Are you worried about your former lover breaking into your Facebook account?
Did your computer become hostage to ransomware? Or are hackers hijacking your bank account?
This tutorial explains how to protect yourself from hackers, written for non-technical users. Six Professional Hackers helped create this tutorial.
This article does not guarantee you are completely safe. That does not exist on the Internet. However, you can make these hackers and viruses more difficult to attack you by using these tips.
Now, before we start: Do not hide behind your computer screen. Getting a hacker targeted specifically at you is very rare. Most of the dangers stem from the fact that many people lack a common understanding of the Internet and computers will easily fall victim to it. So speed up by getting the most important information!
What is a hacker?
Hackers often exploit vulnerabilities on the Internet or in our devices. There are about two types of hackers: white hat and black hat (white hat and black hat). The White Hat Hackers search (and sometimes public) the vulnerability to cause the company to correct problems, make the Internet safer slightly, usually a discovery at a time.
When the media refers to the hacker, it is usually a black hat hacker . Those who do not have good intentions, they may be looking for ways to steal money or access the device to track people. They may also be interested in sensitive files such as nude photos or a copy of your passport.
There are also hackers trying to break into other people’s devices just for fun. These people (mostly young) think of hacking as a mischief. They still take it seriously though the engine seems innocent.
Finally, some hackers act on behalf of governments. Hackers hired by underground or police services are the most dangerous, but do not harm most people. They often hack terrorists, criminals and hostile forces.
How often do hackers break into your device, your computer and your online account?
Hackers usually start by stealing your password . Sometimes you can not do much about this. For example, if the site where you have a profile or account is hacked, hackers may use your password on that page and try to sign in to your other accounts, such as your Gmail account.
You may have also accidentally provided your account. This happens through phishing , a type of cybercrime that criminals use to try and get specific logins on hand. You may have received a phishing email before. This could be a fake notification of your bank account being blocked or a reminder for a non-existent invoice that you have not paid.
Hackers also useemail attachments . When you open an attachment containing a virus, your computer will be infected. This method is often used to spread ransomware: a virus that causes your device to not work by locking down all your files. Then the hacker will ask for ransom in exchange for the transfer of control over your files.
Virus – also known as malware – is also spreading through downloads such as torrents or installation files for the software you want to use. You may think that you are downloading a movie or some software that will make your computer run faster and smoother, but in reality you are endangering yourself.
A virus can also spread to your computer throughOnline advertising and hacked websites . Even sites that can reliably also unknowingly spread the virus. If you do not update your software and computer, you are at risk of getting them.
Hackers can also infect your computer using a flash drive . This method is less common but poses a significant risk. It could be a flash drive you just “picked up” on the road or someone gave you. Anyone with bad intentions can plug a USB into your computer if you have been on vacation or on the toilet.
Now that you know what hackers are and the ways they often use to try to penetrate, you can start applying some tips. Here are the basics: a simple list of measures everyone should take.
Many people think that updating will take time. In some cases it is true, but it is also the most important protection to use against hackers. Many hacking succeeds because they exploit obsolete software that has not been updated. They contain many security holes that are patched through security updates.
The software runs on all types of devices: Windows or MacOS on your computer or laptop and Android or iOS on your mobile devices. Even routers (routers) and other smart devices in your home. Make sure to check regularly – once a week – in case there are updates for your device, install them as soon as possible. In some cases, updates can be installed automatically. Windows, MacOS and Google Chrome browser support this feature.
Updating applications and software installed on your computer is also important, such as the internet browser, PDF reader, and Microsoft Office. You will usually receive a notification if a new version is available.
Today, you need an account for every website or application and all require a password. We often have difficulty remembering different passwords, so we often use the same password for multiple accounts.
While that makes it easier to remember, it is also very dangerous . If a hacker gets your Spotify password, you will not want the hacker to have access to your bank account. And if you share your Netflix password with a friend, he or she should not use it to sign in to your Gmail or Facebook account.
That is why using different passwords for each website, application and service is very important. Just changing a digit or letter will not help. Those types of variations are easy to guess. Thankfully there is a useful solution to this problem: the password manager .
The password manager stores all your passwords in a digital archive and secures them with a single master password. That way, you only have to remember one password to access all of your accounts. These applications can easily generate very complex passwords, such as 6ur7qvsZpb0ZkcuSW1u! V8ng! L ^ lb. Such a password can not be guessed or cracked.
