code for phone calls and cellular-data usage. The wrong
guess can permanently lock your SIM card, which means that you would
need a new SIM card. SIM lock requires your lock screen PIN, pattern,
password, or fingerprint and SIM card to be in place before the phone can
be unlocked. Now, a few things you should be aware of before setting up
SIM Lock. First off, you’ll need to know your carrier’s default unlock code.
For many, this is just 1111, but be aware: if you enter this incorrectly three
times, it will render your SIM useless (that’s part of the security of it, after
all). You can start by trying 1111, but if that doesn’t work on the first try,
you’ll probably need to contact your carrier to get the default code. How
to set up SIM lock:
45. 45
Step 1: Go to Settings
Step 2: Search for SIM Lock
47. 47
8. Keep Sensitive Files of your Phone on Cloud Storage: Cloud
Storage is a service where data is
remotely maintained, managed, and
backed up. The service allows the
users to store files online, so that
they can access them from any
location via the Internet. Instead of
storing information to your
computer's hard drive or other local
storage device, you save it to a
remote database. The Internet provides the connection between your
computer and the database. On the surface, cloud storage has several
advantages over traditional data storage. Users can scale services to fit
their needs, customize applications, and access cloud services from
anywhere with an Internet connection. Enterprise users can get
applications to market quickly without worrying about underlying
infrastructure costs or maintenance. Data security is a major concern, and
although options are currently limited, they exist. The most secure is likely
however, the biggest cause of concern for Cloud storage isn't hacked
data.
9. Do not install random apps from unknown sources: Installing
applications from unknown sources may harm your device. Unknown
apps can come with Viruses, Trojans, Spyware, Adware etc. which can
harm your device in different ways. In all devices there is an option of
enabling the Unknown source which will not allow any random
applications to be downloaded on your device. How to enable Unknown
source option:
Step 1: Go to settings
49. 49
Step 3: Open Security and enable the Unknown Source option
10. Disallow any unwanted permissions on the apps which don’t
require them to run on android device manager for remote swipe and
track location: Do you actually read the list of permissions that Android
apps are asking for before
you install them?
I know most of us treat those
permissions like terms and
conditions, blindly tapping our
way through. But if you
actually do, you would be
aware of their reach. Some of
your apps can make phone
calls. Some can track your
location. Some can read your browsing history, contacts, SMS, photos,
50. 50
calendar. No doubt, Google’s Android mobile operating system has a
powerful app permission system that forces app developers to mention
the exact permissions they require. But there is a major issue for Android
users, by default it is a Take-it-or-Leave-it situation, which means you can
choose to install the app, granting all those permissions or simply, not
install it. Controlling these permissions as a user is possible, and there are
apps that make it easier for you to control each single permission you
grant to an app. You can first install an app like Permission Explorer that
allows you to filter apps and permissions by categories, giving you a much
more detail about the permissions you granted to the app. You can also
try similar apps like Permissions Observatory and App Permissions as
well. These apps will help you know if there are any apps with problematic
permissions that need to be revoked or perhaps even uninstalled
completely. Once you have found some offending apps with unnecessary
app permissions, it is time to revoke those permissions. One of the
popular apps is App Ops that allows you to block permissions to individual
apps.
11. Turn off your Wi-Fi, Bluetooth and NFC if you are not using it: The
ornate N is there to let you know that your phone currently has NFC
switched on. NFC, or Near Field Communication, is a technology that
allows devices to exchange information simply by placing them next to
one another. You may well have already encountered NFC if you’ve paid
for public transport with an Oyster card, or used the new tap-to-pay feature
with your bank card to buy something. Smartphones use NFC to pass
photos, contacts, or any other data you specify between NFC enabled
handsets. It is also the method used by Android Pay and Samsung Pay.
How to turn-off NFC:
51. 51
You intuitively know why you should bolt your doors when you leave the
house and add some sort of authentication for your smartphone. But there
are lots of digital entrances that you leave open all the time, such as Wi-
Fi and your cell connection. It's a calculated risk, and the benefits
generally make it worthwhile. That calculus changes with Bluetooth.
Whenever you don't absolutely need it, you should go ahead and turn it
off. Minimizing your Bluetooth usage minimizes your exposure to very real
vulnerabilities. That includes an attack called BlueBorne, which would
allow any affected device with Bluetooth turned on to be attacked through
a series of vulnerabilities. The flaws aren't in the Bluetooth standard itself,
but in its implementation in all sorts of software. Windows, Android, Linux,
and iOS have been vulnerable to BlueBorne in the past. Millions could still
be at risk.
12. CM Security Application: This is the security application available
on the PlayStore and it is very useful. It is excellent in call blocking and
VPN services and it also has nice visuals. Steps for CM security
application:
52. 52
Step 1: Download the CM Security & Find My Phone App
Head on over to the Play Store and download CM Security. Once the app
has downloaded, open up the app and tap ‘Scan,’ which is located in the
middle of the screen. CM Security will then scan all of the apps on your
device to detect any viruses, Trojans, vulnerabilities, adware and
spyware.
Step 2: Scan SD Card
By tapping on the ellipsis on the top right-hand corner, you can tap on
‘Scan SD Card.’ CM Security will then scan the external SD cards to
detect any threats, and will alert you if any threats are detected.
Step 3: Clean Up Junk
You can clean up junk on your Android phone or tablet by tapping on the
ellipsis on the top right-hand corner and tapping on ‘Clean Up Junk.’ You
53. 53
will then see what apps are taking up the most storage on your Android
phone or tablet. Simply check the apps that you want to cache the junk
and tap ‘Solve.’
Step 4: Boost Memory
After you cleaned up the junk on your Android phone or tablet, you can
then remove apps that are taking up space to boost the memory on your
device. Just check the apps you want to remove and tap ‘Boost’ on the
bottom of the screen. You can also enable ‘game boost’ to make sure the
games on your device run smoothly.
Step 5: Find Your Phone & Prevent Unwanted Phone Calls
One of CM Security’s best features is that you can locate your Android
phone.
