Tuesday (23/8), the Faculty of Economics and Business, Universitas Gadjah Mada (FEB UGM) organized a digital literacy training for professional staff titled “Tips for Ensuring Computer and Mobile Device Security.” Conducted through the Zoom platform, the training was carried out by Dani Adhipta, S.Si., M.T., a lecturer from the Department of Electrical Engineering and Information Technology at the Faculty of Engineering, UGM. To begin with, Dani explained the various types of threats associated with mobile phone usage.
First, there is bluebugging, a cybercrime where a hacker takes control of a victim’s phone using Bluetooth as an intermediary. This attack can only be carried out when the hacker is near the victim. Once connected via Bluetooth, the hacker can access messages and banking information stored on the phone.
Additionally, there are three similar-sounding but distinct types of cybercrimes: phishing, vishing, and smishing. The difference between these three lies in the communication medium used. Phishing utilizes fake website links to steal personal information from victims. Vishing employs phone calls, while smishing uses SMS as its conduit. Similar to phishing, vishing and smishing aim to extract personal data from victims for potential misuse.
Moving forward, another threat to mobile devices is malware. Malware is malicious software that can steal critical information from a victim’s phone. Malware can be categorized into viruses and worms. The difference lies in activation; viruses need the victim to activate them, intentionally or unintentionally, while worms can self-activate without the victim’s interaction.
Identity theft is another cybercrime, such as cloning phone numbers to obtain one-time passwords (OTP) from a victim’s bank account. It’s important to realize that with the advancement of technology, the potential for cybercrimes has also become more diverse. Dani emphasized the danger of “zero-day” situations, where the general public is unaware of new types of digital crimes, except for the creators of those crimes.
In the face of these threats, Dani then outlined several preventive measures that can be taken to minimize potential dangers. To enhance computer security, there are several steps users can take, including strengthening passwords, enabling multi-factor authentication (MFA), regularly installing software updates and anti-malware, using firewalls, regularly backing up data, turning off unnecessary services, regularly reviewing bank accounts, tightening physical device access, and being cautious when sharing personal information on social media.
Furthermore, Dani reminded us that Wi-Fi networks are susceptible to misuse for digital crimes. He recommended using incognito mode or a VPN to minimize potential attacks from malicious links. Moreover, Wi-Fi can track all user activity. Dani suggested, “It’s important to ensure your Wi-Fi is secure. If in the UGM environment, it’s better to use ‘UGM secure’ Wi-Fi rather than the regular UGM Wi-Fi.”
Regarding mobile phones, Dani also provided strategic steps to prevent hacking, such as using strong passwords, updating software regularly, downloading apps only from credible sources, being suspicious of apps requesting irrelevant permissions, using two-factor authentication, monitoring Wi-Fi networks linked to phones, enabling “find my phone” services, and being cautious when encountering suspicious links or messages. Furthermore, we also need to be selective in using messaging applications. Good messaging applications have implemented end-to-end encryption, such as Signal or WhatsApp.
Additionally, users should turn off Bluetooth and near-field communication (NFC) when not in use to minimize their potential exploitation. Software anti-malware should also be installed on devices to scan and prevent malware attacks. Physically, users should factory reset their devices before selling them and exercise caution when placing their phones to prevent theft.
Furthermore, cyber threats can also come through links and QR codes. Users should always be cautious when receiving suspicious links. Secure links typically start with “https://” at the beginning of the URL and are accompanied by a padlock icon. As for QR codes, users should always verify whether the code is valid or not to prevent misuse.
An enthusiastic question-and-answer session with the audience followed the presentation session. In conclusion, computers, laptops, and phones have become integral parts of human life. Hence, we must remain vigilant and anticipate potential digital threats.
Reportage: Rizal Farizi