The password manager can also fill in your login informationWhen you visit the website where you stored the password. This alone protects you from a lot of attacks. If the website address is incorrect, such as wellsfargo.mybanklogin.com, the password manager will not fill your Wells Fargo login. You can also use the password manager to save notes , such as login codes, secret keys, and answers to confidential questions.
Good password managers are LastPass, 1Password and KeePass. If you’ve never used a password manager before, trying the free version of LastPass is a great way to get started.
A strong password
Web pages and applications often require that you use a password that contains letters and numbers. But what is a strong password? Many people consider P @ ssword007 to be a strong password, but in fact it is quite easy to be cracked by hackers. That’s why you might want to consider using a passphrase instead of a password.
Long but memorable phrases, these are two prerequisites for a good password. Passphrase I eat 2 whole pizzas every week is easy to remember and quite hard to crack. Do not hesitate to use spaces in your password; This is an often overlooked option.
The best approach is to create a good passphrase for your password manager and allow the password manager to create and save passwords. for all your sites and services.
Keep track of stolen passwords
No matter how strong your password is, it can still be stolen. That’s why it’s important to check that your password is stolen by a hacker. Site Have I Been Pwned track hacked websites and alert you when your personal information leaked to the public. With one click, you can see if any of your accounts have been compromised. Make regular checks to keep safe.
If you subscribe to Have I Been Pwned, you even get a notification When the system detects your email address in the stolen file. That way, you will know exactly which one of your passwords has been stolen, based on the service or website that it leaked. If the site finds your email address among stolen files, you should immediately change the corresponding password. If you do that, the biggest threat – a hacker logging in with your password – has been blocked.
Authentication of two elements
To limit the consequences of a stolen password, you can use two-factor authentication (2fa) , a relatively new security method.
You can enable two factor authentication through the services you use, if they support it. After logging in with your username and password, from now on you will have to complete the second step. Typically, the service will ask you to enter the code sent to your phone (using text messages or authentication applications).
Why do this trouble? If a hacker gets your login information, that person will also need the code sent to your phone as soon as they try to log in. It is difficult to access your phone. These two factors also warn you about login attempts of bad guys. That way, you’ll know what other people have been trying to reach. You can check which services, apps, and websites support two-factor authentication on this site . Google , Facebook , Instagram , WhatsApp and Dropbox are just some of the services that offer two factor authentication features.
Note about the lock icon
The key in the address bar of your Internet browser indicates that you are using an encrypted connection. This means that the information you are entering on the site, like your password or credit card information, is being securely sent and can not easily be tracked by a hacker. Make sure you only enter sensitive information on websites displaying this key in the address bar. If the site starts with https: // , it also means that the address is secure.
Also note that the lock icon does not mean that you can really trust the site you are visiting. Many phishing sites are designed to steal your login information using the lock icon to try and win your trust. Pay attention to the web address and check that it is correct.
A backup allows you to access your files if something goes wrong. What happens if your computer crashes suddenly?
A backup protects your important files, even if your computer is damaged, your device is stolen or ransomware makes your computer inaccessible. Backups bring things back quickly.
You should keep both online and offline backups . You can create online backups with a cloud service like Dropbox and backup offline with an external hard drive. Make sure you check that all the saved files are still there and run / normal operation after restore.
Phishing attacks are often recognizable. Taking a fake email seems to have been sent by Bank of America, for example. The email confirms that your debit card has been blocked, even though you do not have an account with Bank of America. Proper thinking takes a very long time when it comes to protecting yourself.
But phishing emails can also look very real. Therefore, checking the email address of the sender is always a good thing. If the sender uses @ bankofamerica.bankmailservice.com, you will know that the email was not actually sent by Bank of America. If it is “genuine”, it should be @ bankofamerica.com.
Pay attention to using strange or inaccurate language. Many phishing emails contain grammatical and spelling errors and they can start the email with Dear sir / madam. Most organizations know who you are and mention you by your name.
Typically, phishing emails try to scare you by claiming that your bank account has been blocked or that you have an unpaid debt that needs to be paid. They may even claim that you have won something. If you are unsure about the nature of an email, call the fraudulent organization to send an email. Be sure not to use the phone number listed in the email! Look up the number on the official website.