You can either go to the ellipsis in the top right-hand corner or tap on ‘Find
Phone,’ or you can visit https://findphone.cmcm.com. You will need to
logon to the website with your email address. CM Security will ask you to
set a CM Security password and you will be able to locate your phone on
a map. By tapping on ‘Yell,’ you can make the device yell to find it. The
‘Yell’ button will make your device play a loud sound for 60 seconds, even
if your device is set to silent. You can also lock your device to protect your
privacy. If anyone tries to break into your phone and enters the incorrect
password 3 or more times, the app will take a picture of the infiltrator. CM
Security allows you to block unwanted phone calls. You can block
unwanted phone calls by tapping tapping ‘Call Blocking.’ CM Security will
then block all unwanted calls in your blocking blacklist.
Step 6: Schedule Routine Scanning
To schedule a routine automatic scan, go to the ellipsis in the right-hand
corner and tap on ‘Scheduled scan.’ You can then select if you want to
do a routine automatic scan once a day, once a week or once a month.
54. 54
Chapter-4
Password Protection
Most people don’t realize there
are a number of common
techniques used to crack
passwords and plenty more ways
we make our accounts vulnerable
due to simple and widely used
passwords.
How to get hacked?
Dictionary attacks: Avoid consecutive keyboard combinations— such as
QWERTY or asdfg. Don’t use dictionary words, slang terms, common
misspellings, or words spelled backward. These cracks rely on software
that automatically plugs common words into password fields. Password
cracking becomes almost effortless with a tool like John the Ripper or
similar programs.
Cracking security questions: Many people use first names as
passwords, usually the names of spouses, kids, other relatives, or pets,
all of which can be deduced with a little research. When you click the
“forgot password” link within a webmail service or other site, you’re asked
to answer a question or series of questions. The answers can often be
found on your social media profile. This is how Sarah Palin’s Yahoo
account was hacked.
Simple passwords: Don’t use personal information such as your name,
age, birth date, child’s name, pet’s name, or favourite color/song, etc.
When 32 million passwords were exposed in a breach last year, almost
1% of victims were using “123456.” The next most popular password was
“12345.” Other common choices are “111111,” “princess,” “qwerty,” and
“abc123.”
Reuse of passwords across multiple sites: Reusing passwords for
email, banking, and social media accounts can lead to identity theft. Two
recent breaches revealed a password reuse rate of 31% among victims.
55. 55
Social engineering: Social engineering is an elaborate type of lying. An
alternative to traditional hacking, it is the act of manipulating others into
performing certain actions or divulging confidential information.
How to make them secure
1. Make sure you use
different passwords for each
of your accounts.
2. Be sure no one watches
when you enter your
password.
3. Always log off if you
leave your device and
anyone is around—it only
takes a moment for
someone to steal or change
the password.
4. Use comprehensive security software and keep it up to date to
avoid key loggers (keystroke loggers) and other malware.
5. Avoid entering passwords on computers you don’t control (like
computers at an Internet café or library)—they may have malware that
steals your passwords.
6. Avoid entering passwords when using unsecured Wi-Fi connections
(like at the airport or coffee shop)—hackers can intercept your
passwords and data over this unsecured connection.
7. Don’t tell anyone your password. Your trusted friend now might not
be your friend in the future. Keep your passwords safe by keeping them
to yourself.
8. Depending on the sensitivity of the information being protected, you
should change your passwords periodically, and avoid reusing a
password for at least one year.
9. Do use at least eight characters of lowercase and uppercase letters,
numbers, and symbols in your password. Remember, the more the
merrier.
10. Strong passwords are easy to remember but hard to
guess. Iam:)2b29! — This has 10 characters and says “I am happy to
be 29!” I wish.
11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow
that on the keyboard. It’s a V. The letter V starting with any of the top
keys. To change these periodically, you can slide them across the
keyboard. Use W if you are feeling all crazy.
56. 56
12. Have fun with known short codes or sentences or phrases. 2B-or-
Not_2b? —This one says “To be or not to be?”
13. It’s okay to write down your passwords, just keep them away from
your computer and mixed in with other numbers and letters so it’s not
apparent that it’s a password.
14. You can also write a “tip sheet” which will give you a clue to remember
your password, but doesn’t actually contain your password on it. For
example, in the example above, your “tip sheet” might read “To be, or not
to be?”
15. Check your password strength. If the site you are signing up for offers
a password strength analyser, pay attention to it and heed its advice.
1. Don’t fill out your social media profile: The more information you
share online, the easier it’s going to be for someone to get their
hands on it. Don’t cooperate. Take a look at your social media
profiles and keep them barren—the people who need to know your
birth date, email address and phone number already have them.
And what exactly is the point of sharing everything about yourself
in your Facebook profile? If you care about your privacy, you won’t
do it.
Think twice about sharing your social security number with anyone,
unless it’s your bank, a credit bureau, a company that wants to do
a background check on you or some other entity that has to report
to the IRS. If someone gets their hands on it and has information
such your birth date and address they can steal your identity and
take out credit cards and pile up other debt in your name.
57. 57
Even the last four digits of your social security number should only
be used when necessary. The last four are often used by banks
and other institutions to reset your password for access your
account. Plus, if someone has the last four digits and your birth
place, it’s a lot easier to guess the entire number. That’s because
the first three are determined by where you, or your parents, applied
for your SSN. And the second set of two are the group number,
which is assigned to all numbers given out at a certain time in your
geographic area. So a determined identity thief with some
computing power could hack it given time.
2. Lock down your hardware: Set up your PC to require a password
when it wakes
from sleep or
boots up. Sure,
you may trust the
people who live
in your house,
but what if your
laptop is stolen or
you lose it?
Same thing with
your mobile
devices. Not only
should you use a
passcode to access them every time you use them, install an app
that will locate your phone or tablet if it’s lost or stolen, as well as
lock it or wipe it clean of any data so a stranger can’t get access to
the treasure trove of data saved on it.
And, make sure your computers and mobile devices are loaded with
anti-malware apps and software. They can prevent prevent
criminals from stealing your data. We recommend Norton Internet
Security ($49.99 on norton.com or $17.99 on Amazon) in
our computer security buying guide or stepping up to Norton 360
Multi-Device ($59.99 on norton.com or $49.99 on Amazon) if you
have mobile devices. And, you’ll want to double up your protection
on Android devices by installing, since we found anti-malware apps
are dismal at detecting spyware.
