BEGINNERS GUIDE
Beginner’s Guide
Welcome to our Beginner’s guide.
This guide is tailored for those who are new to the concepts of cyber crime and cyber security. Here, you’ll find short, easy-to-understand explanations of essential topics that will help you stay safe online. We'll also guide you on which articles to read and which short videos to watch to advance your journey towards being Safe From Cyber Crime.
​
​So let’s jump straight in to the most important thing you need to know.
Are you really a target?
You might not consider yourself a typical target for cyber criminals, unless you're a high-profile individual like a government official or a senior executive. However, it's not just about who you are, but about the technology you use. Much like the common cold doesn't target specific people but looks for susceptible systems and many cyber attacks seek out weaknesses and vulnerabilities in the devices and systems we all use. So, while you may not personally be singled out, your devices will be, making your chances of encountering a digital 'virus' 100%.
In the digital world, understanding the landscape of risks and how to navigate them safely is key. Just as you learn to handle everyday risks through advice from family and mentors, this guide aims to equip you with the knowledge to enjoy your digital life safely, securely and without incident.
Key Topics:
In this beginner’s guide we take a brief look at the criminal’s key tactics that they don’t want you to know.
-
Social Engineering: How criminals manipulate your emotions and behaviours
-
Phishing: Attacks in your emails
-
Online Fraud: Staying ahead of digital deceptions and scams
-
Social Media: The attacker’s window into your personal life.
-
Passwords: The keys to your digital home
-
Device Updates: Automatically fixing the broken windows of your digital home
All of these topics are covered in our full articles, but for now, let’s take a quick look at the main points from each. So dive into each section to quickly build a strong foundation in cyber security. Let’s get started on your path to a staying Safe From Cyber Crime
Social Engineering: How criminals manipulate you.
Social engineering exploits a universal human trait: our emotional responses. Cybercriminals manipulate feelings like fear, excitement, or trust to provoke actions that you wouldn't normally take, such as clicking unsafe links, divulging sensitive information, or buying something that seems too good to be true.
We have an article here on Social engineering which goes into more detail, but the emotions to be aware of are:
-
Fear: Often manifested through threats, such as the exposure of sensitive information unless a ransom is paid. Example: Receiving an email threatening to release compromising photos unless you comply.
-
Panic: Created by instilling a sense of urgency to make you act quickly. Example: Alerts that your account will be locked within 24 hours unless you verify your identity by clicking a link.
-
Excitement: Offers that seem too good to refuse can lead to risky decisions. Example: An unbelievable bargain on a high-value item.
-
Curiosity: Limited information provided to spark your interest, compelling you to explore further. Example: An email from an unknown sender asking you to open an attachment to see something interesting.
-
Compassion: Leveraging your desire to help others, used to solicit donations or personal information. Example: A fake request for aid, claiming to help someone in immediate need.
-
Anxiety: Exploiting fear of authority or dire consequences. Example: A call pretending to be from the police, alleging a family member is in trouble and needs immediate financial assistance.
-
Trust: Abusing established relationships or impersonating reputable entities. Example: A message from someone appearing to be a close contact asking for a money transfer due to an emergency.
Social engineers often use a blend of these emotional triggers, often enhanced by personal details they've gathered to make their scams highly convincing.
Learn more:
Check out our Social Engineering article for a more in-depth explanation and to watch a real life recording of social engineering in action.
Phishing: Attacks in your emails
Phishing Overview
Phishing involves deceptive emails that mimic legitimate sources to steal personal and financial information. Similar to actual Fishing, attackers use ‘bait’ to try and get you to ‘bite’, only instead of a worm, the bait used for Phishing is nearly always social engineering to lure victims into their traps of opening malicious links or attachments. Is it surprising that Phishing is the most common type of cyber attack for everyone when there are over 4.3 billion email addresses globally.
In short, if you have an email address it’s likely you’ve either already received a phishing email, or if your email address is new, you’ll receive one very soon!
Protection Strategies
Email Filters: Most email providers use spam filters to automatically block suspicious emails from reaching your inbox.
Anti-Virus Software: An anti-virus can help mitigate the impact of phishing by identifying and neutralizing threats. Explore our recommended anti-virus tools on our product review page. ADD LINK HERE
Recognizing Phishing Emails
Phishing can appear in various forms:
Social Engineering: If an email is trying to make you feel a strong emotion, it’s likely a phishing email and should be treated with caution.
Links and QR Codes: Links and QR codes within the email may direct you to malicious websites, download malicious software on to your device, or direct you to a fake website. By exploring our full article on Phishing on our Email Security page, you can learn how to see where a link and QR code are sending you.
Attachments: Unlike links and QR codes, attachments can’t always be ‘read’. So if an email contains an attachment and social engineering, consider it a phishing email.
Information Gathering: Some phishing attempts aim to collect personal information subtly. If an unexpected email asks for personal details or tries to initiate a relationship, it's definitely from someone with evil intent.
Key Takeaways
If an email triggers strong emotions, pause and reevaluate. If unsure, avoid clicking on links or opening attachments directly from the email. Instead, access the supposed source directly through official websites or verified channels.
Stay informed and vigilant to protect yourself from email-based cyber threats. Visit our full article on Phishing and our interactive practice section, Real or Phish.
Online Fraud: Staying ahead of digital deceptions and scams
Fraud is a pervasive threat in our digital lives, exploiting vulnerabilities not just in our systems but in our human psychology. The reason why we started this guide with Social Engineering as it’s at the core of most cyber crime, and all types of fraud.
Common Types of Fraud
Identity Theft and Banking Fraud: Involve stealing personal information to access your financial accounts, or create accounts in your name.
