Drawing attention to digital risks within the scope of 10 February Safer Internet Day, Asst. Prof. Fatih Temiz, Head of the Department of Computer Engineering at Üsküdar University Faculty of Engineering and Natural Sciences, explained the precautions individuals should take in their daily internet use and emphasized that safe internet use is no longer a preference but a vital necessity.
Asst. Prof. Temiz stated that personal information shared on social media and mobile applications can create serious security risks and said, “A very simple application may ask for access to your contacts, location, microphone, camera, and photos. This data can be used for blackmail or sold to third parties for commercial purposes.”
Highlighting the importance of two factor authentication, Temiz said, “Two factor authentication can prevent a very large portion of attacks.”
Safe internet means eliminating risks in the digital world
Asst. Prof. Temiz noted that the concept of safe internet is often perceived as merely a technical issue and said, “By its nature, the internet contains various security risks. In the broadest sense, safe internet means eliminating these risks in the digital world. Just as we lock the doors of our homes and cars, close our curtains, and do not let strangers into our homes in real life, we must take certain precautions to protect our data, privacy, and money while using the internet. Otherwise, our bank accounts may be emptied without us even realizing it, and we may even be burdened with additional debt through loans taken in our name. A company may be established in our name and illegal activities may be carried out through it. Our private messages and photos may be misused. Therefore, safe internet use is of vital importance in order to avoid both material and moral damage.”
The most common threats are phishing and social engineering attacks
Asst. Prof. Temiz stated that phishing and social engineering attacks are among the most common threats encountered online and continued: “Attacks known as social engineering, which are less technical and more focused on exploiting people’s inattention or lack of awareness, are the most common types we may encounter. These are mostly carried out with a phishing logic. They try to steal your data by imitating a bank, cargo company, government institution, or well known company. They attempt to take advantage of people’s momentary excitement or panic through messages or emails such as ‘You won a prize,’ ‘You inherited money,’ or ‘You have unpaid debt.’ Similar to fraudsters who call by phone pretending to be soldiers or police officers and say, ‘Your name is involved in a terrorism investigation.’ If they try to panic you or rush you, you can understand that this is a phishing attack. In addition, when they ask you to click a link, they may use a website name very similar to the official one, for example with only one letter changed, a hyphen added between words, or the extension changed from .com to .net. In such suspicious situations, instead of clicking the link, we should visit the official website of the institution and check whether the address is correct.”
Malware can silently monitor you
Emphasizing that another important threat group is malware, Asst. Prof. Temiz said, “These are more technical attack types and are quite widespread. Examples include viruses, trojans, and spyware. They can infiltrate your computer or phone and steal your passwords or monitor you through your camera. They usually appear on ‘free movie watching’ or ‘free game playing’ websites. For example, if you need to click the play button several times on a movie site and unrelated windows open each time, you are most likely being made to click another invisible link through what is called a transparent layer. In this way, you may unknowingly grant access to your camera or data.”
Sudden changes in device performance are an important warning signal
Asst. Prof. Temiz stated that sudden changes in device performance can be an important warning signal and said, “If your device starts to slow down for no reason or its battery drains very quickly, you may suspect a virus or spyware. Therefore, it is important not to download files or applications from unofficial and unreliable sources. Sometimes you may think you are downloading a book in pdf format, but it may actually be an executable malicious software. Our identity numbers, dates of birth, and mobile phone numbers may also be targeted by attackers. We should not share this information unless necessary and not with unreliable parties. If unrelated identity information such as your mother’s maiden name is requested while filling out an online form, your data may be at risk.”
Social media posts may threaten security
Asst. Prof. Temiz emphasized that personal information shared on social media and mobile applications can pose serious security risks and said, “If you share on social media that you are on vacation with your family and this information is obtained by malicious individuals, your home may become a target for burglars. School, workplace, or address information may be used as security questions on websites. Even these simple pieces of information can be exploited to access your sensitive data. With the development of artificial intelligence, your voice or image can be copied through deepfake and money may be requested from your relatives. The more personal data attackers have about you, the easier it becomes for them to convince others. You should also be careful with mobile applications. A very simple application may request access to your contacts, location, microphone, camera, and photos. This data can be used for blackmail or sold for commercial purposes.”
Two factor authentication prevents most attacks
Stating that password security alone is not sufficient, Asst. Prof. Temiz said: “We now have dozens of passwords in our lives. These must definitely be chosen securely. However, there are two sides to this issue. Digital platforms that store our passwords must also store them securely. You may remember that many websites we used in the early days of the internet no longer exist. One reason is that they could not store user passwords securely. Therefore, we should think carefully before creating accounts on platforms whose infrastructure we are not sure about and should not use passwords that we use elsewhere. For example, if a website sends your old password to you by email when you click ‘I forgot my password,’ you should immediately cancel your membership there and change your password if you used it elsewhere. This means your password is being stored in plain text without even taking its cryptographic hash, which is the worst possible way. Regarding password security, we should not only assume that someone will try to guess our password in a few attempts.”
Even the databases of major technology platforms have been breached
Reminding that even the databases of major technology platforms have been leaked, Asst. Prof. Temiz said, “This is where the length and diversity of our passwords come into play. Many websites require passwords with at least eight characters. However, modern graphics cards can try hundreds of billions of possible passwords consisting of only lowercase letters and eight characters within seconds. If uppercase letters are added, it takes minutes to try all combinations. That is why you are asked to use lowercase and uppercase letters, numbers, and special characters. Even when all of these are considered, trying all eight character passwords would take hours. Moreover, many of us choose predictable numbers and special characters. Longer passwords are not always practical either. Therefore, service providers take additional measures to store your eight character passwords securely, unless they are extremely simple like 123456 or qwerty. As users, by enabling two factor authentication, for example by verifying with a code sent to our mobile phone when logging into our account, we can remain secure even if our password is compromised. Two factor authentication can prevent a very large portion of attacks.”
Five point guide to safe internet use
Asst. Prof. Temiz listed basic security recommendations for internet users as follows: Choose your password to be as long, unpredictable, and meaningful only to you as possible. Use two factor authentication.
Do not share your personal information on social media in a way that strangers can see.
Do not click on links from unknown or suspicious sources.
Keep your software up to date and avoid pirated software.
If you connect to public networks, use a reliable VPN.