As technology continues to advance and become more integrated into our daily lives, the need for strong cybersecurity measures has never been greater.

Whether you’re a business owner looking to protect your company’s sensitive data, or an individual trying to keep your personal information secure, in this podcast, we’ll help you with vocabulary and advice on how to keep yourself safe online.

Email from Jose
I was wondering if you have recorded a podcast talking about a really hot topic these days “CyberSecurity”. In other words, how to secure your bank account, and how to avoid the different ways to hack our data.
I have looked for that topic on your inglespodcast.com web page and I think that there is no episode about it, am I right? If I am, perhaps you can give it a go!

Voice message from Jose about “whatsoever” that he heard on the podcast about superlatives https://inglespodcast.com/453. There is no excuse WHATSOEVER for not listening to that podcast!

However, whatever, whichever, whenever, wherever, whoever, whosever, whatsoever – https://inglespodcast.com/393

Cyber Security Vocabulary

Encryption – The process of converting data into a code to prevent unauthorized access.

Firewall – A security system that monitors and controls incoming and outgoing network traffic. Firewalls are used to prevent cyber-attacks (besides antivirus)

Malware – malicious software designed to harm or exploit computer systems.

Spyware – a type of malware used to track (spy on) the victim and collect their personal data

Adware – a form of malware that displays unwanted advertisements and tracks the victim’s habits with a view to selling them something they haven’t looked for

Ransomware – Malware that encrypts data on a victim’s system and demands payment in exchange for the decryption key.

Phishing – An attempt to trick people into providing sensitive information by posing as a trustworthy entity. It is one of the most common attacks to get your personal bank information.

Spoofing – A technique used to deceive computer systems by forging network addresses or other identifying information.

DNS spoofing (DNS=Domain Name System; the phonebook of the Internet*) – when a hacker is able to redirect a client DNS request to their systems instead of the real DNS, so the client is pointed, for instance, to a false “bank web page” where you introduce your username and password etc.

(*) When you go to any webpage, the very first thing that your PC does is to ask the DNS servers where that page is (for instance, your bank’s website DNS might be IP 185.53.177.52) so the PC wants to go to 185.53.177.52, but if a hacker changes that IP for one that he or she owns and shows you the “same” webpage you were looking for, then you will log in to that page with your username and password and the hacker will use them to log in to the real one.

Keylogger – a computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information.

Man-in-the-middle (MiTM) – A man-in-the-middle (MiTM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two people who believe they are communicating directly with each other.
The attack is a type of eavesdropping in which the attacker intercepts and then controls the entire conversation.

SIM cloning – the process in which a legitimate SIM card is duplicated. When the cloning is completed, the cloned SIM card’s identifying information is transferred onto a separate, secondary SIM card.
This is a really powerful way to access personal information because a large number of banks use the SIM card to request approval for a transaction, so if someone has a copy of your SIM card, they can get access.

Two-factor/Two-step authentication/verification – A security process that requires users to provide two forms of identification to access a system or account. This adds an extra layer of security (for example password plus a code sent to your phone).

Vulnerability – A weakness or flaw in a system that can be exploited by attackers.

A bot – is a computer program that operates as an agent for a user or other program or to simulate human activity.
A bot (short for robot and also called an internet bot) is a software program that operates on the Internet and performs repetitive tasks. While some bot traffic is from good bots, bad bots can have a huge negative impact on a website or application.

Botnet – A group of infected computers controlled by a remote attacker for malicious purposes.

A Trojan Horse (Trojan) is a type of malware that disguises itself as legitimate code or software. Once inside the network, attackers are able to carry out any action that a legitimate user could perform, such as exporting files, modifying data, deleting files or changing the contents of the device.

Zero-day exploit – A previously unknown vulnerability that is exploited by attackers before a patch is released. Hackers invest a lot of money in this kind of attack if you (as a company) do not know that you have a problem (a backdoor).
They can use it as many times as possible to get whatever they want (information, money, installing bots, trojans …). When the bug is known worldwide it is not a zero-day anymore and companies like Microsoft, Apple, Android etc, work hard to search for a workaround and then develop a patch)

Cybersecurity audit – An evaluation of an organization’s security posture and readiness to defend against cyber threats. The more you pay the better the audit!

Social engineering – A technique used to manipulate people into divulging sensitive information or performing actions that are not in their best interest. (According to Jose, who has contacts who work in the cybersecurity department of banks, this is one of the most common ways to steal money these days. (Phone calls from Microsoft support, for example)

DoS (Denial of Service) – when a system is being attacked by a huge number of bots so the target system is compromised and it could end in a “page not found” or “server unavailable”.
So the target system (webpage, for example) can not reply to the request of the real clients that are requesting any sort of information.

Deepfake: where a user is able to watch a video where, for example, Obama is speaking BUT is not Obama, is a real-time video (or recorded video) where Obama’s face and voice are not true (like the Spanish ad where Lola Flores is speaking)

What can you do to protect yourself?

Disclaimer: We are not cyber security experts and take no responsibility for any problems arising from the following advice!

1. Use strong, unique passwords and enable two-factor authentication (use a password manager like LastPass or 1Password).
2. Type the website address of your bank in your browser, don’t follow links to your bank, and check that you can see the correct address of your bank in your browser before you enter your login information.
3. If you become suspicious of a webpage, DELIBERATELY type in the wrong password – if you gain access, clearly the webpage is fake. (Reza claims credit for this one without ever reading about it anywhere beforehand! Lo-tech but 100%-guaranteed infallible at identifying fake websites.)
4. Be cautious of suspicious emails or messages and avoid clicking on unknown links or downloading attachments.
5. Keep your operating system and software up to date with the latest security patches.
6. Use reputable antivirus software to protect your computer from malware.
7. Avoid using public Wi-Fi networks for sensitive transactions or entering sensitive information. If you work a lot in public places (hotels, airports, cafes) you could use a virtual private network (VPN) when accessing the internet from a public or unsecured Wi-Fi network to encrypt your online activity and protect your privacy.
8. Be careful about the information you share on social media and other public platforms, as this information can be used to target you in phishing attacks or other social engineering tactics.
9. Back-up your important data regularly, and store backups securely in case of a ransomware attack or other data loss event. Use the 3-2-1 backup system. Have two local copies of your data and one off-site in a different place. Either in the cloud or at a different physical location.
10. Stay informed about the latest security threats and best practices for staying safe online.

…and now it’s your turn to practise your English.
Send us a voice message. https://www.speakpipe.com/inglespodcast
Send us an email with a comment or question to [email protected] or [email protected]

This podcast is sponsored, in part, by mansionIngles.com. Visit the online store: https://store.mansioningles.net/

Thank you to all of you who are helping us by supporting this podcast on Patreon. Join our Patreon program for as little as $1.50 per month (+ VAT) and you get instant access to recent transcriptions. https://www.patreon.com/inglespodcast

Welcome to our new Patreon supporters who have joined us this month:
Luz Viviana Moreno
Carlos
Maria Madariaga
Pedro Carrillo
Susana
Francisco Otero
Arnhild Kessel

If you enjoyed this podcast, please tell your friends.

Next week: What to say when you get a present you don’t like.

The music in this podcast is by Pitx. The track is called ‘See You Later’