Key warning signs:
Unauthorized transactions or withdrawals from your accounts, receiving bills or statements for accounts you didn't open, noticing unfamiliar inquiries on your credit report, and suddenly being denied credit or receiving calls from debt collectors for debts you don't owe.
Investment and Real Estate Scams:
​Trick you into putting money into fraudulent ventures.
Key warning signs:
Promises of guaranteed high returns with little or no risk, pressure to invest quickly without providing sufficient information or time for due diligence, lack of verifiable credentials or registration with regulatory authorities.
Romance Fraud:
Exploits emotional connections to deceive you into sending money.
Key warning signs:
Profiles that seem too good to be true, the person always has a reason to not meet you in person, they declare their love very quickly, once they have your trust they will begin to ask for money, usually via hard luck stories.
Online Shopping Scams:
These scams typically involve fake online stores or selling products that never arrive.
Key warning signs:
Offers too good to be true, they will ask you to move off of the shopping site and make a direct transfer to them, lack of contact information or customer support, and poor website design or spelling/grammar errors.
Cryptocurrency Scams and Lottery Fraud:
Use the allure of quickly gaining wealth to steal from you.
Key warning signs:
Unsolicited investment opportunities promising high returns with little risk, pressure to invest quickly or keep the opportunity secret, and requests for payment or personal information upfront.
Computer Software Service Fraud:
Often involves scammers pretending to offer help with computer issues when none exist.
Key warning signs:
Unsolicited calls or messages claiming to be from tech support, requests for remote access to your device, pressure to make immediate payments for supposed services, and claims of viruses or malware on your device that you didn't notice.
Sextortion:
Uses compromised personal information, photos or footage to blackmail victims.
Key warning signs:
The person entices you to send explicit photos of yourself, threatening to share compromising images or videos if you don't comply, and demands for money or further explicit material to prevent exposure.
Prevention and Reporting:
Awareness is your first line of defence. Check out our page on Fraud and explore the different types of fraud which will help you recognise if you’re being targeted. Act immediately if suspect fraud and report it. Information on how to report fraud in your country can be found on our Reporting page.
Social Media: The attacker’s window in to your personal life.
Social media platforms, integral to our daily communications, also serve as fertile grounds for cyber criminals. Every bit of information shared can potentially be used against you. For instance, publicly sharing your running routes or vacation photos can inadvertently reveal when you’re not home, increasing your vulnerability to crimes such as burglary or identity theft.
Understanding Social Media:
Social media includes well-known platforms like Facebook, Instagram, and X (formerly Twitter), but it's broader than that. It encompasses any online communication channel that allows users to share information, from YouTube to MyFitnessPal to Tinder. Our aim is to help you share safely and enjoy these platforms.
Oversharing:
Oversharing on social media can lead to:
Identity Theft: Using details like your full name and birthday, criminals can impersonate you.
Advanced Social Engineering Attacks: Criminals use personal information to craft believable scams.
Advanced Phishing: Personalized, convincing phishing schemes are crafted using your publicly shared information.
Stalking and Harassment: Sharing location details or routines can lead to real-world dangers.
Cyber Bullying: Personal experiences shared online can expose you to bullying.
How to Protect Yourself:
Protection is about being mindful of what you share and who you share it with:
Content: Think before you post. If you wouldn’t want someone specific to see it, don’t share it.
Audience: Adjust your privacy settings to control who can see your posts. Never assume these settings are in your best interest by default….as they’re not!
Before posting on social media, spend a few minutes to check and adjust your privacy settings. The two minutes it takes you can save hours of pain in the future.
For a detailed walkthrough on adjusting privacy settings on popular platforms and more on the risks of oversharing, check our dedicated articles on our social media security page.
Passwords: The Keys to Your Digital Home
Passwords act as the primary defence for your digital assets, just like locks on your doors. They protect your money, personal information, and other valuable digital possessions from unauthorized access.
Common Threats:
Credential Stuffing: This occurs when cybercriminals use previously breached passwords to try to access various accounts across the internet, as they know that many people use the same password without knowing it. Using compromised passwords significantly increases your risk.
Password Guessing: Simple and commonly used personal information (like birthdays or pet names) can be easily guessed by attackers. Avoid using easily predictable passwords.
The Domino Effect: Using the same password across multiple sites means if one account is compromised, all accounts with that password are at risk.
Strengthening Your Passwords:
Strong and Unique Passwords: Each of your accounts should have a unique password that is long and has not been involved in previous breaches.
​
Use a Password Manager: A password manager can generate and store strong, unique passwords for each of your accounts. You only need to remember one master password.
Benefits of a Password Manager:
Convenience: Automates the creation and recall of passwords for various sites and services.
Security: Ensures that each password is unique and complex, reducing the risk of account breaches
For more detailed guidance on creating a strong master password and to see our top recommendations for both free and paid password managers, visit our Password Management page.
Device Updates: Automatically fixing the broken windows of your digital home
The shortest section on the beginner’s guide. Not because it’s not important but because this is the easiest thing to explain!
​
Every time your device or app says it has an available update, that is basically the creator saying ‘Hey, we found a problem, here is the fix’. Now…everyone with that device or app gets this notification, including the bad guys. So just like a broken window in your home, the longer you leave it broken, the more time criminals have to use it to break in.
The quick fix:
Update any device or app whenever an update is available
Set up automatic updates to ensure they’re installed promptly without manual intervention
.jpg)
You’ve completed the beginner’s guide.
You’ve gained a brief overview of the most crucial aspects of cyber security and has given you a great start.
Now download, or view our Beginner’s checklist and continue your journey to Staying Safe From Cyber Crime.
