"The weakest link is the human": IMI's Mediabaza Chernivtsi hosts a cyber security training for media professionals
Taras Mocherniuk, senior operative at the cyber crime department of the Chernivtsi Oblast Cyberpolice. Photo by Alyona Chorna
Nowadays, practically no application is secure and the weakest link in any information system is the human, said Taras Mocherniuk, senior operative at the cyber crime department of the Chernivtsi Oblast Cyberpolice, during a cyber security class for media professionals at the IMI regional hub Mediabaza Chernivtsi.
The training covered identifying phishing, malware, the risks of Telegram and Getcontact and overall rise in digital threats.
Phishing – posing as official websites
Speaking of phishing, the cyber security expert explained that many users are receiving various messages purporting to be from a bank or other popular online service that asks them to "verify" their account details, credit card number, or other sensitive information.
"This is what a phishing attack looks like and its goal is to get important data that can be used for malicious purposes, such as extortion, stealing money or personal data. Never follow the links you receive from people you don't know or don't know well. If you do click on it, do not enter your data. Always remember the Zero Trust rule. You should treat everything with caution and check all the information," says Taras Mocherniuk.
Training participants. Photo by Alyona Chorna
The expert adds that emails often get hacked in this way. It is important to understand that a phishing website asking to confirm some operation will look very similar to an official one. This means one needs to be very careful and only confirm transactions through their personal account on official websites, says the operative. And to recognize malware right away, users should pay attention to what permissions a program requests: being asked for access to contacts, location, and other personal data should be alarming.
Getcontact, АІ, Telegram, and scams
The class also touched on Getcontact. The cyberpolice operative remarked that the moment a user installs and starts using the app, they give permission for their contact list to be made public.
"When you install it, you put at risk not only yourself, but other people as well. Often, scammers who possess such data will address this or that person by name, gaining their trust, which enables them to commit fraud. The information contained in someone's contact data can be used to identify the person, that is, to find out their first and last name, which is why a person's phone number and other data are considered private information. Often, people using the app list not just the first and last name in a contact, but the information that can reveal other personal data, such as: workplace, address of residence or registration, family ties, etc.," says Taras Mocherniuk.
The risks of Getcontact. Photo by Alyona Chorna
The event's participants also discussed switching from Telegram to WhatsApp. The speaker explained that there are effectively no secure apps nowadays. However, he believes that WhatsApp is a good alternative.
"The US is unlikely to share data with Russia on demand. With Telegram, this probability is much higher. As for business correspondence, it is best, of course, to use your own servers and messengers. Or email," said Mocherniuk.
The speaker added that the weakest link in any information system is the human. He gave an example when, even before the full-scale invasion, NATO officials reported on a recent meeting on social media while having the link and access code to the event on the screen in the background.
The training class also discussed the commonplace Telegram scams asking people to "vote for my daughter in a contest." Such tactics are also used to hack profiles.
A separate block of the class dealt with artificial intelligence and its use in scams. Taras Mocherniuk explained that some tools can generate an audio message based on someone's voice and messages, and it will be very diffucult to identify it as fake it right away. Such voice messages are sent to the person's relatives and friends to extort money.
The risks of Telegram. Photo by Alyona Chorna
Digital safety
To protect their personal data and have high-quality digital security, one should:
- use complex passwords;
- use licensed software and update it consistently;
- make regular data backups;
- keep backup copies on external storage devices;
- use the "system recovery" settings;
- avoid using online banking through public wireless networks (in cafes, bars, airports, and other public places);
- never click on dubious links so as not to download malware;
- never connect other people's flash drives and external drives to their PC;
- be vigilant and make sure that the name of the website they are accessing is correct so as not to end up on a phishing site;
- never send money to anyone as prepayment for goods;
- never trust the promises of financial assistance for only making an account.
Feedback about the class
In her comment to the regional IMI representative Alyona Chorna, 0372 journalist Maria Bodnarashek said that the cyber security training was helpful to her and gave her a better understanding of digital security.
"Such trainings help me, as a journalist, to protect myself and my work in the digital space. In an environment where cyberattacks are becoming increasingly sophisticated, it is important to understand how to avoid falling into the hackers' traps. Such classes teach you to recognize phishing, use protection tools and guarantee your safety while working online, which helps to preserve your sources' privacy and your own professional reputation," the journalist shared.
Help us be even more cool!