My Personal Experience
I have been receiving phishing attacks for some time, especially on my social media pages (even though I do not have followers like a celebrity). And you are receiving it, too. Some of us may not know at all. The attacks target personal social media users and the pages.
Phishing is one type of hacking method among many. Now that everything is digital and 99% of our day-to-day activities are happening online, from our conversations to our transactions, we shouldn’t be complacent with these unethical activities hovering around our cyberspace.
If you don’t have basic ideas about the type of hacking and how to identify if it’s a hacking attempt, you will likely be in the red zone.
One of the most vulnerable ways that hackers exploit us is through our ignorance. Many people, including myself, often think, “I don’t have anything to lose.” This is a BIG MISTAKE. How many of us keep track of what we share online? What about the information our friends and family share without our consent or knowledge? When we’re unaware, we leave ourselves vulnerable, and by the time we realize it, it’s often too late.
Consider what happens if we can’t retrieve our accounts on platforms like Facebook or Instagram. All your information—passwords, ID, email, security questions—could be changed, leaving you completely locked out. Even if you report the issue to Facebook or Instagram’s technical support, they may not be able to verify your ownership since you no longer have the necessary information. You could lose your 10,000 followers on Facebook and 15,000 on Instagram forever.
Your only options might be to create a new account and start over or to plead with someone for help in recovering your account. The choice is yours: will you be extra vigilant, rebuild from scratch, or seek assistance in reclaiming what was lost?
Following are the few tips you must be aware of to keep yourself in the green zone around cyberspace:
- Know these terms:
- Hacking: Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks (social media pages, websites, etc.) (malwarebytes.com). It can be both ethical and unethical. In short, an act of stealing information is hacking.
- Why? Cybercriminals hack for financial gain (steal your information and data to sell it, blackmail you, protest, information gathering (spying) and even just for “fun” of the challenge (I was a victim of this challenge back in 2017).
- Type of hacking. Knowing at least some basics of the kind of hacking will enable you to respond appropriately should you receive any attack. I received a notification on my Facebook page from an unknown website asking me to review my security information by entering my username and password. Because I knew it was a phishing attack (an unusual activity happening in my account), I went directly to check the website’s URL (Uniform Resource Locator/address). Still, it wasn’t from the Facebook company. It should have been (www.facebook.com/help/) to be valid and authentic. So I didn’t respond, so I directly reported it to the Facebook technical team and relevant agencies in Bhutan. Because there are various types of hacking, please google it and explore yourself. Information you should draw from reading about these topics is how to identify the kind of hacking and how to respond or react to the specific type of attack.
- Keep three things updated:
- Yourself: Read about the devices and networks you are most in touch with or in use. Update yourself with the new trends, information, and stories in town and worldwide. We all are part of this small world, and the internet makes it extremely small. We are just one click away from New York, imagine. Keeping yourself updated is the most important of all. Because you are the master of your devices and networks, they listen to your commands. You should know what the dos and don’ts around these unethical activities in town.
- Your device (Phones, computers and apps or softwares). Keeping your devices updated at all times is another important step towards safe surfing. Keep an eye on the updates issued by the manufacturer of your device (phones and laptops), developers of apps you use, and networks you are connected to (Bhutan Telecoms and TashiCell). If they come across any kind of security threats around your devices or networks, they immediately issue an update and your immediate task is to update the device accordingly.
- Your network: All the devices you carry in your day to day lives, are all connected to a network. Wifi, hotspot, and internet services provided by the telecos. We are all interconnected to a centralized network. Be aware of what type of network you’re connecting your devices to. Connecting to an unknown network can easily expose your device and information to hackers and criminals. Many of us think that setting a password to our wifi is to avoid someone using the wifi and using up your data or slowing down the date flow, but that is just secondary. The primary objective is to keep your network safe and locked from cybercriminals.
- Strong password: You must set a strong password (passwords that are hard to predict and guess). Kuenzang123 or Tobgay2022 is an easy password. My friend Dendup can easily crack this password with a few attempts and jump on my facebook page to see my private messages lol. I can predict that 80% of us keep the password associated with our name, phone number and date of birth. Kill me if I am wrong. This method of assigning a password is not considered a good practice and does not fulfill the criteria to be a strong password. The remaining 20% are cyber security experts who know well about all these. There are powerful computer devices and algorithms (bots) that hackers use to crack passwords. Computer analysis shows that a password with five characters of only numbers or words can easily be broken by a computer instantly (within a few milliseconds). On the other hand, a password with 18 characters containing a mixture of numbers, lower and upper case alphabets, and symbols can take one quintillion years to crack. K@$080_=+20kToL looks like a bulletproof password. Forget the human brain; even computers will take 2 trillion years to crack this password. Setting a strong password is extremely important.
- Two-factor authentication. This is an extra layer of security that should be enabled on our social media sites or websites. Enable this feature on any devices or sites you use. Two-factor authentication is how your page or website confirms a user’s identity by combining two different components, typically the account password and a confirmation code sent to the user via text message or email. The primary objective of this method is to ensure that the right owner is trying to access the site. How does it work? Let’s say Facebook. When you create a Facebook account, you must provide a phone number, email, or both to sign up to create an account. Facebook will ask if you want to enable this two-factor authentication every time you log in. Whenever you log in to your Facebook, you will send a secret code via your phone number or email soon after you enter your username and password. You cannot log in even with your correct password and username unless you enter these codes in the Facebook dialogue box. Only the right owner of the Facebook page will be able to know the correct username and password and have the phone number and email address accurate and valid. It is important to note that you must keep your phone and email account safe for this extra layer of security. Almost all social media sites and websites make this activation a mandatory part of the security layer. I would instead take these few extra efforts to keep the accounts safe rather than lose all this valuable information and access.
There are other essential methods, too; However, I will leave it up to you to read further. I could only think of this information for now.
Report to the following agencies for such cybercrimes(add if any relevant agencies are left out):
- Bhutan Computer Incident Response Team (BtCIRT)
- GovTech Agency
- Bhutan Telecom
- Tashi Cell
- Royal Bhutan Police
Disclaimer: The views expressed in this text are solely those of the author and do not necessarily reflect the views of any mentioned agencies. This information is intended for educational purposes only and is meant to provide general information. It does not offer specific advice nor guarantee complete safety against cybercrimes and attacks.