58. 58
3. Use a password vault that generates and remembers strong
and unique passwords: Most people know better than to use the
same password for more than one website or application. In reality,
it can be impossible to remember a different one for the dozens of
online services you use. The problem with using the same
password in more than one place is if someone gets their hands on
your password—say, through a phishing attack—they can access
all your accounts and cause all sorts of trouble. To eliminate this
dilemma, use a password manager that will not only remember all
your passwords, but will generate super strong and unique ones
and automatically fill them into login fields with the click of a button.
LastPass is an excellent and free choice.
4. Use two-factor authentication: You can lock
down your Facebook, Google, Dropbox, Apple
ID, Microsoft, Twitter and other accounts with
two-factor authentication. That means that when
you log in, you’ll also need to enter a special
code that the site texts to your phone. Some
services require it each time you log in, other just
when you’re using a new device or web browser.
The Electronic Frontier Foundation has a great
overview of what’s available.
Two-factor authentication works beautifully for
keeping others from accessing your accounts,
although some people feel it’s too time
59. 59
consuming. But if you’re serious about privacy, you’ll put up with the
friction.
5. Lie when setting up password security questions: “What is your
mother’s maiden name?” or “In what city were you born?” are
common questions websites often ask you to answer so as to
supposedly keep your account safe from intruders. In
reality, there’s nothing secure about such generic queries. That’s
because someone who wants access to your account could easily
do some Internet research to dig up the answers.
Not sure you can remember your lies? You can create “accounts” in
your password manager just for this purpose. Do you know any
other good privacy tips? Let us know in the comments below!
60. 60
Chapter-5
Email and Chatting tips
Use encrypted emails like Proton mail
ProtonMail is an encrypted email service that takes a radically different
approach to email security. Find out how ProtonMail security compares to
Gmail security.
ProtonMail became the world’s first email service to protect data with end-
to-end encryption, and today is the world’s most popular secure email
service with millions of users worldwide. ProtonMail’s technology is often
misunderstood by tech writers (and sometimes incorrectly represented in
the press), so this article aims to provide a clear description of how
ProtonMail’s technology is different from Gmail, and what makes
ProtonMail more secure.
Make a separate account for subscriptions
Recommendation: When creating multiple New Relic accounts, use the
same license key for applications on the same host. This enables those
applications to be linked together in New Relic.
To create additional accounts with the same email address:
1. Use the same email address and password to sign up for one or more
accounts.
61. 61
2. Create a separate account for each
subscription level you want to use.
3. Configure your mission-critical hosts to
use the master account's license key.
4. Use license keys from your inexpensive
or free accounts for your remaining
hosts.
Use encrypted P2P chatting app like “Signal”
Open Whisper Systems' Signal is
probably the best-known
messaging app for mobile users
concerned about their privacy. It is
a free app that provides messaging
and voice-call services - and
everything is completely end-to-end
encrypted. You can send text
messages to individuals and
groups, place calls, share media
and other attachments to your
phone contacts, and more.
Read all the permission that third party application want to access
in your E-mail account.
Many third-party productivity apps
that might be installed by business
users in your organization request
permission to access user
information and data and sign in on
behalf of the user in other cloud
apps, such as Office 365, G Suite
and Salesforce. When users install
these apps, they often click accept
62. 62
without closely reviewing the details in the prompt, including granting
permissions to the app. This problem is compounded by the fact that IT
may not have enough insight to weigh the security risk of an application
against the productivity benefit that it provides. Because accepting third-
party app permissions is a potential security risk to your organization,
monitoring the app permissions your users grant gives you the necessary
visibility and control to protect your users and your applications.
Remove access of third party application from your accounts.
When you use an application or web
service that requires access to an
account — for example, anything in
your Google account, files in your
Dropbox account, tweets on Twitter,
and so on — that application
generally doesn’t ask for the
service’s password. Instead, the
application requests access using
something called OAuth. If you agree
to the prompt, that app gets access
to your account. The account’s
website provides the service with a token it can use to access your
account. This is more secure than just giving the third-party
application your password because you get to keep your password. It’s
also possible to restrict access to specific data — for example, you might
authorize a service to access your Gmail account but not you’re files in
Google Drive or other data in your Google account.
63. 63
Delete unused account - search for "confirm your email"
After the recent Heartbleed bug scare, some of you may want to go and
delete those dormant accounts you never use any more. For a quick way
to find such sites you
signed up on, go to your
inbox and search for the
term: "Confirm your email.
"When something like
the Heartbleed security
bug hits millions of people,
our standard advice is to
change your passwords
across all the affected
services. With Heartbleed,
the list was so large that it
was advisable to go back to every account you have signed up at. And if
many of them are unused, it kind of makes sense to just delete them in
case some other security flaw in the future compromises you. If you are
lucky, you use Lastpass to manage all your accounts and you can just
delete everything from that list. But if that's not the case, chances are, you
have used one or two email accounts to sign up at all these web sites over
the years. Searching for "confirm your email" (first with the quotes, then
without) in your inbox gives you a list of most of these websites, after
which it's a matter of going there and deleting your account. The trick is
similar to, and inspired by, searching for "unsubscribe" to purge
newsletters in your email.
64. 64
Be conscious of what information you reveal
Historically, most research on the nature of consciousness. the most
puzzling phenomenon in nature has focused on visual perception. This
perception-based research has led to great insights regarding the nature
of conscious processing. One of these insights is that conscious
processing involves a kind of integration across neural systems and
information-processing structures that is not achievable by unconscious
processes. This is known as the integration consensus. When
process X occurs consciously, it activates a wide network of regions that
is not activated when that same process occurs unconsciously.
2FA
An extra layer of security that is known as "multi factor
authentication"
In today's world of increasing digital crime and
internet fraud many people will be highly
familiar with the importance of online security,
logins, usernames and passwords but if you
ask them the question "What is Two Factor
Authentication?" the likelihood is they will not
know what it is or how it works, even though
they may use it every single day.
