Identity theft is one of the most prominent kinds of crime in the digital age and it continues to increase every year. In 2017 6.6 percent of U.S. consumers fell victim to identity theft, which is roughly 1 in 15 people. The advent of cryptocurrencies and exchange markets has created a big resource for identity thieves: though often keen on investing personal funds, crypto enthusiasts are not always well-versed in questions of digital security.
Although some identity thefts can be quite elaborate, more often than not they boil down to credential or file theft. To the surprise of some users, one does not need to perform sophisticated or complex actions to be protected from these kinds of attacks. In this article the Bytecoin Team has decided to describe the best methods of avoiding this kind of cybercrime.
Credentials security
First and foremost, all credentials have to be secure - an overwhelming amount of passwords are surprisingly weak. As with almost any system, the whole is only as strong as its weakest part, and the security algorithms are generally very strong.
Security experts use the concept of password entropy to assess the security of a password, but laymen can resort to using a widespread and time tested set of rules:
a password has to be at least 8 characters long and contain alphanumeric characters in different cases and symbols;
a password has to be unique - users should avoid using the same password on different websites;
avoid using common faulty techniques of constructing passwords.
The concept of commonly used passwords is quite often underestimated by the general audience. There are special sets of millions of commonly used passwords, called rainbow tables, which hackers use in their workflow to effectively gain access to a surprisingly high amount of accounts.
The second component of credential security is purely behavioral. There are a number of simple and straightforward rules that can significantly consolidate one’s security against breaching attempts. They all stem from the common practice of cross-using passwords and email addresses on different websites. Whenever a hacker gains access to someone’s account/email address they always check for other websites and services that a person may have an account at - unfortunately it is quite common for people to use the same password in multiple places. Hence, a regular email breach can result in massive collateral damage in the form of loss of money, property or even reputation. In order to avoid this, users should always:
avoid using the same password for different resources;
avoid mixing personal and private email addresses - someone who knows you and your online behavior may be trying to break into your public email. It is always a good practice to authenticate and communicate with different email addresses;
strongly consider using multi-factor authentication for their accounts. MFA is a security feature that has proven to be both simple to use and efficient.
Fortunately, the topic of online security has garnered the attention of many experts worldwide and there are some very useful tools available. The three most useful are:
howsecureismypassword.net is an online tool that can tell how much time will it take to crack a given password;
haveibeenpwned.com is an ingenious resource - it can tell you whether your email has appeared in breached credential databases;
Password generator by LastPass offers a beautiful trusted interface for generating a secure password.
But the easiest solution in handling passwords, used by millions of users around the world, is to take advantage of a password manager - a type of software designed to securely store and generate passwords. Password managers have grown to be large cross-platform applications that can integrate with user authentication workflows. Some password managers offer advanced features like automatically changing all user passwords in case of a compromise and darknet monitoring - the software can determine whether a user’s credentials have appeared in breached databases on the darknet and warn them accordingly.
Asset security
The world of cryptocurrencies and exchange markets has proven a rich landscape for cybercriminals. There has never been a better time for thinking about protecting one’s assets and identity. Generally speaking there are three main attack vectors when it comes to crypto assets:
Computer malware - these are specially designed viruses that do any of the following: steal user assets (wallet files, keys) and grab user keyboard inputs to capture all entered information. The latter can be used to filter out user login credentials or keys. This technique can be applied to all private data in general.
In order to protect oneself from this threat it is crucial to maintain a virus free environment. Installing trusted antiviruses and firewalls and keeping them up to date is the most effective countermeasure. Secondly, users should not install software they don’t trust or that comes from suspicious sources.Phishing websites: hackers make identical or almost-identical copies of popular exchanges and web wallets and put them online under similarly-looking domain addresses. When a user enters their credentials on such websites they even may get redirected and logged in to the actual original website, but by that time hackers would have already gathered their credentials.
To prevent this kind of cybercrime one needs to make sure they are always submitting their credentials to authentic websites. This can be ensured by checking that the address of the website matches the original address. Most trusted websites sign their domain addresses with a digital certificate that can be checked from the address bar of any modern browser.Fraud contests and social engineering - this kind of cybercrime is very simple and increasingly popular these days: hackers make up giveaways and competitions that have no winners. They usually sound like “send ETH to this address and get x2 back”. Social engineering is a means of stealing personal data by talking the person into giving it to the hacker - this can include impersonation of public representatives, technical support agents, or plain extortion.
Unfortunately, massive amounts of users fall victims to such fraud. Users should employ their critical thinking skills and never trust competitions that demonstrate questionable or illogical business models. In addition, they should always remember what is under their control.
While modern technology develops at unprecedented pace, so does cybercrime. Basic digital literacy, timely software updates, and critical thinking are all that users need to protect themselves from a majority of the cyber threats out there.