Before clicking on a link in the email, always check the authenticity of it. You can do this by hovering over the link without clicking on the link. The webpage where the link will appear will appear on your screen (in the browser’s status bar). You will be able to see if that is a valid link or just a phishing attempt. On mobile devices, you can press and hold the link to copy. Create a new email and paste the link into the body of the email to read the full web address.
If you do not trust an email or links in it, use your internet browser to visit the web site of the organization the email asks for and logs in there . Usually, you will find all the recent bills and messages there. You can always call Organize to ask if the email you received was actually sent by them or not.
A final rule to live by:
Be careful before clicking any links
Be cautious before you click on any link even if it is sent by a friend or colleague. This is good advice for every situation you encounter; Whether you receive a link via email, via social media or in a text message. A smartphone can be hacked by accidentally tapping a link.
This does not happen often, so do not be afraid of every link you get. But if you do not trust it, check out the link before hitting using the methods described above.
Be careful with attachments and check files you do not trust
You also pay the price if you are not wary of email attachments . Viruses often spread this way, which could allow hackers to access your device. They will do this by hiding a virus in a seemingly harmless file, just like a Word document (* .docs).
Hackers also hide viruses in Excel, PDF, ZIP and EXE files. The best action will not open the Word or Excel files on your computer. Please open them in the Google Docswebsite . If there is a virus hidden inside, your computer will not be infected. It is best to open the PDF file in your internet browser using the PDF Viewer extension .
If you do not trust a file, you can download it to your computer, butdo not open it ! Once downloaded, download it to VirusTotal . VirusTotal is a file analysis site and tells you if they contain viruses.
Note that Google and VirusTotal will have access to your file after uploading.
You should also turn off the option of hiding file extensions for Windows and MacOS . This allows you to immediately see the actual extension of a file, such as .docx or .pdf. One of the common tactics for malware infection is to use the filename of “name.mp3.exe”, if the extension is hidden, many would mistakenly think it is a harmless audio file.
Be wary of public WiFi
Public Wi-Fi networks, such as Starbucks WiFi, are not secure. Hackers can monitor your browsing habits and try to steal your login information. Use your 4G connectionto replace or create a password-protected hotspot on your phone. Hotspots ( Android , iPhone ) allow your laptop to connect to the internet through your smartphone’s 4G connection.
If you are dependent on using a public Wi-Fi network, make sure you only log in to websites that display the lock.. The site has the key to encrypt the information you enter, preventing hackers from accessing it easily. This advice also applies to WiFi networks of restaurants and hotels. It may have password protection, but is still being used by a lot of people.
Use a VPN
You should also use a virtual private network (VPN) – even when you are connected to a public WiFi network. A VPN builds a digital tunnel for your data traffic. That way, others will not be able to see what you do on the internet, protecting you against hackers.
Most people have heard of VPNs because of Netflix. VPNs allow you to trick the internet into thinking you are in another country . For example, by connecting to US servers, users will also have access to the US version of Netflix.
A VPN is also useful if you do not want your Internet provider to know what you do online. You can keep a VPN connection running indefinitely. One of the downsides is that it is possibleSlightly slow down your internet speed .
Never use a free VPN service . These services are known to sell your personal information, such as the websites you visit. If you are short of cash, you can use your free TunnelBear account . The free version of TunnelBear gives you 500 megabytes of protected internet traffic per month, which can be useful if you want to connect to a public Wi-Fi network right now.
Do not let your stuff be unprotected
This advice seems a bit obvious, but a lot of people leave their laptops open while they are using the toilet. In addition to the risk of your property being stolen, someone can also use your computer for malicious purposes while you are not around, especially when your laptop is not locked and locked.
Always set your laptop to lock automatically for a very short period of time (one minute). After that, your device will lock itself if you leave it. However, this is not a perfect security measure. Always try to bring your laptop if you need to leave the seat. Even if only for a moment.
Now let’s look at the most easily hacked device: your computer.
Virus scanners are still useful
Most infections occur on Windows computers. These devices are equipped with a virus scanner called Defender . Defender is also good, but Kaspersky Anti-Virus and BitDefender easily compete with Defender.
Defender has a feature that protects your most important folders against ransomware or other malware malfunctioning with your files. This feature can be enabled by going to Virus & Threat Protection -> Ransomware protection -> Controlled Folder Access. You can also add additional folders there, such as a folder containing important business documents or pictures from your childhood.