With standard security procedures (especially online) only requiring a
simple username and password it has become increasingly easy for
criminals (either in organised gangs or working alone) to gain access to a
user's private data such as personal and financial details and then use
that information to commit fraudulent acts, generally of a financial nature.
Mailvelope
Mailvelope is a free and open source browser extension that allows you
to send and receive encrypted email text and attachments when using
webmail services. It relies on the same form of public key encryption as
GnuPG and PGP. Mailvelope is a browser extension that allows you to
encrypt, decrypt, sign and authenticate email messages and files using
65. 65
OpenPGP. It works with
webmail and does not
require you to download
or install additional
software. While
Mailvelope lacks many of
the features provided by
Thunderbird, Enigmail
and GnuPG, it is probably
the easiest way for
webmail users to begin taking advantage of end-to-end encryption.
Guerrilla Mail
Guerrilla Mail gives you a
disposable email address.
There is no need to register,
simply visit Guerrilla Mail
and a random address will
be given. You can also
choose your own address.
You can give your email
address to whoever you do
not trust. You can view the
email on Guerrilla Mail, click
on any confirmation link,
and then delete it. Any
future spam sent to the disposable email will be zapped by Guerrilla Mail,
never reaching your mail box, keeping your mail box safe and clean.
Zoho mail: Zoho Mail is an amazing email platform
that offers a mixture of ad-free, clean, minimalist
interface and powerful features that are geared for
business and professional use.
Experience a fast, clean, Webmail that has powerful
features matching or even superior to those you will
find in desktop email clients. Immediately control of
your inbox and get the freedom you need from tedious software upgrades.
Zoho Mail suite has Zoho Docs. This means your team can create,
collaborate, and edit text, presentation as well as spreadsheet documents
66. 66
with the help of the most sophisticated online editors. You will experience
faster work and better productivity with your online office.
iCloud mail
If you have an Apple ID, then you have an
iCloud email account. This free account gives
you up to 5GB storage for your emails, minus
what you use for documents and other data you
store in the cloud. It’s easy to work with your
iCloud email from Apple’s Mail, on the Mac, or
on an iOS device. Still, you may not know about
the many extra options and features available if
you log into iCloud on the Web.
Before you can take advantage of any of the
following tips, you need to turn on iCloud. If you already have an Apple
ID, which you use on the iTunes store, you may never have set up iCloud.
Sigiant
SIGAINT was a Tor hidden service offering secure email services.
According to its FAQ page, its web interface
used SquirrelMail which does not rely on JavaScript.
Passwords couldn't be recovered. Users received two
addresses per inbox: one at sigaint.org for
receiving clearnet emails and the other at
its .onion address only for receiving emails sent from
other Tor-enabled email services. Free accounts had 50
MB of storage space and expired after one year of
inactivity. Upgraded accounts had access
to POP3, IMAP, SMTP, larger size limits, full disk
encryption, and never expired.
The service was recommended by various security
specialists as a highly secure email service.
67. 67
Mail2Tor
Mail2Tor is a Tor Hidden Service that allows anyone to send and receive
emails anonymously.
It is produced independently from The Tor Project.
For more information, or to signup for your free @mail2tor.com account
(webmail, smtp, pop3 and imap access)
Please visit our tor hidden service at http://mail2tor2zyjdctd.onion
You will need to have Tor software installed on your computer to securely
access Mail2Tor hidden service
Mail2Tor consists of several servers, a Tor hidden service, and an
incoming and outgoing internet facing mail servers. These internet facing
mail servers are relays. They relay mails in and out of the Tor network.
The relays are anonymous and not tracable to us.
The only thing stored on the hard drive of those servers is the mail server,
and the Tor software.
No emails or logs or anything important are stored on those servers, thus
it doesn't matter if they are seized or shut down.
We are prepared to quickly replace any relay that is taken offline for any
reason.
The Mail2Tor hidden service and SMTP/IMAP/POP3 are on a hidden
server completely separate from the relays.
The relays do not know (and do not need to know) the IP of the hidden
service.
Because the communications between the relays and the "dark server"
occur through the tor network, without using traditional internet protocols
(ip).
68. 68
This hidden server is not one of the Tor network nodes/public servers,
whose IPs are known.
It is a private server that does not route traffic for tor users, but it is devoted
exclusively to exchange data with Mail2Tor relays.
The entire contents of the relays are immediately deleted and it is not
possible to "sniff" data because transmitted in encrypted way.
SAFe-mail
SAFe-mail is a highly secure communication,
storage, sharing and distribution system for the
Internet. It provides email, instant messaging,
data distribution, data storage and file sharing
tools in a suite of applications that enable
businesses and individuals to communicate
and store data with privacy and confidence.
Every application is secured by state-of-the-art
encryption ensuring the highest level protection
and privacy to users. Within the overall system as with each application,
security is not an add-on feature but has been designed in to the
fundamental architecture of the system.
Safe-mail is provided as a hosted facility and offers the following services:
PrivateMail - a single account that brings together the best in email
messaging for the individual user and provides a very secure online
storage place for important documents and data. Register for a free
account and you get 3MB of disk space to test drive the system.
Then upgrade to a larger account through the StoragePlus program
published under Premium Services.
BusinessMail - the perfect secure communication system for your
organization. Create and manage multiple email addresses under
your own domain and bring your staff and customers together in one
secure private community.
69. 69
Spam Gourmet
SpamGourmet (free) has some interesting
innovations, but it also has limitations on
how many messages each address will be
able to accept. There are two modes, No-
brainer and Advanced. In the former, you
get a user name and then you can give out
self-destructing addresses in the form
whatever.n.username@spamgourmet.com, where whatever is
some word you choose and is the number of messages (up to 20)
that you can receive at that address until it self-destructs—after
which messages will return errors.
For example, crazylegs.4.larryseltzer@spamgourmet.com will be
able to receive four messages, and then senders will get error
messages. The problem is, anyone can send you a message using
a disposable account that you did not create: for example,
IAMSPAM.20.larryseltzer@spamgourmet.com.
