9. The Application of Cybersecurity: Principles and Practices 251 manipulate them and shape their opinions. For example, Facebook users could be shown targeted propaganda designed to subtly shift their political views further to the right or the left. Facebook (since renamed Meta) did not violate any laws, but their founder and president, Mark Zuckerberg, was forced to testify before Congress about their privacy practices, and many people believe that what they did was unethical. This is a good illustration that there is no such thing as a free lunch. When online, if you are not paying for the product, you are the product! 9.2.5.3 Exercise Caution In addition to the dark alleys of the Internet, users can be exposed to danger anytime they are online—they are only one click away from compromise. When users download files and click on links, they are exercising trust and need to be cautious. Downloading files whether from a website or in an email is a risk because any file could contain a virus. Installing programs from unknown or unvetted sources is clearly dangerous, but merely opening files, including documents, pictures, and videos, can also pose a risk. Phishing emails are a prime example of how a user can be attacked online (see Section 4.1.2.1). Links in emails can sometimes be deceiving. A user should always hover over a link to verify the URL before clicking—the link text may not always match the actual URL (see Section 2.4.3). Subdomains are not officially registered so domain name owners can choose any text they want for a subdomain, and bad actors have no problem including trademarked names. If the primary domain looks suspicious, then a user should not click on the link. Phishing emails will sometimes include an official-looking subdomain to trick users into clicking. For example: www.amazon.customerhelp.com/feedback connects to a customerhelp.com server, not an Amazon server (i.e., the primary domain is not amazon.com). URLs with such a deceptive structure are indicative of phishing attacks. Copying and pasting from online can also be dangerous, especially if copying and pasting computer code or commands. It is common for programmers (especially novices) to search online or query AI for code or a command to accomplish a task. While many of the results are helpful and legitimate, it is possible that a hacker could have planted a backdoor in code or inserted a malicious command. It is important that users trust the source of the information, and if they do copy and paste code or commands, that they have reviewed the text and understand how it works. When in doubt when it comes to downloading, clicking, or copy and pasting, users can take these actions from within a sandboxed environment such as a VM. This will likely confine any fallout to the VM, and if a VM is compromised, it can easily be destroyed and recreated. Once a host computer is compromised, on the other hand, it is difficult to ever verify with certainty that the threat has been completely eliminated.
RkJQdWJsaXNoZXIy MTM4ODY=