Scammers manipulate your emotions, using fear, urgency and trust.
Cybersecurity Journal
Knowledge is protection.
We will help you understand the risks and learn together how to protect yourself and your loved ones.
2025
Attention! The CitizenSec cybersecurity journal offers practical advice that will prevent blue screens and protect you from crashes, viruses and other cyber threats.
Clear recommendations from experts with 10 years of experience.
Learn once, save and protect yourself forever!
citizensec - cyber hygiene and methodology
powered by mssp.global
02
Social engineering.
How do scammers operate?
What methods and psychological techniques they use to mislead people, and how to recognize them.
Social engineering
Social engineering is manipulation aimed at obtaining confidential information, activating malicious software, or making the victim perform actions desired by the attacker.
They use fear and urgency.
They pose as representatives of authoritative organizations.
They pressure you with urgency.
They earn trust through flattering reviews.
They claim that everyone does it.
If a message triggers emotions, take a pause. Do not provide personal data, do not send money in a hurry.
Verify information through official channels or call the organization directly.
03
Phishing and spam.
Main methods of phishing
fraud and ways to protect yourself.
fraud and ways to protect yourself.
Phishing
— is like fishing, but it's a hunt aimed at stealing your data. Phishing attacks are carried out through fake notifications via email, SMS or messengers to make you enter sensitive information.
How to recognize phishing?
- Stop, look, think.
- Warning signs:
- Errors in the email or address.
- Check the sender's address and links.
- Beware of emails that evoke strong emotions.
- Check the website's address bar.
Do not open suspicious attachments.
Do not make assumptions, always verify.
Do not fall for tricks and lucrative offers, keep a cool head.
Anatomy of phishing
How do they crack passwords, and why do they succeed?
04
What is a strong password?
How to create strong passwords and which ones are most vulnerable to hacking.
80%
Statistics:
of hacked accounts used popular passwords?
Even Mark Zuckerberg was hacked because of using one password across all accounts.
Sound familiar?
We know that you sometimes do the same. After all, it's hard to remember every password….
Passwordcracked
Brute force — is a method of guessing passwords by trying every possible combination. Weak passwords can be cracked in seconds. Protection is simple: create complex and unique passwords for every account.
Solution: Use a password manager.
Types of passwords by importance:
- Standard importance
These passwords are used for everyday tasks and less critical services.
- Social networks.
- Email services.
- Messengers.
- Various websites and online stores.
- High importance
These passwords protect access to the most important and sensitive data.
- Bank accounts and financial apps.
- Hard drive encryption.
- Access to the password manager.
- Accounts with administrative access.
Tip:
A password manager will help you securely store all your passwords and use unique, complex combinations for every account. This will reduce the risk of being hacked and protect your data.
Recommended managers:
Dashlane, 1Password, KeyPassXC, Bitwarden, Enpass.
05
Do not touch my phone!
Your phone holds everything — from personal data to finances. Learn how to protect it from threats.
- Device protection
- Gadgets are always with us — they are pocket-sized computers that store our entire lives: from photos and watches to work and finances.
- The problem:
Malicious apps threaten your personal and financial security by stealing banking data and passwords.
Modern fraud schemes include video calls to collect biometric data, allowing criminals to take out loans and carry out transactions on your behalf.
Solution:
Key measures to protect our devices:
- Set a strong password, PIN code, and use biometrics to protect your device.
- Download apps only from official sources: apps from Google Play or the App Store are safer.
- A reliable antivirus helps detect and block malicious software.
- Restrict apps' access to your data to keep your information safe.
- Set up features that allow you to track your device's location and remotely wipe data in case of theft.
- Regularly back up important data so you don't lose it in case the device is stolen or breaks.
06
Is it true?
Fact-checking and disinformation: how to protect yourself.
Fact-checking and disinformation: how to protect yourself
Disinformation is the deliberate act of misleading, while misinformation is the spreading of incorrect information by mistake. Both lead to mistrust, polarization and harm to society.
To avoid spreading fakes:
- Verify news through official sources and fact-checking platforms such as Factcheck.kz and StopFake.kz.
- Develop critical thinking and media literacy.
- Be mindful of protecting personal data.
07
Is there Wi-Fi?
All the ways to use Wi-Fi safely.
Public Wi-Fi hotspots are convenient, especially while on vacation or traveling, but they can be unsafe. Let's go over the problems, risks and how to protect yourself.
Problems and risks of public hotspots:
- Lack of encryption: Many public networks do not encrypt data, which makes them vulnerable to interception. As a result, your personal information, including passwords and financial data, can be stolen.
- "Man-in-the-middle" attacks: Scammers can intercept data transmitted between you and the network, allowing them to alter or steal your information.
- Fake hotspots: Scammers can create fake networks that look legitimate. By connecting to such a network, you unknowingly grant them access to your data.
Solution:
08
Sign here, please!