Enigmail
Enigmail is a seamlessly
integrated security add-on
for Mozilla Thunderbird. It allows
you to use OpenPGP to encrypt
and digitally sign your emails and
to decrypt and verify messages
you receive.
Enigmail is free software. It can
be freely used, modified and
distributed under the terms of the Mozilla Public License. Sending
unencrypted emails is like sending post cards – anyone and any system
that process your mails can read its content. If you encrypt your emails,
you put your message into an envelope that only the recipient of the email
can open.
70. 70
Thunderbird
Thunderbird is an email, newsgroup, news
feed, and chat (XMPP, IRC, Twitter) client. The
vanilla version was not originally a personal
information manager (PIM), although the
Mozilla Lightning extension, which is now
installed by default, adds PIM functionality.
Additional features, if needed, are often
available via other extensions.
Thunderbird can manage multiple email,
newsgroup, and news feed accounts and
supports multiple identities within accounts.
Features such as quick search, saved search folders ("virtual folders"),
advanced message filtering, message grouping, and labels help manage
and find messages. On Linux-based systems, system mail (movemail)
accounts are supported. Thunderbird provides basic support for system-
specific new email notifications and can be extended with advanced
notification support using an add-on.
Thunderbird incorporates a Bayesian spam filter, a whitelist based on the
included address book, and can also understand classifications by server-
based filters such as SpamAssassin.
maskme addon
Now you never have to give out
your personal information online
again. MaskMe creates
disposable email addresses,
phone numbers, and credit cards,
so you can enjoy all the web has
to offer without surrendering your
personal data in exchange.
The Details:
- Every time you sign up for a
site or shop the web, MaskMe will be by your side.
-Choose to Mask your email address, phone number, or credit card, using
unique, disposable info that MaskMe creates and autofills on the spot. It
works instantly, every time, everywhere.
71. 71
- Ensures you never miss important communication, but also puts you in
control so you can stop spammers, telemarketers, and hackers in one
click.
- Convenient, fast, & easy-to-use.
ghostery addon to block ads
Ghostery is the first browser
extension that makes your
web browsing experience
faster, cleaner and safer by
detecting and blocking
thousands of third-party data-
tracking technologies –
putting control of their own
data back into consumers’
hands. Launched in 2009,
Ghostery has more than
seven million monthly active
users who access the tool via
the free apps or browser extensions. With its intuitive user interface,
Ghostery enables average internet users to protect their privacy by
default, while expert users benefit from a broad set of features and
settings. The Ghostery apps and browser extensions are developed and
operated by Ghostery, Inc. The company is headquartered in New York
and is a fully-owned subsidiary of Cliqz GmbH. Cliqz is a German search,
browser and data protection technology company backed by Mozilla and
Hubert Burda Media. Neither Cliqz nor Ghostery share any data
aboutindividual users with third parties.
72. 72
Telegram
Telegram is a non-profit cloud-based instant
messaging service. Telegram client apps exist
for Android, iOS, Windows Phone, Windows
NT, MacOS and Linux. Users can send
messages and exchange photos, videos,
stickers, audio and files of any type.
Telegram was founded by
the Russian entrepreneur Pavel Durov. Its client-side code is open-
source software but the source code for recent versions is not always
immediately published, whereas its server-side code is closed-source and
proprietary. The service also provides APIs to independent developers. In
February 2016, Telegram stated that it had 100 million monthly active
users, sending 15 billion messages per day. According to its CEO, as of
April 2017, Telegram has more than 50% annual growth rate.
Telegram's security model has received notable criticism by cryptography
experts. They have argued that it is undermined by its use of a custom-
designed encryption protocol that has not been proven reliable and
secure, by storing all messages on their servers by default and by not
enabling end-to-end encryption for messages by default. Pavel Durov has
argued that this is because it helps to avoid third-party unsecure backups
and to allow users to access messages and files from any
device.Messages in Telegram are server-client encrypted by default, and
the service provides end-to-end encryption for voice calls and optional
end-to-end encrypted "secret" chats.
Wickr
Initially unveiled on iOS and later on Android, the Wickr app allows users
to set an expiration time for their encrypted communications. In December
2014, Wickr released a desktop version of its secure communications
platform.
73. 73
The release of the desktop Wickr app coincided with introducing the ability
to sync messages across multiple devices, including mobile phones,
tablets, and computers.
All communications on Wickr are encrypted locally on each device with a
new key generated for each new message, meaning that no one except
Wickr users have the keys to decipher their content. In addition to
encrypting user data and conversations, Wickr strips metadata from all
content transmitted through the network.
Since its launch, Wickr has gone through regular security audits by
prominent information security organizations, which verified Wickr's code,
security and policies. Wickr has also launched a "bug bounty program"
that offers a reward to hackers who can find a vulnerability in the app
ChatSecure
ChatSecure is a messaging application
for iOS which
allows OTR and OMEMO encryption
for the XMPP protocol.
ChatSecure is free and open source
software available under the GNU
General Public License.
ChatSecure also features built-in support for anonymous communication
on the Tor network.
ChatSecure has been used by international individuals and
governments, businesses, and those spreading jihadi propaganda.
Surespot
Surespot is an open source instant
messaging application for Android and iOS.
Surespot is one of the modern messaging apps
that has a focus on privacy and security. For
secure communication it uses end-to-end encryption by default.
74. 74
Threema
Threema is
a proprietary encrypted instant
messaging application
for iOS, Android and Windows Phone.
In addition to text messaging, users can
send multimedia, locations, voice
messages and files.
The name Threema is based on
the acronym EEEMA which stands
for end-to-end encrypting Messaging Application.
Threema is developed by the Swiss company Threema GmbH.
The servers are located in Switzerland and the development is based in
the Zürich metropolitan area. As of June 2015, Threema had 3.5 million
users, most of them from German-speaking countries.
75. 75
Chapter-6
Social Media Tips
People lives have gotten easier thanks to the internet. With that being
said, it is important people know how to protect themselves and their
personal information to avoid becoming a victim of fraud. Online criminals
and fraudsters can use your information to create bogus accounts to
obtain anything they want. They can also use your information for phishing
or soliciting.