The use of Hitman Pro.Alertis also recommended. You can run Hitman Pro.Alert along with a virus scanner. It will protect you against malware taking advantage of the vulnerabilities in your computer, for example, tracking whatever you type on your keyboard.
If you own a Mac, you do not necessarily need a virus scanner. Mac’s operating system makes it harder for malware to infect your computer. That’s why not many viruses appear on Apple’s operating systems. If you still want a virus scanner, Kaspersky Anti-Virus , BitDefender, or ESET Security is a solid choice.
Enable automatic updates
As you probably already know: it’s important to update your device. That’s why we recommend that you automatically install the updates. Windows and MacOSsupport this feature, but recent software like Google Chrome has introduced similar options.
If the software does not support automatic updates and notifies you of new updates available, check the legality of the previous notification. Viruses often spread using fake notifications, like new updates for Adobe Flash Player. They usually appear as pop-ups on the site. If you want to make sure the message is legal, open the software in question and manually check for any updates.
Use Google Chrome with these three extensions
Currently, Google Chrome is the safest and most user-friendly Internet browser. Firefox, Safari, and Edge are also solid choices, as long as you avoid using Internet Explorer. Also, make sure to set up the following three extensions:
Ad Blocker uBlock Origin is a free ad blocker and internet tracker. It protects you from so-called malvertising: the virus spreads through online advertising. It also blocks organizations and companies from tracking your browsing habits. Contrary to Adblock and Adblock Plus, uBlock Origin has no suspicious business model. Note that by using an ad blocker, you are depriving the much needed source of revenue for the site. By putting on the white list (white list) of your favorite websites, you still allow a company or a profit from your visit.
HTTPS Everywhere forces websites to use secure connections whenever possible. If a hacker tries to block your connection to try and send you a site with an unsecure connection, HTTPS Everywhere will block this attempt. This extension can be downloaded and installed for free.
Criminals love to hide malware in PDF files because Adobe Reader (software that lets you read PDFs) is often leaked for security. That’s why it’s a good idea to open PDFs in your internet browser. You can use PDF Viewer for this purpose. This extension was downloaded for Chrome free of charge. Firefox has the option to automatically open PDFs in your internet browser.
Pay attention to the extensions you install and do not install too much . Browser extensions can have broad access and, in some cases, can even see what you type when using your internet browser. Thankfully, you can see the permissions that each extension has.
J2TEAM SECURITY (added)
This is a security utility that helps protect you from phishing sites that an attacker created to take over your social network account. In addition, J2TEAM Security blocks Clickjacking, Self-XSS on Facebook, and offers many other privacy options.
A firewall is different, it should be turned on. It will protect you from external attacks. Do this on MacOS and preferably on your router. Windows Firewall is enabled by default. If you want extra protection, check out Little Snitch for MacOS and GlassWirefor Windows. These applications track which software is connected to the internet.
Flash has been an important technology for watching videos and playing games in your browser, but software is outdated, making it dangerous . The best option is to just avoid Flash altogether. Many browsers are disabled by default and require you to manually enable them. Only turn on Flash when a site you trust completely asks you to do so.
Most sites use better technology today, such as HTML5, to display interactive components such as videos and games. Flash maker Adobe will officially stop the software by 2020 and recommend stopping it now.
Secure your router
Many people have trouble configuring their routers, which allow you to access the internet. That can be understood: routers are difficult to operate . Each router works differently, so you’ll have to Google to find the corresponding instructions. These guidelines can help you make the following tips.
- Secure your Wi-Fi network with optional WPA2 protection, use a long password or passphrase and disable WiFi Protected Setup (WPS).
- Turn off UPNP. This technology is not secure and allows easy access to your network and connected devices.
- Update software for your router.
- Create a guest network with passwords for your guests and other miscellaneous smart devices, such as security cameras.
- Make sure your network name does not easily connect with you or your home . Example: Do not put the Johnsons.
- Be careful with port forwarding: only open the port forwarding really needed.
Flash drives and smart devices
A well-known hack trick is to let the victim plug a Flash drive (USB) into their computer. Always be careful with flash drives, whether you find one on the street or someone giving it to you as a gift. If you do not trust a flash drive, consider it carefully or throw it away.
You may also want to think about whether you really need all those smart devices. Do you really need a refrigerator that can connect to your WiFi network? All of these smart devices are potential access points that hackers can use to gain access to your network. They can even control all of these devices. Only buy the smart devices that you really need and it is best to use the famous brands.
