Online Diploma in Islamic Studies - Information Technology

Module - 7
Security in the digital world

What is security in the digital world?

Computer security, cybersecurity or information technology security (IT security) in the digital
world is the protection of computer systems and networks from the stealing of or damage to
their hardware, software, or electronic data - wikipedia.

Cybersecurity is becoming important due to the increased use of computer systems, the
Internet, wireless networks like bluetooth and wi-fi and also due to the growth of smart devices.
Due to these reasons it is valid that we have at least a basic understanding of cybersecurity and
cyber threats.

Types of cyber threats

A cyber threat is a malicious act that seeks to damage or steal data or digital assets by gaining
unauthorized access to one or more systems. A cyber attack is carried out by an individual or
individuals who are known as Hackers.

Following are some of the common threats:

1. Phishing
2. Malware
3. Ransomware
4. Social Engineering
5. Spoofing

Phishing:

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and
bank details directly from users by deceiving them. Phishing is typically carried out by email or
instant messaging, and it often directs users to enter details at a fake website whose "look" and
"feel" are almost identical to the legitimate one. The fake website often asks for personal
information, such as log-in details and passwords. This information can then be used to gain
access to the individual's real account on the real website.

Reproduction and modification of this material in any form other than personal use is strictly prohibited without prior
written permission from Taibah Academy.
 Online Diploma in Islamic Studies - Information Technology
Module - 7
Security in the digital world

Fig. Example of Phishing Attack

A phishing email can be identified by the following:

1. Attachments or links
2. Spelling errors
3. Poor grammar
4. Unprofessional graphics
5. Unnecessary urgency about verifying your email address or other personal information
immediately

One of the types of phishing is called spear phishing. Spear phishing is an email or electronic
communications scam targeted towards a specific individual, organization or business. Although
often intended to steal data for malicious purposes, cybercriminals may also intend to install
malware on a targeted user’s computer.

Reproduction and modification of this material in any form other than personal use is strictly prohibited without prior
written permission from Taibah Academy.
 Online Diploma in Islamic Studies - Information Technology
Module - 7
Security in the digital world

How to stay safe from phishing attacks:

1. Use common sense before handing over sensitive information
2. Never trust alarming messages
3. Double check the email sender
4. Do not click any link that looks suspicious
5. Do not share username, password and bank details with anyone
6. Show the suspicious email to others before taking any action
7. Keep your software and operating system up to date

Malware:

Malware is a malicious software installed on a computer that can leak personal information, can
give control of the system to the attacker and can delete data permanently. Ransomware,
spyware, viruses, and worms are types of Malware. Malware enters a network through a
vulnerability, typically when a user clicks a dangerous link or email attachment which then
installs risky software.

How to stay safe from malware:

1. Be careful of emails that ask you to provide passwords
2. Never click on unverified links
3. Do not download any attachments from unknown email
4. Double check when installing any software
5. Keep your software and operating system updated

Ransomware:

Ransomware is a type of malicious software. It is designed to forcefully obtain money by

blocking access to files or the computer system until the ransom is paid. Paying the ransom
does not guarantee that the files will be recovered or the system restored.

Social Engineering:

Social engineering aims to convince a user to disclose secrets such as passwords, card
numbers, etc. by, for example, impersonating a bank, a contractor, or a customer. It is the
psychological manipulation of people into performing actions or disclosing confidential
information. A common scam involves fake CEO emails sent to accounting and finance
departments.

Reproduction and modification of this material in any form other than personal use is strictly prohibited without prior
written permission from Taibah Academy.
 Online Diploma in Islamic Studies - Information Technology
Module - 7
Security in the digital world

How to avoid social engineering attacks:

1. Check the source
2. Use a good spam filter
3. Always ask for an ID

Spoofing:

Spoofing is the act of impersonating as a valid entity through falsification of data (such as an
email id or username), in order to gain access to information or resources that one is otherwise
unauthorized to obtain. Email spoofing is a common type of spoofing.

Email spoofing often involves things like requests for personal data or financial transactions.
The emails appear to be from trusted senders - such as customers, coworkers, or managers -
but they are actually from cybercriminals who deliberately disguise themselves to gain your trust
and your help with the action they want you to take. The request could be for a money transfer
or permission to access a system.

How to protect from spoofing:

1. Self-awareness
2. Do not blindly trust any email sender
3. When visiting a website, pay careful attention to how the website looks and behaves
4. If anything seems suspicious, leave the site without sharing any personal information

Stay Alert, Stay Safe

Reproduction and modification of this material in any form other than personal use is strictly prohibited without prior
written permission from Taibah Academy.