Attempting to get private or financial information from people online is
known as phishing. The act begins with an email that looks like it is from
a trusted source you know. It may claim to come from a bank. The email
will encourage you to click a link claiming to take you to the website to
enter personal account information including your password. If you fall for
the trick, they get your personal information and access to your account.
76. 76
Here’s what you need to protect yourself:
Check privacy settings
When using social media sites,
review privacy settings. The settings
for your profile may at the defaults,
and you can change them to make
your account information more
secure. You should also review this information in case there is something
you should keep private.
Limit bio information
Social media websites will ask for personal information when creating an
account. Use tools offered to limit what others can view when they land
on your page. The privacy settings may help customize the content that
is viewable.
Avoid sharing account details
Sensitive details such as your bank account number, social security
number, or other related information should be private. Use sponsored
communication options such as email, telephone, mailed letter, or direct
communication via the website if you need to share such information to
reduce the risk of personal details getting into the wrong hands.
77. 77
Choose friends and add contacts wisely
The reason why you signed up for a social media account is likely why
you have friends and contacts on your list. Be cautious of requests from
people you don’t know. You don’t have to accept every friend request.
Learn features of the website
When signing up for an account, get to know the features. Do this before
sharing information to understand how the site functions. You can choose
who can view your posts and understand how such content is shared with
others.
What is shared online stays online
Think before you share. Because of the unique way the internet is
designed, once you post something, it stays online forever. People have
ways of getting information and saving to another source. So, if you don’t
want to set yourself up for embarrassment, think twice before posting
messages or photos.
Have a good reputation when approaching job recruiters
Research has shown roughly 70 percent of job recruiters have turned
down applicants because of something posted to their social media page.
When you’re online, conduct yourself in a manner you want people to
respect you for. Keep your online presence positive and be thoughtful with
what you share.
Use tools to manage friends and contacts
78. 78
Have a personal profile page to keep in contact with people you know
personally. Use a fan page to appeal on a public level without risking too
much of your personal information. Use tools to separate contacts into
groups.
You can have a list of family members, friends, co-workers, etc. Managing
contacts helps you get a better idea of who is following you online. This
helps determine what you can share, with whom, and when to keep things
to yourself.
Let others know if you are not comfortable
Be respectful of opinions and things shared online between you and
friends. Yet, mention when something makes you uncomfortable or when
you think something is inappropriate. This helps set boundaries for what
content appears on your page. Plus, you learn what people can and
cannot tolerate while respecting one another.
Know when to take immediate action
If someone harasses you online or makes inappropriate threats, contact
the administrator of the website. You can report the person and take
additional action of blocking them or removing them from your list.
Keep antivirus software up-to-date
Keeping your antivirus system updated ensures your web browsing is
protected from potential threats that may get picked up via social
networking, such as clicking links or opening messages.
79. 79
Be in control of your online presence
Know what information you share and who it is being shared with. Check
privacy and security settings to stay on top of information shared. Make
changes as needed.
Use a strong password or create a sentence
Use a strong password to log in your account to reduce hacking risk. The
password should be at least 12 characters long with a mix of lower and
upper case letters, symbols, and numbers. Consider using a short
sentence you can remember and add a number and symbol to make it
more secure something like: “I love dollar bills.” The password can have
spaces too.
Use different passwords for each account
Try keeping passwords for email and social media separate to throw off
cyber criminals. For your most used or most important accounts make
sure your passwords are strong.
Through away or delete messages when in doubt
When you get a message that seems suspicious, delete it. Don’t open it
or forward its contents if you don’t trust it. People often get so many ads
for different stores and businesses, it can be easier to delete it and be
safe.
Keep tweets protected
You can choose to use a protected Twitter account if you want more
control of what people can view and access. Followers who are approved
80. 80
to follow you have access to details you post. Search engines won’t index
your tweets and cannot view them in a Google search.
Consider turning off Broadcast Activity on LinkedIn
Use the Broadcast Activity feature to limit what information is seen by your
followers. LinkedIn has a unique way of letting others know your updates.
This means people and organizations you follow will get updates you post.
Limit LinkedIn updates to your followers
You can post updates and changes to your status like on Facebook.
People can choose to subscribe to your updates. But, you can use privacy
settings to select who can receive updates you post. The public doesn’t
have to get your updates but a few select connects can.
Use privacy settings to keep Facebook page from being indexed
Use Facebook privacy settings and look for the option “Let other search
engines link to your timeline.” When turned on, people who search your
name through a search engine can see your Facebook profile. Potential
employers may do this. If you don’t want your profile searchable in this
manner, turn this feature off.
Restrict friend requests
Not all friend requests are true friend requests.
Some are cyber criminals with nothing else better to
do than to spam or phish people. They do this
randomly with accounts all the time. Restrict who can send you a friend
81. 81
request by choosing options under privacy settings and selecting “Who
can contact me?”
Avoid mentioning other accounts
There are a few social media websites allowing users to connect their
social media accounts together at once. If you are working to establish a
professional and personal identity, you may want to keep them separate.
Linking the accounts increases security risks and you may end up sharing
something you don’t want to appear on another site. An example connect
is Twitter with LinkedIn.
Use settings to cut reviews for Facebook tags
Use Facebook settings titled “Timeline and Tagging” section to set limits
on what can be shared using your name. This is handy if friends have
pictures that include you, but you may not want them shared with others.
When the picture is uploaded and tagged with your name, you learn about
it first. You can require an approval before it gets published.
Make Facebook groups restricted
Create groups on Facebook to control who sees what. You can block
someone you want to keep as a friend from viewing certain posts. To do
this, add the friend to the “Restricted” list when clicking on the Facebook
sidebar. The posts would be marked “public,” but they are only seen by
friends added to this list. Isn’t it great to have more control over who sees
your social media posts? Your online security is greatly increased thanks
to a few easy steps taken to control your identity when online.
82. 82
Chapter-7
Banking Tips
With so many people going
online to manage their money,
however, threats have arisen.
Hackers, malware and
fraudsters abound, ready and
eager to steal online-banking
passwords and the money they
protect.