Online banking security
Some people are afraid to use their online banking. Do not worry: online banking has become very safe in recent years. You can use your bank’s mobile website or app to transfer payments. In most cases, the application is the safest option. It’s hard for hackers and criminals to blackmail these apps on the recent Android and iOS versions.
Cover your webcam and check the surroundings
Hackers can see you with your webcam. Hackers can blackmail you with your intimate photos and videos. For example, you may get stoned while you are undressing, masturbating, or having sex. Just cover your webcam with a tape, you will make your webcam useless with any intruder. There are also more elegant options, such as Soomz .
Also note about the surroundingsif you are using your laptop on a train or in a coffee shop. Can anyone see what you are typing? Are you sure that no one can view personal information on your screen, like your password, home address or phone number? Be aware of the situation you are in when you are using your device in public space.
Reinstall your computer from time to time
Try re-installing your computer every three years. That means backing up your files, completely erasing your hard drive and reinstalling the operating system ( Windows , MacOS ). It makes your computer faster and removes any excess and potentially harmful software.
Phones and tablets
Smartphones are the most important device in the lives of many, which is why ensuring it is properly secured is extremely important, whether you own an Android or an iPhone.
Make an iPhone
Okay, this sounds a bit blunt, but the iPhone is generally safer than the Android phone. That’s why people who are at risk of being attacked, like lawyers and politicians, often have an iPhone. The iPhone is also guaranteed to receive updates for five years after they are released.
The safest Android phone is the Pixel phone (formerly known as Nexus), manufactured by Google. Google is trying to develop Android so that phone manufacturers like Samsung, Huawei and OnePlus can release updates much faster.
Update as soon as you can
This recurring tip stays high on the list: keep your mobile device up to date as soon as possible . Updates fix security vulnerabilities that allow hackers to infiltrate your smartphone or tablet. Be sure to update your app regularly. They may also contain vulnerabilities that allow hackers to access your personal information.
Turn on encryption
Encryption ensures that your data, such as your messages and images, are stored in a digital archive . All iPhones and most Android phones are enabled by default, but some Android phones require you to enable encryption manually. Encryption options can be found by going to Settings> Security.
What happens if someone will find your phone and connect the phone to the computer? Encryption ensures that this person will not be able to see all your chat history and photos. You can only view them if you enter the correct password, which is the key to your own digital data warehouse. That is why using passwords to lock your mobile devices when you are not using them is very important.
Use a six-digit password and fingerprint scanner
By using passwords, you prevent others from accessing your phone or tablet. Choose a six-digit code that only you know and choose no standard code like 0-0-0-0-0-0, 1-2-3-4-5-6 or 1-1-2-2- 3-3. You should not use birthdays, just like any other combination based on personal information. iPhone and some Android phones also allow you to turn on the option of completely removing all content from your phone if you enter the wrong code more than ten times. This may work as an additional security measure, but it can also be quite dangerous if you do not have a backup of your device.
In many cases, the use of fingerprint scannerwill be easier. It works faster and safer because someone can not just copy your fingerprint to unlock your phone. If you want to temporarily disable the fingerprint scanner, turn your device off and back on. It will prompt you for a password to access your device. If you do not have a fingerprint scanner on your Android phone, you can also create a template to unlock it.
Your SIM card also has a passcode. You can edit this code and change it to a six-digit code in your phone’s settings, instead of using the standard 0-0-0-0 code. You should transfer all your contacts to your phone and delete them from your SIM card. If you lose your phone, the contact’s personal information can not be extracted from the SIM card.
Only install apps from the App Store or Google Play
Most phones that contain malware are infected through applications that are not installed from the official application store . This usually happens when people want to install paid apps or games for free. The ‘free’ app may contain malware inside, used to steal credit card information. This happens with both Android and iOS phones.
Android poses a different risk: there are many apps in the Google Play Store that appear to be legitimate but still contain malware. Make sure you do the research before downloading any app. Google app name, read reviews and check how many times the app has been installed so far. In a nutshell: do not just install any app on your Android phone or tablet.
It ‘s also important to test the permissions of the application. For example, the flashlight app should not require access to your contacts. You can check and edit app permissions on both iOS and Android. For Android, go to Settings> Apps, and with iOS: Settings> Privacy.