Learn how to protect your personal data and assets with our tips.
Personal data
— is any information that identifies you as a person.
Publicly available data: information that may be accessible to others with your consent (for example, full name, IIN, address).
Restricted data: information protected by law (for example, medical, financial or commercial information).
Attention!
Before sharing your data, pay attention to:
- The purposes of collecting and processing data: why are they being collected?
- Data retention period: how long will your data be used?
- Possibility of transferring data to third parties: to whom and why may they be transferred?
- Cross-border transfer: can your data be transferred abroad?
- Public availability of data: will your data be published?
Your rights are protected by law
In Kazakhstan, the protection of personal data is regulated by several laws:
- The Law of the Republic of Kazakhstan "On Personal Data and Their Protection" — regulates the collection and processing of data, as well as the rights of citizens.
- The Law of the Republic of Kazakhstan "On Informatization" — protects data in information systems.
- The Civil Code — guarantees the right to the protection of personal and family secrets.
- The Criminal Code and the Code of Administrative Offenses — establish liability for violation of personal data legislation.
Your rights
- Receive information about who is processing your data and how.
- Modify or delete your data.
- Withdraw your consent to its processing.
What to do if your rights are violated?
If your data has been collected or used unlawfully:
Contact the organization that committed the violation and demand that the data be destroyed.
File a complaint with the Information Security Committee of the Ministry of Digital Development, Innovations and Aerospace Industry of the Republic of Kazakhstan via the e-otinish portal.
In the complaint, indicate:
- Full name and contact details.
- A detailed description of the violation.
- Evidence (screenshots, letters, name of the organization, etc.).
How to protect your data?
- Read the privacy policy terms before agreeing to data processing.
- Do not publish sensitive information on social media.
- Use complex passwords and do not share them with third parties.
- Regularly check who has access to your data.
All about EDS security
An electronic digital signature (EDS) is the digital equivalent of a handwritten signature, confirming the authenticity, integrity of the data and identification of the signatory.
Risk
If attackers gain access to your private EDS key, they can sign documents on your behalf.
Protective measures:
- Store keys in a secure location (smart cards, USB tokens).
- Update the software used to work with EDS.
- Use complex passwords and change them regularly.
Revoke unused or lost EDS keys! — This is very important, since these are the keys that attackers most often steal.
Liability:
- Administrative — for failing to take protective measures and for transferring an EDS (Article 640 of the Code of Administrative Offenses of the Republic of Kazakhstan).
- Criminal — for unauthorized access to a system (Article 205 of the Criminal Code of the Republic of Kazakhstan).
- In case of violations, contact the Information Security Committee of the Ministry of Digital Development, Innovations and Aerospace Industry of the Republic of Kazakhstan.
09
Show me the money!
Financial security: how to protect your money from scammers.
Problems
- Phishing — fake websites/emails to steal data.
- Skimming — installing devices on ATMs to copy data from bank cards.
- Loan fraud — illegally taking out loans in your name.
Solutions
Caution with ATMs. Check ATMs for skimmers (suspicious elements on the keypad or card slot).
"Loan stop" via egov. Enable the feature to prevent loans from being taken out without your consent (via egov or the mobile app).
Safe online payments. Make purchases on trusted websites. Use a separate card for online payments with a limited balance.
3D Secure card usage rules: Enable protection through your bank to receive SMS codes for transaction confirmation.
Two-factor authentication (2FA): Set up additional protection in banking apps and on websites.
10
Sweet kiddos
Simple ways to protect your kids from cyber threats and scammers on the internet.
Cybersecurity for children
A story about AI technologies: There was a recent case where scammers used AI to create a fake voice message impersonating a child's parents. The child received a call asking him to leave school and go with a stranger. Allegedly, his mother had sent him. Thanks to vigilance and proper training, the child realized something was wrong, told the adults about it, and avoided serious consequences.
- Content restrictions:
Tip: Use DNS and router settings to restrict access to unwanted websites.
Example: Set up DNS services such as OpenDNS, Yandex DNS or Google SafeSearch to filter content.
- Parental controls:
Tip: Install parental control apps such as Google Family Link to monitor your child's online activity.
- Use of AI technologies:
Tip: Keep up with modern technologies such as voice or face spoofing using AI. Explain to your children that not everything on the internet can be trusted.
Story: Tell them how scammers can use AI to create fake videos or voice messages to deceive them.
A code word with your child:
code
Tip: Create a special code word that the child can use in emergencies to signal a problem to you safely and discreetly.
Constant dialogue: Tip: Regularly discuss your children's online activities and explain potential threats.
Safety education: Tip: Teach your children to recognize dangerous situations such as suspicious messages or offers.
Verifying contacts: Tip: Carefully check who your kids communicate with online. Explain that not everyone online is who they claim to be.
Creating a safe environment: Tip: Create a safe space at home to discuss any questions or problems related to the internet. Let kids know they can always turn to you for help.