Cyber hygiene

I want to share with some thoughts and knowledge that I've been gathering so far. Knowledge that I will be sharing throughout research will be ONLY IN EDUCATIONAL PURPOSES.

Whoami: I am currently learning Cyber Security(CS). I think this is enough brief-info, since I need to keep my anonymity.

The purpose of this article was to append your knowledge in terms of hygiene on the Internet. Why we have to be cautious while using Internet? There are a lots of answers for this kind of question, but the main reason is to keep our resources in secure. In addition, no one wants to lost access or something to be leaked, which could lead to danger in their life.

Now, Let's see what is Dark web? Everybody knows, we have clear web and dark web.

(Read everything carefully)

The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location.

Whereas,  The clear web is the section of the internet that is the most publicly accessed. It’s the internet we use on a daily basis and includes web pages that are largely indexed on search engines. Briefly, we use it for our daily needs. (I was writing how to get an access to the darknet, but I am afraid this post will be deleted, once I inform you.)

Darknet is the place where, all hackers around the world might have a conversation/deal, because they can not use clearnet, since they can be caught by grabbing their IP addresses or gathering information by their social media, so that, they have to keep anonymous.

So, Now, we will review how they can attack us

There are a lot of options how to attack your account or any social media but we will cover common methods. The most common cyber attack is fishing, it's like to throw the fishing rod and try to catch fish. How they can perform these actions and how we can recognize it? Everything is too simple, they could create fishing web-site and send it to you whereas you will never notice that it could be scam site or link. Once you open the link, whey will see your IP-address, by knowing IP-address, they can do lots of danger actions. The first thing what they can do is Ddos/Dos attack your IP-address or to gather information about your IP-address where you have been landing so far and start to attack psychologically, as soon as they attack your address your internet will slow down or even it can stop working, that's the last danger thing what they can do so far. I do not know everything, since on the darknet there is something new everyday. What they can do else? So, there are one vulnerabilities, as soon as you click the link you may lost your passwords that are saved in your computer/laptop, but about mobile phones I am not sure yet, but if there is one that can stole from PC, I guess there is another that can steal from mobile phone. Imagine, your data that is saved, everything that you have been saving may leak.

Here is the question, how we can recognize whether its scam link or not? First thing what we can do is to check the URL link, if its a yandex link you should check carefully, it could be changed to something like: yendeex... and etc or yandex.su, when the real URL link for Yandex is yandex.ru...

You may ask how they can attract your attention to click the link, so, before creating fishing web-site, they learn your personality, what attracts you or excite and then will send you link. There was a year when bloggers lost their accounts on social media, that time I could not realize that it is kind of scam, because simply I did not know about it anything. Recently, I did research how they lost their accounts and you can not even imagine how they lost it, that was the stupidest thing I've ever seen. Scammers sent them link where everything was formalized classic as it should be, they sent message on behalf of supports, so they sent message as support, whereas, bloggers had to follow the link and write down login as well as their password that's it! It is too stupid, isn't it? That's how lots of bloggers lost their accounts.

Another way of scamming is social engineering.

As it was mentioned above, hackers are those who learns your personality and try to attract you for fishing web-sites and sometimes they are ready to pay to attack you. They may search information about you and find out with whom you have strong relationships or just who do you often talk to and pay to them for sending URL that may contain virus your phone or PC. Social engineering has a lot of options, still people are going throw the links and writing their passwords and all private information just because people aren't know yet what is Cyber Hygiene. Therefore, before writing card's password, check URL link. Recently, I've read one article, whereas some brilliant guys after stealing mobile phone (iphone) they sent to the victim's number link URL link where victim could follow the link and "could return it". URL was something like Icloud..., while the real URL for getting back your phone is icloud... As you can see, they are almost the same URL links and the thieves did a great job, since victim wrote all the info beginning from the password of lock screen ending to the icloud passwords.

Brute-Force.

Brute-Forcing is something like password guessing, they purchased database in txt file where a tons of passwords were leaked, so that nobody can guarantee your account has something like different password, last time I saw it was nearly 10 million and its appending day-by-day. Hence, I want to force you to setup a verification code, bind your number for your account. Try to setup different passwords for each site or an app. However, some sites do not contain such option, therefore, save your passwords somewhere, where you can get it at anytime and at anywhere (I do save it in my mind). so the password have to contain some uppercase letters, numbers and at least your password length should be 10 symbols or more, sure it would be much better to have at least 25 symbols, which means anyone can hack it with Brute-Forcing method.

I think you will start thinking deeply after reading this article, once you purchase link or recognize something suspicious in your account, stay safe.