But you don't have to resign yourself to a world of unsafe banking. Here
are some online-banking security tips you can practice before signing in
to your account. Each will help ensure a safe online-banking experience.
Here are some useful tips for Banking:
Use a script blocker on your browser:-
1. There is a small but vocal subset of users that disable Script.
We should do this because of a perceived security benefit.
There have been a few known vulnerabilities that can be
exploited with scripting like XSS.
2. Disabling it will also prevents malicious ads from infecting our
system
3. Lastly, disabling JavaScript will take up less CPU and RAM on
your computer, which is to be expected. If you run something
super basic, it’ll take up fewer resources. But if your computer
is so old that it can’t handle modern websites, it may be time
to upgrade it—as the web improves, it needs more resources
to do what it does, just like any other program on your
computer.
You can use NoScript Security Suite for Mozilla.
Script Block for Chrome.
83. 83
Use a virtual keyboard with key randomizer:-
Online Virtual Keyboard is the best Security implementation to make
Sensitive data safe from “spyware” and “Trojan program”. While entering
sensitive data (Username and Password) for Internet Banking, Security
features recommend me to use Virtual Keyboard to protect my password.
Virtual Keyboard is an online application to enter password with the help
of a mouse which helps us to remain safe against key logger.
Example of online Virtual keyboard:-
Benefits of online Virtual Keyboard
Online Virtual Keyboard is designed to protect your password from
malicious “Spyware” and “Trojan Programs”.
Use of online virtual keyboard will reduce the risk of password theft
using Key loggers and Keyboard action Monitoring.
It will auto encrypt your Password entered through Online Virtual
Keyboard.
Easy to Implement as Login Security.
To use Online virtual Keyboard is the Best practice in websites where is
to Protect sensitive data from hackers, crackers and malicious programs.
Most of banks who offer online banking facility, offers Virtual keyboard to
type in your password to login. Also for bloggers and freelancers who are
using PayPal as their primary account to send and receive funds, should
84. 84
start using onscreen keyboard feature of your windows system to type
passwords.
Onscreen Keyboard
You can type “OSK” command in Run windows and it will pop up on
screen keyboard which works as a full fledge keyboard:
Never save sessions of banking sites on your browser:-
1. It is good practice to always log out of your online banking
session when you have finished your business. This will
decrease the chances of falling to session hijacking and cross-
site scripting exploits.
2. You may also want to set up the extra precaution of private
browsing on your computer or smart phone, and set your
browser to clear its cache at the end of each session.
3. Always remember to clear cookies and cache data from
browser before closing the browser.
4. Clear your browsing data and history.
Never tick on “remember me” on banking websites:-
Don’t stay logged in to your favourite online services all the time. We know
how convenient it is to login to Facebook in the morning, or at the
beginning of the week, and to tick the “Keep me logged in” box.
you login once and then you don’t have to keep logging back in all the
time. It’s even more easy to stay logged in via mobile apps, because
typing a suitably long and secure password is harder.
Indeed, many mobile apps quietly and automatically remember your
password even between reboots so the app can log you back in
automatically every time you restart it .The thing is, all this logged-in-
forever convenience comes at the cost of reduced security.
85. 85
Never log in banking portals on public PCs like a cyber cafe or a
public Wi-Fi:-
If you want to be safe then don’t login to your banking or any other sites
while using public Wi-Fi or in an open network because an attacker may
use man in the middle attack (MITM) to get your session Id or username
and password. As there are many apps which can hijack and sniff on
network and also capture packets transferring through your connection.
Choose an account with two factor authentication:-
Two-Factor authentication provides an additional security layer and
makes it harder for an attacker to gain access to a person account
because knowing victim password is not enough for taking over full
account.
Here are some types of 2F authentication:
Something the user knows, such as a password, PIN or shared secret.
Something the user has, such as an ID card, security token or a
smartphone.
Biometrics something the user is. These may be personal attributes
mapped from physical characteristics, such as fingerprints, face and
voice.
86. 86
Systems with more demanding requirements for security may use location
and time as fourth and fifth factors. For example, users may be required
to authenticate from specific locations, or during specific time windows.
Like google smart lock.
Create a strong password:-
A strong password has 12 characters of length which also includes
number, characters, symbols, Capital letters, and a Lower case letters and
it shouldn’t be your first name or your DOB.
Some examples of strong passwords are:- 1Ki77y,.Susan53,&m3llycat
Secure your computer and keep it up-to-date:-
Always remember to keep a password on your computer and also update
it regularly so that any new vulnerabilities found can be patched with that
update. Tips for securing your computer:
1. Use an anti-virus.
2. Remember to update virus protection.
87. 87
3. Keep a password on your computer.
4. Lock your private files and folders.
5. Update your computer regularly.
Avoid clicking through emails
Avoid clicking to unsuspicious emails
Phishing
Phishing is the term for sending emails (considered the bait) with a link to
a fake website. Once on the site, the user is tricked into giving sensitive
information. For example, the link takes you to a fake site that looks like
your bank, and you try to log in with your username and password. The
bad guy has now captured your login info. And if he’s clever then it would
redirect you to the real site afterward. You’d probably be none the wiser.
Malware or “virus” downloads
The link may take you to a website that infects your computer with
malware like ransomware or a keylogger (a “virus” that captures
everything you type into your computer like passwords and credit card
numbers). Or it might even download the virus directly without going to a
web page. Malicious web pages are the most common way that I see
computers get infected in my day job.
Why It’s Hard To Tell the Real from the Fake
Most of the emails you get will be fine. The trouble is, do you know which
is which? Some bogus emails are obviously fake to most people, full of
misspellings and shady suggestions. But some of them look very
professional. Take these for instance. They’re both fake. Would you be
able to tell the difference?
89. 89
Phishing Example 2
These would fool most people. But besides looking legitimate, there are
other ways to fool us.
90. 90
Hacked email account
If a spammer hacks an email account, he can send out an email blast to
all the contacts stored in the account. This is dangerous because you may
get a phishing email that’s actually sent from the real account of someone
you know. Unless the email seems out of the ordinary, you’ll have no way
of knowing.
