flag_gb flag_de

logo

Securitymanual.org

Security for anyone.

Draft Version! - We are going to work on the content.

"I am not a target"

Unfortunately, anyone is. Cyber-crime is highly lucrative and criminals become more creative with every year to find new ways to get money from their victims.

With this homepage we want to give you information about how you can protect you and other against various crimes.

And heads up: it is never to late to care about your security online! Start with one topic, tackle the next one the upcoming week.

There is no guarantee for security.

This is just a test to test the automation on the backend.


Account Security anchor_icon

Provide wrong answers to your security questions

What does it mean?

Name of your first pet? Keyboard. Childhood nickname? 1513sd_!rg. Be creative. Important Store those answers securely and keep backups.

Why is it important?

It makes you vulnerable to social engineering attacks. If you answer them truthfully, the attacker could gather information via social media and other platforms to answer those 'security questions'. Please keep in mind to document your fake answers in a secure place.

Delete accounts that are no longer required

What does it mean?

Switched service? Service is not longer needed? - Archive the data (if necessary) and delete the account.

Why is it important?

A non-existent account can't be hacked or breached.

Use a separate log-in e-mail address

What does it mean?

contact@example.com for communication. dfgdklfgdr@example.com, for the sole purpose to log into accounts that should be kept secret.

Why is it important?

Most account hijacking attempts via random passwords are done on public-facing e-mail addresses. If you separate those e-mail-addresses it makes it way more difficult for criminals.

Losing control by sharing credentials

What does it mean?

This has nothing to do with trust. If you don't trust the other person, you shouldn't share your credentials in the first place.

Why is it important?

As soon as you share your credentials, you lost control over your account. You have no control over the secrecy or security measurements of other persons.


Password Security anchor_icon

Important Avoid reusing your password.

What does it mean?

Use different accounts for each account. They shouldn't be similiar and it is best to let a password manager generate your password (16+ characters).

Why is it important?

Protection for other account in case of a breach (it is automated). Avoid further damages. No service is 100% secure.

Password lenght matters.

What does it mean?

The password should be at least 16 characters long. The longer the better. You simply can use a password manager to generate secure passwords and store them in their encrypted database.

Why is it important?

The longer the password is, the harder is it to guess it and therefore makes it stronger against brute-forcing.

Passwort managers keep your passwords secure

What does it mean?

Password managers are local programms or online services to store your passwords securely. Generate secure passwords. Encrypted database. Avoid writing them down on paper or in some file without encryption.

Why is it important?

It is important to keep your passwords in a secure place. Password managers help you to store your unique passwords in an encrypted database. Besides that most password manager can generate random and secure passwords. Important Please be careful with online services. Create backups just in case you lose access to the service..

Create a random password

What does it mean?

IF you choose to use a password with 16 passwords or a passphrase, just generate a random string of characters. Avoid using common passwords such as `password123` or private information such as your first name plus year of birth.

Why is it important?

It should be as random as possible. Criminals often try to guess your password and common passwords are on top of their hit-list. If you are getting individually targeted criminals could use personal information that they gathered via social media to guess even more passwords. Password managers normally have a password/ passphrase generator that should be used.


Multi /2-factor authentication anchor_icon

This is a authentication method in which the user has to provide two or more factors to access the desired service. Those factors are: knowledge (something only know (e.x. pin, password, security question)), possession (something only you have (e.x. security token, security key, second device)), and inherence (something only you are (e.x. fingerprint, iris)).

MFA protects you from various attacks and dangers. Even if the attacker knows your e-mail/username and your password, he wouldn't be able to log into your account with the second factor only you have. Here are some examples:

MFA-over-text messege

What does it mean?

You will get a code sent to your mobile number to verfiy that you have access to your this number.

It is the least secure MFA solution and should be replaced by another option if available. Nevertheless, it is still better than no MFA at all.

MFA over e-mail

What does it mean?

You will get a code sent to your e-mail-address to verfiy that you have access to your this e-mail-address

Expand: Password should be different to the password chosed for the password as it otherwise doesn't add another layer of protection.

OTP

What does it mean?

SPOILER_CONTENT

Security token/key

What does it mean?

SPOILER_CONTENT

Please keep in mind, that you should keep backups of your MFA to prevent losing access to your own account.


Social Media anchor_icon

Let me begin with this: using any social media plattform can be damaging and everything you share should be considered (permanently) public and without the chance of revoking it later on. Don't share it, if you wouldn't share it with a stranger on the streets. Internet never forgets! Keep in mind: some dangers aren't known yet: ai, profiling, data mining, propaganda,, tageting in the future.

Don't share personal information publicy.

What does it mean?

SPOILER_CONTENT

Why is it important?

Can be used against you. Can't be taken back (internet never forgets). You wouldn't share it with everyone on the streets

Archive and delete your old posts regularly.

