Smart mobile phones and computers must be locked automatically, and the device must be put into locked mode when leaving it unattended. Network passwords should only be shared with trusted individuals, the disk should be removed if the device is sent for repair, and saved passwords in web browsers should be reset. Attachments in incoming emails should be handled with caution. Experts emphasize that phishing, pirate and malicious software, and ransomware are among the leading cyber-attacks targeting individuals, stating that attention should be paid to links in emails sent via email, and .exe, .bat, and .com files downloaded from the internet. Experts recommend accessing banking applications from mobile devices against cyber-attacks.
Here are recommendations to protect you against cyber-attacks…
Dr. Lecturer Ahmet Şenol, Head of the Cyber Security Master's Program Department, English Computer Engineering Department, Faculty of Engineering and Natural Sciences, Üsküdar Üniversitesi, made evaluations regarding cyber-attack methods and shared important recommendations.
The definition of cyber security is changing
Stating that the definition of Cyber Security differs for institutions, companies, states, and individuals, Dr. Ahmet Şenol said, “From an individual's perspective, we can define cyber security as the careful use of our technological devices and accounts, and the precautions we take, what we do, and what we don't do to minimize the risks of potential attacks or malicious situations. We can also call it being prepared against a cyber-attack. We can define a cyber-attack as conscious and malicious actions taken by an individual or organization to take over, block, or cause a system or account of another individual or institution to malfunction.” he stated.
Among the most common types of cyber-attacks…
Dr. Şenol also talked about the phishing method, generally sent to individuals as an email, which directs them to a fake website:
“In the phishing method, the email message uses visuals to state that the person has won a prize or needs to correct their account information, and that they can do this by clicking on the link in the email. It is one of the most common types of cyber-attacks. When a person clicks on the link specified in the email sent to them, they are actually directed to another fake site that has the appearance of the web site of the institution they receive service from. When the victim, who clicks on the link, enters their customer number and password, this information will not go to the user code and password verification system it truly belongs to, but will be recorded in the cyber pirate's own database. Since the pirates have obtained the desired information here, the hourglass on the login screen of the pirated fake software they have created will continue to spin for a relatively long time, and then they will terminate the operation with a message such as 'Sorry. Our bank is temporarily out of service.' To combat phishing attacks, we should not open such emails and pay attention to the web address the link directs us to.”
Mobile banking applications should be used
Dr. Ahmet Şenol stated that the safest method for internet banking today is to install the relevant bank's mobile application on our own mobile phone, perform internet banking through the bank's mobile application, effectively use the phone lock, and not let others use our smartphone, and warned that we should not access internet banking by clicking on a sent link.
Attention should be paid to downloaded file extensions
Dr. Ahmet Şenol stated that another type of cyber-attack against individuals is when computers or mobile devices turn into devices used in cyber-attacks without the user's will, and said, “For example, when searching for subtitles for a downloaded movie on the internet, if you click to download subtitles on one of the sites brought up by the search engine, the file extension, which should be .srt, is uploaded as .exe. Thus, when the .exe file is run, there is a 99% chance that malicious software will infect the computer. This malicious software can either turn the computer into a soldier for someone else's cyber-attack or be spyware that captures keystrokes and sends them to another address. Keystrokes often include user codes and passwords. Attention should be paid to the type and extension of downloaded files, and pirated software and content should be avoided. The vast majority of cracked pirated software downloaded from the internet contains malicious software. Especially if we are not sure of the sender of executable files with .exe, .bat, and .com extensions, we should not open or run them. Even visiting websites where pirated content is downloaded with a web browser can infect the computer with malicious software.” he said.
Devices should be constantly updated against ransomware
Dr. Ahmet Şenol stated that ransomware is among the malicious software that can infect mobile devices and computers, and said, “Ransomware is contracted due to reasons such as running an executable file attached to an email or a security vulnerability in a program installed on the computer. In a ransomware attack, generally, all data on the person's disk is encrypted, and the device owner is asked to deposit a certain amount of money, usually in cryptocurrency, into an account. If the money is deposited, it is promised that the key to the encrypted files will be given, and the encryption will be lifted. According to data from the European Union Agency for Cybersecurity, the average ransom amount demanded per incident by cyber attackers in 2021 increased from 71 thousand Euros to 150 thousand Euros compared to the previous year. According to the same agency's data, a total of 18 billion Euros in ransom was paid globally for ransomware, including in 2021. Against ransomware, our device should receive updates and security patches, and our data should be frequently backed up to an external memory, with the physical connection of the external disk where the backup is taken being severed from the device. If we have a current backup, even if the ransomware encrypts our data, we can reinstall our system, restore from the backup, and avoid paying the ransom.” he said.
Here are simple and effective protection methods
Dr. Lecturer Ahmet Şenol, Head of the Cyber Security Master's Program Department at Üsküdar Üniversitesi, listed simple precautions that can be taken against cyber-attacks as follows:
Smart mobile phones and computers must be locked automatically, and the device must be put into locked mode when leaving it unattended,
Work and home wireless network passwords should only be shared with trusted individuals and changed periodically,
When sending or selling our device for repair, its disk should be removed, important data should be backed up, files should be securely deleted, and especially saved passwords in web browsers should be reset,
Our computer password should not be written under the keyboard, behind the monitor, etc.,
Attachments in incoming emails should be opened carefully, even if they come from a known email address,
Be careful against phishing attacks,
Do not use pirated software on devices, and unused software should be removed.