IT security tips for older users

by Ovais Mirza Director, DICC

More and more seniors are actively using digital platforms such as WhatsApp, email or social networks to communicate, stay informed and stay in touch with their loved ones. While this is great news, this reality also has a darker side. Indeed, older people are often more vulnerable to scams and all kinds of online scams, due in particular to the fact that they did not grow up with these technologies. That's why, as part of our security training series to mark Anti-Malware Day 2019, we decided to dedicate an article specifically to older users. This article aims to help them recognize and guard against certain techniques of fraud the most common, including phishing attempts (or phishing ) email, WhatsApp or social networks such as Facebook or Instagram.

Visit: http://delhitrainingcourses.com/blog/ for more such cyber security tips and tricks

It is often the case that adults using these platforms click on questionable links, fill in forms with their personal data or share a false offer without being suspicious. This is largely due to the fact that they are not aware of the risks that exist in the digital environment and of the way criminals act when it comes to developing their deceptions, which makes them a easy target to rip off.

A recent New York Times article claimed that scammers find the most vulnerable audiences among seniors. It included the story of a woman who used the Internet to buy a dog and who, after performing a search on Google, entered a fake site which has usurped the identity of the site which she thought she was accessing. What ultimately happened was that after writing an email to the alleged company and being offered a discount on the price of the puppy that interested her, the wife and her husband were deceived, but not without first transferring $ 750 to the fraudsters.

Phishing: a deception still as flourishing as it is dangerous

Although criminals use different modus operandi to conduct their campaigns of deception, we will focus here on a particular example, which stands out for its frequency and its formidable effectiveness: phishing.

In general, this model of deception begins with a message or publication that reaches the victim through a digital means, such as email or a social network, in which criminals pose as an entity or a brand of trust so that the victim takes a measure contrary to their interests, such as giving their password, credit card number or other personal data.

Although this malicious practice dates back over 20 years, it remains very effective for cybercriminals, mainly because users find it difficult to recognize it effectively.

Below, we explain in a simple way how to recognize a phishing attack, according to the methods that we have identified as the most common, in the following platforms: email, WhatsApp, Facebook and Instagram.

Email phishing

It all starts with an email regarding an irresistible offer, a problem with the user's account, or some other excuse, seeking to arouse the interest or fear of potential victims. Although the email may contain an attachment, which we should not download or open if we are not sure that it is a legitimate email (because it may contain malware), the technique most frequently used is a link that takes us to an external site where our information will be stolen.

As an example, we recently discussed phishing mail campaigns in which the identity of Netflix has been impersonated , messages (emails or SMS) claiming to come from the Ministry of Revenue , a well-known online payment platform. , a Colombian bank and another in Peru , as well as phishing campaigns simulating online shopping services such as Amazon .

Phishing via WhatsApp

As in the other platforms described in this article, with the arrival of WhatsApp, the criminals found a scenario that allowed them to reproduce this model of deception.

Unlike the way the message arrives by mail, in the case of WhatsApp, it is usually a message that contains a link and sends us a contact who shares it, believing that it is something legitimate, as was the case, for example, for these campaigns detected this year where the identity of Spotify , Nespresso , WhatsApp or Nike .

Phishing on Facebook

Phishing campaigns on Facebook can be done by private message. However, unlike WhatsApp or email, phishing on Facebook also works by posting on a wall, which can range from false advertising to the publication of a contact who, probably the victim of a deception, has published information that leads to a site that seeks to steal your information.

Some phishing campaigns on Facebook that we have analyzed in recent years were, for example, deceptions in which the victim was tagged in the publication of a supposed video, as for example here , or this banking Trojan horse posing as an advertisement for McDonald's .

Phishing on Instagram

Of the four platforms analyzed here, Instagram is the most recent. As on Facebook, in this social network, most phishing campaigns start from false advertisements which direct victims to shopping sites or seek to steal information after filling out a form, but they can also start from a direct message from a stranger that catches your eye.

A well-known phishing campaign that has been circulating in Instagram for a long time masquerades as the eyewear brand Ray Ban and seeks to steal personal data and login information from Instagram users. Generally, in this campaign, after having stolen the references from the victim's Instagram account, it publishes in the stolen account advertisements for Ray Ban eyewear offers.

Conclusion

Phishing is another technique that kills many people due to the ignorance of users. We hope that this publication can be useful for the elderly and that they can learn to recognize this type of deception when it occurs. On the other hand, in addition to knowing the threats and risks that exist online, we recommend that you use an antivirus solution on your computer and your mobile devices and activate multifactorial authentication on each of the platforms that offer this. option.

Join Ethical Hacking Course in Delhi From DICC to learn more IT Security Tips and Tricks.