What does it mean?

SPOILER_CONTENT

Why is it important?

Can't be used against you later. Less of an attack vektor. Helps against profiling later on.


E-Mail anchor_icon

Think before you click. If it sounds to good to be true, it often is.

Check the sender

What does it mean?

Check, from what e-mail-address the e-mail was sent from.

Why is it important?

Criminals try to mimic valid addresses or just use already hacked e-mail accounts.

ImportantBe critical. Verify uncommon requests.

What does it mean?

Is it really urgent? Is it uncommon or suspicious request? Make sure to validate the request on another channel, even when the sending e-mail-address is valid. An impersonal salutation and spelling errors are indicators for a malicous e-mail

Why is it important?

Even if the e-mail address of the sender seems to be correct, verify it. Criminals could have spoofed this e-mail address or the account of the sender could have been hacked and sending out spam or phishing e-mails. Criminals are using fear and urgency to pressure you to click fast, be aware of it.

Avoid clicking on links

What does it mean?

Easier than it sounds. Service X sent you an e-mail and you need to click on a link to continue? Just open your browser and visit the homepage of the service directly.

Why is it important?

Sometimes it is almost impossible to tell if a link is dangerous or valid. To avoid this danger, simlpy visit the homepage directly, if it is neccessary.

Be careful with attachements

What does it mean?

Opening malicous attachements on your device is fatal. Therefore it is recommended to avoid opening unknown attachements.

Why is it important?

As mentioned before it is dangerous to open attachement from unknown sources. Opening a malicous file could cause a lot of damage..

Switch to plain text view

What does it mean?

It is common to format e-mail in HTML. Almost all e-mail clients let you open e-mails in plain text which means without any formating. Keep in mind, that this could affect the usability.

Why is it important?

Criminals can use HTML formatting to trick you.

Still uncertain?

Ask your IT departement or tech-savy friend.


Device Security anchor_icon

Protect your login with a password/ pin

Encrypt the hard drive.

more advanced. Theft. Maiden-Attack.

Backup.

Randomware.

Don't leave you device unlocked.

Maiden-Attack. Rubber-Ducky.

Keep the operating system and software up-to-date

Update it regularly. Don't use old/ EOL software.


Crypto Currency anchor_icon

Crypto currencies are getting more and more popular, which makes it even more profitable for criminals. Due to the vast number of currencies, it is impossible to go into detail. Please keep this in mind.

Keep your private key safe

Never share your private key. Access means full access to the assets, without any chance of revoking it. You immediatly lost control. Use separate hardware.

Avoid storing your currencies on exchanges

Exit scams. Bankruptcy. Hacks (of exchange + account). Not the owner of the curreny (private key/ legal reasons. Use hardware/ cold/ paper wallets. Keep secure backups of your private key. See our Account Security section to secure your exchange account.

Only use well-known services/ software

Giving a malicious software your private key is a guarantee for losing your assets. Everything is automated. Browser add-ons/ keylogger/ malicous wallets. Some research is necessary. Only buy on well-known services.

Be sceptical and careful

If it sounds too good, it often enough is. Don't trust, verify. Check EVERYTHING before you send assets since some malware will change the destination. Do your own research. Know the risks of your currency. Pump-and-dump.

Bitcoin

Bitcoin is without a doubt the most famous currency. That is the reason we will be a little more specific here. Idea: Bitcoin is NOT anonymous. Every transaction is public. Highly volatile and high risk asset. Bitcoin as BTC is the real Bitcoin (Bitcoin.org)

Keep your portfolio private

By sharing your portfolio you are making yourself a target for various specific attacks. Often enough it is enough to talk about it to get on some sort of taget list of criminals (online and offline).


Internet Surfing anchor_icon

Be careful with search engines

Paid entries/ misleading ads, domain squatting, different TLD

Avoid typing, instead use bookmarks

Domain squatting, spelling errors

Think before you click

Same as in e-mail section.

Advanced: Turn of scrips

Can cause problems with common sites and limit functionality, but is more secure. Can be activated for certain sites.

Keep your system up-to-date

Same as hw/ device security

Use browser add-ons

uBlock Origin etc


Backups - Keeping our data safe anchor_icon

Protection against ransomware, prevents data lose because of hardware failure/ damage/ theft

3-2-1 backup strategy

Having 3 copies of your data. 2 on-site on 2 different devices/ mediums and 1 off-site. It is not perfect, but a good start.

Use different mediums

Durability. Storage size. Transport. Security.

Test your backups regularly

You only can be sure if you have tested your backup. Recovering. Time.

Have on copy off-site

Some reasons: theft, flodding, fire, hardware damage. Keeping copies safe somewhere else: bank safe deposit box, friends, cloud. Important: Encrpyt your data beforehand to make sure that nobody else can read/use your backups.