Every 6th of February is Safer Internet Day and Gradiant would like to tell you the story of our friend Pepe. We are sure that everyone can learn a lot about our own Internet safety from Pepe…
The story of Pepe
First of all, you need to meet our friend Pepe. Pepe is a normal guy, who has just started his 30’s and works in an office in the city centre where he lives. Pepe is a little ‘techie’ and he likes all the possibilities new technologies offer: shopping, banking, contracting services… and the possibility of doing it from anywhere with his mobile phone.
This year Pepe has decided to become fit because “years do not forgive and we are no longer 20 years old”. As he lives near the sea, he wants to take advantage of this to join the fashion runner. For this, Pepe downloads a mobile application that sets pace, distance, pulsations and even shows him his route on a map. Pepe is excited.
After his first race, Pepe is reasonably satisfied with the records he makes… 8.8km is a good time, so he decides to share his route and results. Doing so permanently scares him a little, so he decide to use the app’s stories knowing that it will be active only 24 hours a day and he can share the new results the next day if he want.
Like a good sportsman, Pepe needs to recover liquids after training, and the best place for it is a bar under his house. To complete his stories he takes a selfie with his favourite isotonic drink and upload it to the social network taking advantage of bar’s open Wi-Fi because he wants to save a few MB on his data rate.
Our friend, who is a man of fixed ideas, knows that constancy will help him achieve his goal. That is why he trains every Monday, Wednesday and Thursday afternoon.
Unfortunately for Pepe, one day fate wanted him to be watching a runners forum to compare results at the bar. That forum was not secure and it did not redirect to the secure portal to log in to HTTPS by default. And fate, which is capricious, wanted Pepe (to his misfortune) to log in.
Our friend, who is very aware of the precautions to be on the Internet, knows that he has to have different passwords for each social media. Pepe has two: one for important services such as e-mail, and another for services that are not as important.
After several weeks of training, Pepe continues his routine of recovering liquids at the bar under his house. That day he receives an e-mail while he is drinking his favourite isotonic drink and some olives. Unfortunately for Pepe, fate wanted the e-mail was interesting and Pepe wanted to read it. The e-mail had a link to access an exclusive offer for runners and it was a fake link.
Encouraged by the price, Pepe thinks he cannot afford to miss the offer because it is from a famous, trusted home delivery store. However, it is not, it is a fake. Warning that this is not a secure page pops up on Pepe’s smartphone, but he thinks the page is reliable.
Our friend, who is a daredevil, accepts the risks. You only live once and it is a very good offer…. Fate wanted the famous store was in the category of important pages for Pepe. Fate wanted, or rather Pepe, that he had the same password for the important pages. Unfortunately for Pepe, he logged in.
After two months of waiting, Pepe has still not received his new sports shoes with matching socks. Our friend suspects it was all a scam. Today Pepe is not going to do his training. Worried about his credit card, Pepe goes to his bank and to the police to report the offer and he hope to recover his 19.95€.
Pepe read once that passwords should change periodically but he does not do it.
Unluckily for Pepe, fate wanted cyber-criminals use Pepe’s password for other important services, such as e-mail or his friend’s favourite public cloud, where he saves all his photos. Unhappily for Pepe, the hackers encrypted the entire contents. Regretfully for Pepe, the cyber-criminals demanded a ransom in exchange for retrieving all the information.
Like most of us, Pepe has no backups because he trusts in the cloud. He can always access your files. Unfortunately Pepe cannot do it. Pepe has a ramsonware.
What have we learned about our friend Pepe?
- Beware of geolocation. Mobile applications usually use geolocation. Some as in the case of Pepe mark your route and they can reveal your house location or your frequent places.
- Be careful of temporary videos. Although the stories cannot be seen after a few hours, this is no guarantee that they will be erased. Remember that any user can get a screenshot. By geolocation and photos, hackers knew where Pepe was.
- Avoid Wi-Fi networks without a password. Traffic is transmitted unencrypted, that is the point where hackers got valuable information from our friend Pepe, such as his e-mail. Therefore, the hackers prepared a poison e-mail for Pepe.
- HTTPS to transmit important data. To transmit relevant data you must always use HTTPS via initiated by us. In the forum case, it had a secure portal but also an insecure one, where Pepe logged in.
- Pay attention to e-mails received. We must be careful with our e-mails. Our friend got an e-mail imitating a store to impersonate it, and it steal his password and credit card number.
- Be careful of browsers on mobile devices. Smartphone browsers are limited to screen size. When prioritizing design over security, many times we cannot tell if we are really looking at the real page or imitation because the browser hides the search bar.
- Read all the notifications. Do not be a reckless like Pepe. If a trusted page never gives us a bad notification, and one day a RED warning appears, something is probably wrong. It’s better to hold on and wait than to lose everything.
- Shop in safe web sites. Shopping on Internet should not be taken lightly. You should shop only on reliable sites, assuring you that we are not dealing with a copycat page, and in the event of any problem cancel the card and report it.
- Change your passwords periodically. It is important to change your password periodically and never have the same password for all the services we use. We know that it is difficult to remember them all, but we can also choose a second authentication factor.
- Back up your files regularly. Although the cloud is much more convenient and we can access our data from anywhere, it never hurts to have a backup of important files on an external hard drive, for example.