🛡️ WATCH YOUR HACK

Guide to Protecting Against Hackers

Translated from English — Complete French version. Original version here:https://watchyourhack.com

Are you worried that an ex has accessed your Facebook account? That your computer is being held hostage by ransomware? Or that hackers are raiding your bank account?

This guide explains how to protect yourself from hackers in simple terms. Six professional hackers contributed to its creation.

Watch Your Hack does not guarantee total and absolute security. Such a thing does not exist on the internet. However, you can make life as difficult as possible for hackers and viruses by applying these tips.

Before you start: don’t hide behind your computer. The chances of a hacker specifically targeting you are very low. Most dangers come from the fact that many people lack general knowledge about the internet and computers, which can be exploited. So let’s get up to speed with the most important information. 👍

1. WHAT ARE HACKERS?

Hackers generally exploit vulnerabilities on the internet or in our devices. There are two main types of hackers:white hatandblack hat.

White hat hackers🤠 search for (and sometimes publish) vulnerabilities to encourage companies to fix them, making the internet a little safer, one discovery at a time. 🤠 recherchent (et publient parfois) des vulnérabilités pour pousser les entreprises à les corriger, rendant internet un peu plus sûr, une découverte à la fois.

When the media talks about hackers, they are usually referring toblack hat hackers😈 — those who have bad intentions, seeking to steal money or access devices to spy on people. They may also be interested in sensitive files, such as intimate photos or a copy of your passport.

There are also hackers who try to access others' devices for fun. These individuals (often young) see hacking as a mere prank. However, they should still be taken seriously, despite their seemingly innocent motivations.

Finally, some hackers work on behalf of governments. Hackers employed by intelligence agencies 🕵️ or the police 👮 are the most dangerous, but they pose no threat to most people. They typically target terrorists, criminals, and hostile regimes.

How do hackers usually access your devices and accounts?

Hackers often start bystealing your password. Sometimes, there is little you can do about it. If a site where you have a profile is hacked, hackers can use your password and try to log into your other accounts, like Gmail.

You may have also accidentally shared your password throughphishing— a form of online fraud that criminals use to obtain login credentials. You have probably received a phishing email: a fake message claiming that your bank account is blocked, or a reminder for a nonexistent bill.

Hackers also useemail attachments. When you open an attachment containing a virus, your computer gets infected. This method is often used to spread ransomware: a type of virus that makes your device unusable by locking all your files. Hackers then demand money in exchange for control of your files.

Viruses — also known as malware — also spread throughdownloadssuch as torrents or software installation files. You think you are downloading a movie or software, but in reality, you are exposing yourself to a virus.

A virus can also reach your computer throughonline adsandhacked websites. Even reliable sites can unknowingly spread viruses. If you do not update your software, you risk getting infected.

Hackers can also infect your computer via aUSB drive. This method is less common, but poses a substantial risk. It could be a USB drive that you "found" on the street or that someone gave you. Someone with bad intentions could plug it into your computer while you are away for a few minutes.

2. THE BASICS

Now that you know what hackers are and how they try to access your data, you can apply these tips. These are the fundamentals: a simple list of measures that everyone should take.

Mises à jour

Many people consider updates a waste of time. This is sometimes true, but it is alsothe most important form of protection❗ against hackers. Many attacks succeed because they exploit outdated software containing vulnerabilities that have been fixed by security updates.

The older the software, the easier it is for hackers to access it.

Software runs on all kinds of devices: Windows or MacOS on your computer, Android or iOS on your mobile devices. Even your router and smart devices run on software. Check regularly — once a week — if updates are available and install them as soon as possible ⏰. In some cases, updates can be installed automatically (Windows, MacOS, Google Chrome).

Mots de passe

Using the same password everywhere isextremely dangerous. If a hacker gets your Spotify password, you don't want them to also access your bank.

The golden rule:a different password for each site, app, and service. Changing a single number or letter is not enough — these variations are easily guessable.

🗝️ Password Managers

A password manager stores all your credentials in a digital vault, secured by a single master password. It can generate complex passwords like: 6ur7qvsZpb0ZkcuSW1u!V8ng!L^lb

Benefits:

• Automatically fills in your credentials on sites
• Protects against phishing (does not fill in on a fake site)
• Allows you to store secure notes

Recommended Managers:

Copy table

⚠️ Is a password manager really safe? That's a good question. Managers can sometimes be hacked. That's why it's very important to use a strong master password. In general, a manager is always preferable to using the same password everywhere.

💪 A strong password

Sites often require a password with numbers and letters. But what is a strong password? Many consider P@ssword007 to be one, but it is actually easy to crack 😅.

Think instead inpassphrases. A phrase like"I eat 2 whole pizzas every week"is easy to remember and hard to crack. Feel free to use spaces in your passwords.

You can also create a password by assembling random words using theDicewaremethod—currently the safest method for creating a memorable password.