Email address spoofing
Spoofing is essentially “faking”. It’s possible to spoof the sender’s address
so it looks like it’s coming from someone you know, when in reality it’s
coming from the bad guy’s email account. It can be very hard or
impossible to tell if an email address is spoofed. It requires digging
through the email header which is, itself, prone to tampering.
Forwarding a phishing email
Sometimes people are just naive and forward an email to you that has a
malicious link in it. They might not realize it’s there, and have possibly
become a victim themselves. I see it happen.
Which Email Links Can I Click?
Well, if you don’t click any of them you won’t have a problem. But that’s
not realistic. Very few people will ever take that advice. The good news is
you don’t have to. I suggest treating links like attachments. Only click it if
you’re expecting it.
Examples of when to click
You just ordered something from Amazon. Feel free to click the
shipment tracking link in the email they send you. Just make sure it’s
exactly what you’re expecting. If you get a tracking link that you weren’t
expecting, or for a product you don’t recognize, delete the email right
away.
You just signed up for an account on a website. If they send you a link
to confirm your email address, it’s okay to click it. But again, make sure
it’s exactly what you’re expecting and you specifically remember
requesting it.
91. 91
Examples of when NOT to click
You get an unexpected email from your bank. Maybe it says that you
need to log in and take care of something important. Don’t click the link
they give you. If you didn’t know it was coming, there’s no guarantee it’s
a legitimate email.
Your friend sends you a link that you weren’t expecting. Don’t click it.
Remember, the sender’s address can be spoofed or their account hacked.
Yeah, I know, this is all awfully annoying, so is there anything else we can
do?
What To Do Instead of Clicking Links
In the case of your bank or other institution, just go to the website yourself
and log in. Type in the address manually in the browser or click your
bookmark. That way you can see if there’s something that needs taken
care of without the risk of ending up on a phishing site.
In the case of your friend’s email, chances are that they copied/pasted the
link into the message. That means you can see the full address. You can
just copy/paste the address into the browser yourself without clicking
anything. Of course, before doing that make sure you recognize the
website and that it’s not misspelled. Make sure it looks like this:
http://www.youtube.com/adgasLKUkjFJos&odgs
and not like this:
http://www.yuutube.com/adgasLKUkjFJos&odgs
Other Things To Consider
It’s up to you how far you want to take this. For instance, I’ve made a rule
never to click links in emails notifying me that my paycheck has been
deposited. Yes that really happens, and I get one every week, but
automated recurring emails can be dangerous. They’re commonly faked
because the bad guys know we’re expecting them.
92. 92
The bottom line is that unless you explicitly know and trust it, avoid it.
That’s all there is to it. Make this a habit and you can avoid one of the
biggest mistakes in internet safety.
Monitor your accounts regularly:-
Learn How Banks Track
Suspicious Activity
We trust our banks to keep a
watchful eye out for suspicious
activity. That involves trust. It’s
either that or we can choose to
tuck all our money away in a
sock beneath our bed—
hopefully safely. But taking that
route, for the vast majority of Americans, isn’t an option.
Banks do tend protect the nation’s assets with vigilance, and they put a
great deal of effort into preventing and catching suspicious banking
behaviour that can indicate identity theft on a person’s account.
The following behaviours are signs that could raise the red flag for banks:
Suspicious, frequent transactions. Banks keep a close eye out for
transactions that are made in frequent, short periods of time, especially if
there are large deposits and withdrawals made in cash or by check. Banks
can rationalize the transactions by customers’ occupations and patterns
of conducting business.
Numerous transactions that are made in different branches on the same
day—for the same account. If these transactions are below an established
bank threshold, it could mean the transactions were made to go
undetected.
Activities that deviate from a person’s normal banking habits. Your bank
likely has a policy in place to contact you if they detect any suspicious
activity on your account. They may even choose to freeze or cancel your
debit or credit card as a result. If you become a victim of identity theft or
93. 93
fraud, there are steps that you can take to “right” the wrong and get back
on the path of recovery.
It’s not the bank’s responsibility to monitor each transaction to determine
if it’s an instance of identity theft. You are the only one who can truly track
each purchase and deposit to confirm it’s authorized – and if it’s not, it
could be a sign of identity theft.
As a consumer, it’s up to you to regularly check your bank statements
& monitor your credit card reports for signs of identity theft. Furthermore,
early detection of suspicious activity may help you to recover more quickly
if there’s an indication of fraud on your credit report.
Change your internet banking password at periodical intervals:-
The Theory of Regular Password Changes
Regular password changes are theoretically a good idea because they
ensure someone can’t acquire your password and use it to snoop on you
over an extended period of time.
For example, if someone acquired your email password, they could log
into your email account regularly and monitor your communications. If
someone acquired your online banking password, they could snoop on
your transactions or come back in several months and attempt to transfer
money to their own accounts. If someone acquired your Facebook
password, they could log in as you and monitor your private
communications.
Theoretically, changing your passwords regularly — perhaps every few
months — will help prevent this from happening. Even if someone did
acquire your password, they’d only have a few months to use their access
for nefarious purposes.
Save and check all receipts against your statement:-
Every time you make a transaction at the bank or ATM, you’ll receive a
receipt. Be sure to save your receipts and write the information in your
transaction register. That’s a small notepad you’ll receive when you open
your account. Add your deposits, subtract your withdrawals, and keep
94. 94
track of your current balance — the exact amount you have in your
account right now.
Keeping track will help you avoid spending more than you have in your
account. That’s called an overdraft — and the fees and penalties can be
expensive!
At the end of the month, the bank will send you a statement. It lists your
balance at the beginning and end of the statement month, and all of the
transactions that the bank has processed during the statement month.
Every month, review your statement along with your register and your
receipts to make sure that your records and the bank’s records agree.
And if your bank offers online banking, you won’t have to wait for your
statement to review your account activity. Online banking gives you
access to review your accounts any time.
The keys to account management:
Save your transaction receipts.
Record every transaction in your register
Avoid spending more than you have.
Review your statement every month.
Make sure your records and the bank’s records agree.