Tag: security

What’s Up with Turning to Telegram as your Messaging Platform?

WhatsApp’s new 2021 privacy terms sent millions of users into a tailspin. Some had a deeper understanding of what these new terms meant and didn’t react, while others jumped on the panic bandwagon and considered the alternatives such as turning to Telegram.

One of the alternative messaging platforms that have been seeing a flurry of attention while WhatsApp flails about reassuring users that their security won’t be compromised, is Telegram. We take a closer look at this messaging platform to determine if the grass really is greener on the other side.

why telegram over whatsapp?

One question that begs to be answered is why so many are turning to Telegram as the alternative messaging platform of choice? The belief is that Telegram encrypts conversations with industry professionals divulging that extremist groups have used the messaging service for that very reason… and with no REAL questions asked.

While Telegram does indeed offer encryption, it’s not quite as “locked up” as one might think. For instance, users need to go out on a limb to trust that the service will not cooperate with government agencies in order to carry out surveillance on messages between users.

The reality is that Telegram only encrypts data sent between your mobile phone and Telegram’s server. If you want end-to-end encryption to prevent Telegram’s server from seeing your messages, you have to turn that on yourself each time you chat.

why leaving whatsapp doesn’t make total sense

If you have tested out the Telegram service and prefer it to WhatsApp, then the decision has been made for you. However, if you left the service because you ‘bought’ in to all the excitement about a “WhatsApp privacy issue”, you may have made, or are about to make, a rash decision based on some misinformation.

With all the hype surrounding the new privacy policy, WhatsApp has responded by postponing the new policy cut-off date to May 15 and is working to clear up the confusion caused.

WhatsApp has also clarified that while some data will be shared with parent company Facebook, the content of your WhatsApp messages still has the same end-to-end encryption. And, just by the way, if you already make use of Facebook, it’s safe to assume that the company already has your data!

IT security professionals have shed some light on where Telegram falls short in terms of privacy and security for its users. There’s nothing wrong with its privacy policies and methods. However, Telegram is not as heavily encrypted as people believe it is and it almost pales in comparison to WhatsApp in terms of encrypting the content of communication between users.

WhatsApp offers automatic end-to-end encryption of all messages and calls. Not even the WhatsApp servers have access to what you are sending to people in your messages. You don’t have to toggle anything, activate anything, or turn anything on. WhatsApp just automatically offers you this encryption.

turning to telegram is not necessarily the best choice for everyone

As an alternative messaging service, Telegram is certainly an option but before you make the decision to switch, you need to know that:

  • End-to-end encryption on chats has to be activated every time you chat.
  • There is no “secret chats” feature for group chats.
  • The default chat history of all chats is saved on the Telegram server. This means that when you install the service on a new mobile phone, your chat history is immediately available – stored by the Telegram server!
  • Telegram is located in the UAE which has a poor reputation for hacking and carrying out surveillance, especially on human rights activists. It’s important however to note that Telegram claims it does not store data in the UAE.

On merging whatsapp chats to telegram

Telegram has advised new users that they can merge their chat history, videos, photos, and documents, from WhatsApp to Telegram. They have also said that unlike older apps, this data won’t take up additional space on the user’s mobile phone. Sounds almost too convenient, and it would appear to be a further security risk!

In a nutshell, Telegram offers encryption between your device and its cloud-based server and also between its cloud server and your contact, but it is Telegram who controls the encryption.

Once you transfer your data outside of WhatsApp, the end-to-end encryption offered by WhatsApp is no longer at play.

enough said!

You now know more than enough to make an educated decision about the risk of moving from WhatsApp to an alternative messaging service such as Telegram. Before you take the plunge, take a close look at how these new services compare to what WhatsApp is actually offering. Then you decide, and once you do – make sure that you do a complete online backup before you make the move!

Operation Falcon Cracks Major Phishing Ring – How Phishers Phish

A year-long investigation dubbed, Operation Falcon, jointly run by INTERPOL and Group-IB working closely with the Nigeria Police Force, was tasked with identifying and locating cybercrime threats. The task force spent a considerable amount of time trying to deactivate a massive phishing ring that has targeted over 50 000 victims in a major global scam. The scam unleashed a whopping 26 different malwares, wreaking havoc and bringing people and corporations to their knees.

The ‘ring’ includes a group of Nigerian nationals who have been working hard to infiltrate the systems of individuals and organisations. They would then launch scams to siphon funds out of the victims’ accounts.

Among the victims were private-sector companies as well as government departments in over 150 countries. The group, which is aptly being called a “gang” has been operating this phishing scam since as early as 2017.

how phishers phish

Much was learned from observing and monitoring this latest phishing bust as to exactly how cyber-criminals bo about the process. Phishing isn’t a new concept, but many people still don’t understand how they end up falling for a phishing scam.

The reality is that phishing scams have become far more professionally managed in recent years.

The key to dealing with phishing scams is in understanding how they work.

First and foremost, these gangs don’t simply attempt to impersonate a company executive or a person that someone within the company will trust…they fully immerse themselves into the process. They learn everything they can about the company’s communication styles, the vendors they use, the billing system practices that they follow and a great deal of other information that you would only expect a trusted individual to know.

And then they use that information to make a very believable impersonation. Everything about the communication a targeted victim receives seems legitimate and that’s why they fall for it. They end up providing sensitive information or clicking on a malicious link or attachment without ever questioning the authenticity of the mail.

don’t get caught out by a phishing scam

Be alert, always. It’s all too easy to accept a mail from a manager or colleague and click on the links provided or share sensitive information because you “know” them. Keep in mind that sensitive information should never be shared online and unless you are expecting a specific document or information from someone, never trust a link or attachment without first verifying the sender.

With the New Year approaching, now is the time to take a look at your current security measures to see where you can improve on them. Be alert and aware – phishing scams are undoubtedly on the rise.

Heads Up: UIF Covid-19 Relief Scheme Website is Hit by a Data Leak

With identity theft and fraud on the rise, no one really wants any of their personal information “out there” in the public eye. Unfortunately, people who have made use of the government’s UIF Temporary Employer-Employee COVID-19 Relief Scheme during Covid-19 times, are now faced with the risk of having their personal details used against them.

The Vulnerability on the UIF Website

As it turns out, while the government was busy focusing on getting funding to its people, opportunistic criminals were provided with an open door to the UIF reference numbers and total payout amounts of each individual paid out. The real danger comes in where criminals can write scripts to extract the amount paid to each individual and on what date.

UIF’s Turnaround Efforts

Security researchers recently reported the problem to the UIF and they have made efforts to thwart the attempts of online criminals by removing the UIF reference numbers from the downloadable list and featuring a security CAPTCHA on the page. However, one can still look up a person’s UIF payout details if they have the individual’s ID number. One has to wonder how secure that is, especially when you realise that the UIF website doesn’t require an individual to register an account on the website or login, in order to see these details.

Official UIF & Ministry of Labour Response

When industry professionals reached out to the Ministry of Labour regarding the data break and security issue, they directed them to speak with UIF representatives instead. In the meantime, the UIF has not responded to requests for comments and feedback.

Last Word

As the UIF remains silent on the matter, it is in the best interests of citizens to know the risks that they face as beneficiaries of the new Temporary Employer-Employee Relief Scheme.

Want to start protecting your personal data a bit better? Take a look at the security features offered for small to medium businesses with data encrypted online backup at Soteria.