9. The Application of Cybersecurity: Principles and Practices 249 point for all web browsing. All traffic that flows to a VPN must still first go through the untrusted wireless router, but the traffic cannot be read or undetectably tampered with by the router. When using a VPN, the user shifts trust from the local Internet gateway to the VPN provider, mitigating the risks of attacks like the evil twin attack (more on VPN best practices below). An even better option than using a VPN is connecting to a personal mobile hotspot instead of public wireless networks. However, this requires the user to have access to a mobile hotspot through a cellular provider which can be expensive, and in some locations a cellular signal may not be available. 9.2.5 Online Safety “I am sending you out like sheep among wolves. Therefore be as shrewd as snakes and as innocent as doves.” - Matthew 10:16 Most cyber threats are invited in from online. People can be lulled into a sense of safety and anonymity online and forget to be vigilant. This section covers some basic online safety measures. 9.2.5.1 Avoid the Dark Alleys of the Internet In physical space, some places are scarier than others. Dark alleys are places where a person could be robbed or assaulted. Most people instinctively avoid dark alleys, sensing the potential danger. The dark alleys of the Internet are not so obviously dangerous because the visceral sense of being physically vulnerable is not present. Examples of such online places include websites promoting illegal or immoral activity such as those offering free downloads of copyrighted software like games, textbooks, music, and movies. Visitors of these sites are already morally compromised, and this makes them more vulnerable to being victimized. Cyber criminals use sites like these to entice people to click on links to draw them further into danger and to download files that come laced with viruses and remote access trojans. Users of these sites may later notice unusual behavior on their computers but be reluctant to seek help for fear that their browsing history may be exposed. This reluctance can provide hackers more time to compromise their victims. Users may also enter into relationships with strangers they meet online. Bad actors assume fake identities that they use to cultivate trust relationships with unsuspecting victims. Catphishing is a social engineering attack where a bad actor creates trust through online interactions and then manipulates victims financially, emotionally, or otherwise. Attackers may deceive a person into sharing private information, pictures, or videos and then turn around and use that information to blackmail the person by threatening to share it with their friends, families, or co-workers. This could result in further humiliation and harm at the hands of the attacker. Attackers can be ruthless, threatening physical harm to the victim and their loved ones. Although these threats are empty, they can scare the victim into silence and prolong the abuse. If a person has been victimized in one of these attacks, they must ignore the threats and seek help by telling someone what happened—this is the only path to freedom.
RkJQdWJsaXNoZXIy MTM4ODY=