📓 Paper password notebook

If you don't use a digital manager, you can write your passwords in a physical notebook. Store it in a safe place,noton your desk. When people from outside your household come to your home, be sure not to leave your password list in plain sight.

Useful tip:Start all your passwords with the same word that you do not write down in the notebook. Memorize it. If someone gets hold of your notebook, the passwords will be unusable without this essential component.

🔍 Monitor stolen passwords

No matter how strong your password is, it could still be stolen. The sitesHave I Been PwnedandScattered Secretslist hacked sites and alert you if your information appears there. With one click, you can check if any of your accounts have been compromised.

If you sign up for Have I Been Pwned, you will receive a notification 🔔 when your email address appears in stolen files. If that happens, change the corresponding password immediately.

🔒 Two-factor authentication (2FA)

To limit the consequences of a stolen password, enabletwo-factor authentication. After entering your password, a second verification is required: a code received via SMS, generated by an app, or confirmed by a physical USB key.

Recommended apps:

• Google Authenticator(free)
• Authy(free, with backup)

📌 Prioritize enabling 2FA on: your email, your social media, your password manager, your cloud, and your online banking.

3. COMPUTERS

🛡️ Antivirus

Use antivirus software — even on Mac. Windows 10 and 11 includeWindows Defender, which offers adequate protection. To go further:Malwarebytesis recommended for detecting advanced malware.

❌ Avoid free antivirus from unknown brands: they may themselves contain malware.

🔒 Hard drive encryption

Encrypt your hard drive to protect your data in case your device is stolen:

• Windows:BitLocker (built-in)
• MacOS:FileVault (built-in)

🌐 Secure browser

• UseFirefoxorChrome, kept up to date
• Install the extensionuBlock Originto block malicious ads
• Enable private browsing for sensitive sessions

📧 Beware of phishing

Before clicking on a link in an email:

1. Check the sender's address: @bankofamerica.bankmailservice.com ≠ @bankofamerica.com
2. Hover over the link with your mouse without clicking to see the actual URL
3. Beware of alarmist tones ("Your account is locked!")
4. Watch out for spelling mistakes and generic addresses ("Dear customer")
5. If in doubt, call the organization directly — using the number ontheir official website, never the one from the email

📎 Attachments and downloads

• FilesPDF, .docx, .jpgare generally safe to open ✅
• Be very careful with filesEXE ⚠️
• FilesZIPcan be extracted, but check their contents before opening
• When in doubt, upload the file toVirusTotalbefore opening it

📡 Public WiFi

• Avoid public WiFi networks for sensitive operations
• Prefer your 4G/5G connection or a password-protected personal hotspot
• On public WiFi: only connect to sites displaying aHTTPS padlock
• Beware of welcome screens asking you to install an app or certificate

🔐 VPN

Avirtual private network (VPN)encrypts your internet connection, especially useful on public WiFi.

Recommended VPNs:

Copy table

⚠️ Avoid free VPNs from unknown brands. They may sell your data.

🌐 Secure your router

• Use encryptionWPA2-AESwith a long password
• DisableWiFi Protected Setup (WPS)
• DisableUPnP
• Update the router firmware
• Create aguest networkseparate for your visitors and connected devices
• Do not name your network with your name or address

💾 USB drives and connected objects

• Never plug in a USB drive found on the street or given by a stranger
• When in doubt, have it examined by a professional or dispose of it
• Consider the actual usefulness of your connected devices (cameras, thermostats, toys) — each is a potential entry point for hackers

4. PHONES AND TABLETS

📱 Screen lock

Enable aPIN code, apasswordorbiometric recognitionon your device. A minimum 6-digit code is recommended.

📲 Updates and apps

• Only install apps from official stores (App Store, Google Play)
• Uninstall apps that you no longer use
• Check the permissions granted to apps (camera, microphone, location)
• Regularly update the operating system

🔒 Advanced iOS security

• DisableiMessageandFaceTimeif you do not need them (Settings → Messages / FaceTime)
• DisableAirDrop (Settings → General → AirDrop)
• DisableJavaScript in Safari (Settings → Safari → Advanced)
• Check the appiVerifyfor additional advice
• For at-risk individuals (journalists, activists): enable theLockdown Mode (Lockdown Mode) in the settings

🤖 Advanced Android Security

• DisableJavaScript in Chrome (Settings → Site Settings → JavaScript)
• Regularly check app permissions

5. SOCIAL NETWORKS

🔒 Privacy Settings

• Facebook / Instagram:Switch your profile to private
• Snapchat:Restrict access to your content
• X (Twitter):If your profile is public, be careful about what you post (location, personal information). Log out on shared computers.

🔔 Google Alerts

Set up Google Alerts with your name, email address, phone number, or mailing address. You will be notified if this information appears on a website, allowing you to act quickly.

🪪 Digital copies of identity documents

It is possible to create secure digital copies of your passport or driver's license. The Dutch appKopieIDallows you to mask sensitive information before sharing a copy.