Turn off WiFi and Bluetooth if you do not need them
Third parties can track you using WiFi and Bluetooth. For example, they can track your route to the bus stop. If you do not need WiFi or Bluetooth on the go, you should temporarily disable them using your device settings. You will also protect yourself from Wi-Fi and Bluetooth attacks.
If you’ve previously connected to a WiFi network, your mobile device will automatically connect to that network when you’re nearby. This poses some risks. Hackers often create fake Wi-Fi networkswith the same name as the networks that you might have previously connected, like Starbucks WiFi or McDonald’s Free WiFi. Since your mobile device recognizes these networks, your device will attempt to automatically connect to them. It is just another way for criminals to try and track what you do on the internet while trying to steal passwords and other personal information.
It is best to clean up your list of reliable WiFi networks over time. For example, if you’re connected to a hotel WiFi network, remove the network from your device’s storage later. Do this by opening your device settings and pressing forget after selecting that Wi-Fi network. You can also set your Android and iOS devices not to automatically connect to individual Wi-Fi networks in WiFi settings.
Do not show message previews in the lock screen
Alerts may contain sensitive information , such as a password a friend sent you with WhatsApp or a login code sent via text message. By hiding notifications in the lock screen ( Android , iOS ), no one can see the content. Only after unlocking your phone will you be able to see the content of the notification.
Back up your device
Backups are extremely important . If your phone is stolen, you can always restore a backup on another phone. Google and Apple offer full backup features of your phone. For many users, images are the most important thing on their phone. Backup them with services like iCloud , Google Photos, and Dropbox . Do not forget to turn on two factor authentication for these services.
We share a large part of our lives on social media. Sometimes a little too much. That sounds like an invitation for a hacker. This data collection method is also known as Open Source Intelligence (OSINT), which can be used in a network attack.
Be careful about the information you share
People usually post their passport photos , driving licenses and social concert tickets . Your barcode on your concert ticket can be used by anyone and with your passport or driver’s photo, someone can open a loan in your name.
So be careful what you do and post on social networks. Waiting for something you order online? A hacker can call you, pretending like a store employee to “check your information”. It is mainly a matter of recognizing the risks to you .
Note your personal information
Many companies only request names, birth dates and addresses to verify that you are a friend. This information can be easily found online . People celebrate their birthday on social networks and indirectly say where they live, by posting Instagram photos of their new home, for example.
Using this method, a hacker tricked a telecom provider to register someone else’s phone number with his or her name. This also allows him to access the victim’s WhatsApp message. This hacking technique is also called social engineering ; A form of network attack requires the ability to manipulate the victim.
Answers to secret questionsYour can usually be found online. It could be the name of your first pet or the birthplace of your mother. Be aware of this fact. It’s better to create a random password as the answer to these secret questions. You can save passwords using the password manager.
What does a hacker do when they want to gather information about a target? That’s right: Google name of the target. Google regularly checks for personal information that may be seen by everyone. For example, you can set up email notifications for you whenever your name appears on Google. In some cases, it may even remove information from the search appliance .
Make your post private and sign out
We post a lot on social networks. That’s why you should set your profile to private . Do you share a lot of your private life on Facebook and Instagram? Make your Facebook profile private ( click here to see what people are seeing when not your friend) and lock your Instagram account , which will force people to ask for your permission. you if they want to track you. Same with Snapchat .
Twitter is a completely different story. Many users use Twitter to reach as many people as possible. If you have a public profile on Twitter, pay more attention to what you post, from your location to your personal information. And sign out of Twitter as needed – especially when you use a public computer or a friend’s laptop.
Make secure digital copies of your IDs
It is possible to create a secure digital copy of your passport, driver’s license or any other form of identification. The Dutch government even released an application to help you do that. It is called KopieID (CopyID). It allows you to edit sensitive information, such as your Citizen Service Number or Social Security Number. You can add a watermark, describing the purpose of the copy. Do not worry: important parts of the application in English.
Run the security check
Many companies offer the option to quickly check your security settings, like Google , Facebook and Twitter . You can see which devices you have signed in to, and which other services have access to your information.
Chat and make phone calls
We send many messages and still call from time to time. Try to do it as safely as possible. This chapter is about how you can communicate without letting anyone eavesdrop or read your messages.
Communication has become much more secure since April 2016, when WhatsApp introduced endpoint encryption. This ensures that only senders and recipients can read messages sent between them. If someone blocks encrypted messages, all they see is meaningless.
You can compare it with sending postcards. You write something on your back and place a stamp on it. With regular encryption, the courier (in the case of WhatsApp) can read what you wrote on the postcard. With the messages sent through end-to-end encryption, you basically put the postcard in a sealed envelope . That way, only the recipient can read the content on the postcard.
Terminal encryption not only works with sending messages. It also works with sending and receiving photos, videos, documents, and location information. You can also secure your phone calls and video calls with end-to-end encryption.
WhatsApp and Facebook
WhatsApp is owned by Facebook; A company makes money by collecting as much information about its users as possible. Due to end-to-end encryption, Facebook does not know what kind of message or image you are sending. Facebook can monitor the people you are in touch with. This type of information is called metadata .
Alternative to WhatsApp
The chat application you use is a very personal choice. Some people value the ease of use, while others prefer the application to focus more on protecting their privacy. Here are some alternatives to WhatsApp.
Signal is the most user-friendly and secure chat application. Just like with WhatsApp, the application can be used on the computer and can automatically delete messages after a certain period of time (from a few seconds after being sent to a week). Signal also hardly saves any information about its users. However, the application does not look very nice and has less features than its competitors.
Telegram is not a secure option, because it saves messages on the cloud. Some people like this, because if you switch phones, you can start chatting exactly where you left off. However, saving all your messages, pictures and videos on the cloud is very dangerous. Please note this if you use Telegram. The reason why people choose to use Telegram is because it is one of the most user-friendly chat applications available today.
The Apple chat app only works with the iPhone and iPad. The message is encrypted with endpoint encryption and you can also use your MacBook or iMac to send and receive messages. iMessage also supports many other applications, allowing you to easily place your Uber car or share your route.
Voice and video calls
You can use WhatsApp, Signal and FaceTime, or other applications to make end-to-end calls . This means that the service you use to make a call can not see or hear you. These applications are recommended when you make calls to discuss sensitive topics. If you want to Skype with your cousin from Australia anytime, anywhere, the lack of front end encryption will not matter.
An old phone call is usually a safe method of communication for most people. Hackers can not easily hack your phone calls. That would require a targeted attack, such as being made by an intelligence agency. We’ll talk about that later.
Unsafe email , contrary to many chat applications. Email in 2018 combines a number of different technologies that are mixed together to make it work. That does not make it safe or reliable. Only use email in business cases and as it is generally accepted, but send as little sensitive email information as possible.
Pass hat admiration for you have read here! Your network security knowledge has grown exponentially. In this chapter, you will find many advanced tips to prevent online monitoring and hackers.
Identity spear phishing
We will start with the hardest advice, because the famous phishing scam is hard to recognize. Spear phishing is a form of scam where the person trying to trick you will send you a message made to fool you specifically. For example, a hacker can gather information from your social networking profiles to provide spear-phishing messages with credible information.
Assuming your flight with Delta Airlines has been delayed for an hour and you post on Facebook. A hacker can use that information to send you an email detailing a “compensation offer” from Delta. All you need to do is login (give your hacker password) and fill out a form. All happen while the hacker is tracking what you are typing.
Fortunately, most people will never have to deal with this type of scam. Spear phishing generally occurs with high-risk people targeted , such as politicians, lawyers, and journalists. You still need to protect yourself. If you do not trust something, find a company or organization that is supposed to send you a message by google and ask them if the message you received is legitimate.
Encrypt your hard drive and backups
You can encrypt your MacBook and iMac by turning on FileVault . It’s extremely simple and makes sure that anyone who finds or steals your laptop does not have access to your private files. Do not wait: turn this feature on now .
Windows is a completely different story. Microsoft has maintained the exclusive Bitlocker encryption service for the Pro version of Windows. That’s just the version that consumers almost never use.
Thankfully there are some good alternatives to consider. Veracryptis the safest and most reliable option. Make sure to back up your files before encrypting your hard drive. Encryption may take hours and may be erroneous in some cases. With backup, you will ensure the safety of your files.
Stay on the same subject: You can also encrypt your backup. For example, consider encrypting your external hard drive with Veracrypt. Another good application is Cryptomator , which immediately encrypts your files and uploads them to Cloud. However, be careful with your password . If you lose your password, you will lose access to your file.
Create a strong password using the Diceware method
Diceware is used by professionals to create powerful passwords. Diceware uses a random dump and a long list of words to create a password. This is a list (pdf) of English words that you can use.
You start by rolling the dice. Do this five times in a row and note the value of each time. You will end up with a five-digit sequence corresponding to a word in the list. For example, if you throw 3-6-4-5-5, the word corresponding to it is limbo.
Repeat this process seven times to ensure it is completely safe. You will receive a series of seven completely random English words, such as limbo krebs hoot ember cometh swipe zaire. Diceware is currently the best way to create strong passwords that you can remember.
Authentication of two elements without text message
Authentication of two elements by text message is not very secure. Text messages can be blocked and hackers can take control of your phone number by deceiving the telecommunication service provider.
The safest option is to use the application on your device, creating two-factor authentication, such as 1Password , Authy, or Google Authenticator . However, be careful when using the last option: if you reset or lose your phone, you will lose all sign-in. All other applications synchronize your login code on your devices.
Another option is to use a physical lock . The so-called Yubikey ($ 40) physical connection to your computer or smartphone to allow you to enter the authentication code.
Smartphones are spy devices
Smartphones are ideal devices for spying . The intelligence agency can touch your phone and ask for its location or hackers can break in and turn on your microphone and camera. Be careful of this.
Android and iOS track your location by default, and this sensitive information can be shared with third parties. Both Android and iOS allow you to disable this feature, and your phone will not constantly monitor your location. However, this does not prevent hackers or intelligence agencies from tracking your location with smartphones.
Be wary of backing up Cloud chats
Many chat apps offer the option to save your chats on the Cloud, via Google Drive or iCloud. Be careful about this. All messages are encrypted with end-to-end encryption as soon as they are sent, but they lose encryption as soon as the messages reach your phone, otherwise you will not be able to read them. If you choose to back up your messages, they will be uploaded to Cloud without encryption. An intelligence agency may request to view your chat history . Also note that your messages may be backed up not being encrypted by the people you are chatting with.
If you want to call someone without the risk of your call being eavesdropped then you should use Signal. Signal encrypts the call with end-to-end encryption. For many, this measure may be excessive, but for those at risk such as journalists and lawyers, it may sometimes be necessary.
Call Signal (and WhatsApp) also protects you from IMSI-catchers . These devices mimic telephone poles to infiltrate your phone calls and messages. IMSI-catchers are mainly used by intelligence agencies, but can also be done by hackers.
Browse the internet with Tor
The Tor internet browser sends your internet traffic through multiple computers. This protects your privacy, because the site can not find your whereabouts and your provider will not be able to see what you are doing on the internet. That could be useful for some people, but it could be a real lifesaver for others in countries like Iran and Russia. Tor also allows you to access blocked sites, which are especially useful in a country like Turkey.
Tor also provides access to the dark web , which is part of the internet that you can not access using a regular internet browser. On the dark web, you will most likely find the market for drugs and weapons, a site that shares child pornography.
Make sure you really need the internet browser Tor. Are you leaking confidential information to the media? Then use Tor in a public cafe with WiFi to maximize your anonymity. However, the Internet is much slower when using Tor, do not use it to watch movies on Netflix. Web sites may also find that you are using Tor to browse the web, which sometimes helps them prevent your sign-ins . Therefore, do not use Tor to use online banking.
Be wary of the certificates
Sometimes, hackers try to install their own certificates on your computer, smartphone or tablet, allowing them to keep track of what you are doing, even when you are using the site. secure https. Typically, victims are tricked into installing certificates on their device to access public Wi-Fi networks. In general, people never have to install certificates , so be extra careful when you are asked to do so. If needed, ask anyone who may be interested in whether the requested installation is legitimate.
Use a privacy screen
A private screen is a screen you place on your smartphone, laptop, or tablet screen. These screens block the viewing angle, except when you look directly at the screen, ensuring that no one can see what you are doing on your device. If your phone is lying on the table, you will have to pick it up and look straight at it so you can read or see anything. References: Fellowes .
This handbook is created with the help of six professional hackers: Maarten van Dantzig , Rik van Duijn , Melvin Lammerts , Loran Kloeze , Sanne Maasakkers and Sijmen Ruwhof . This article was translated by Juno_okyo from the English version here .
If you find this tutorial helpful to you, share it with your family, family and friends to keep it safe