6. MESSAGING AND CALLS

🔐 End-to-end encryption

End-to-end encryption ensures that only the sender and the recipient can read the messages. It also works for photos, videos, documents, location information, calls, and video.

💬 Alternatives to WhatsApp

Copy table

🗑️ Automatic message deletion

Hackers cannot steal what you no longer have. If you have sensitive conversations, enable theautomatic message deletionon WhatsApp, Signal, Telegram, or Wire.

📞 Voice and video calls

• WhatsApp, Signal, and FaceTimeoffer end-to-end encrypted calls
• A regular phone call remains safe for most people — hacking it requires a targeted attack by an intelligence service

📧 Email

Email isnot securein itself. It relies on several assembled technologies that do not guarantee privacy. Send as little sensitive information as possible via email.

7. ADVANCED

Hats off for making it this far!🎩 Here are advanced tips to counter online surveillance and persistent hackers.

⚖️ Assess your personal risk level

Some people face higher risks: journalists, activists, women exposed to online harassment, lawyers... Tailor your protection measures to your personal situation.

Example:If you suspect an abusive partner is reading your messages, you can use the messaging feature of a video game (likeWords With Friends) to discreetly communicate with a loved one.

🎣 Recognize spear phishing

Spear phishing is a form of phishing specifically targeted at you. A hacker can collect information from your social media to create a personalized and credible message. Be just as cautious as with regular phishing, but with heightened vigilance.spear phishing est une forme de phishing ciblée spécifiquement sur vous. Un hacker peut collecter des informations sur vos réseaux sociaux pour créer un message personnalisé et crédible. Même méfiance que pour le phishing classique, mais avec une vigilance accrue.

🔑 Physical security key (advanced 2FA)

Experts recommend using a physical security USB key for two-factor authentication. Plug in the key and the device verifies that you are on the correct site — protecting against phishing and fake websites.clé USB de sécurité physique pour l'authentification à deux facteurs. Branchez la clé et l'appareil vérifie que vous êtes bien sur le bon site — protégeant contre le phishing et les faux sites web.

Recommendation:Buytwo Yubico keys, (one to carry with you, one as a backup).

• Yubico blue key: compatible with most services — 2 for $49
• YubiKey 5 NFC($45): compatible with Android

💻 Strengthen Windows

Hardentoolsis an application developed by hackers and cybersecurity experts. It disables vulnerable parts of Windows, making your computer harder to hack. Note: some features of Word or Adobe Reader may be disabled.

🔏 Secret questions

Secret questions ("What is your mother's maiden name?") are often easily guessable through your social media. Use apassword managerto store random answers. If an answer needs to be communicated verbally, choose four random words:fox-sandwich-bike-wedding.

📱 Your phone number: weak point

Your phone number can provide access to password resets. Hackers practiceSIM swapping: they call your carrier pretending to be you to transfer your number.

Protection:

• Ask your carrier to set up apasswordbefore any operations on your account.
• For maximum protection, remove your phone number from all your online accounts and use a security key + authentication app.

📸 Location data in photos

Your photos taken with a smartphone containEXIF data.: date, time, and precise location. This data is automatically deleted on Facebook, X, Instagram, and WhatsApp. However, if you send a photo via email or post it on your site, this information remains accessible. Be aware of this.

📞 Secure calls

For calls without the risk of eavesdropping, useSignal(end-to-end encryption). This measure also protects againstIMSI catchers— devices that mimic cell towers to intercept your calls, used by intelligence agencies and some hackers.

📬 Encrypted email with ProtonMail

ProtonMailis one of the most accessible services for sending and receiving encrypted emails. End-to-end encryption works between ProtonMail users. For other recipients (Gmail, Outlook), you can protect the email with a password. ProtonMail is based inSwitzerlandand does not store your IP address.

🌐 Tor Browser

Tormasks your online identity by routing your connection through multiple servers. It allows access to blocked sites (useful in countries like Turkey) and the dark web.

⚠️ Internet is much slower with Tor. Do not use it for streaming. Some sites block Tor connections. Not recommended for online banking.

🔐 PGP

PGP (Pretty Good Privacy)encrypts the content and attachments of your emails. It is one of the best email encryption methods, but also one of the most complex. Consider if you really need it —Signalis simpler. If you need PGP, start withKeybase.

📡 OpenWrt on your router

Many manufacturers stop updating their routers after a certain time.OpenWrtis regularly updated open-source software that can be installed on many routers. However, its installation is complex. It does not work with the WiFi modems provided by your internet service provider.

💬 Chat via OTR

Off The Record (OTR)is a secure chat method, similar to Signal. Compatible with:

• MacOS:Adium
• Windows/Linux:Pidgin
• Android:Conversations
• iOS:ChatSecure

🖥️ Manage your own VPN

If you are technically skilled, you can deploy your own VPN withAlgo— easy to set up, can also serve as a temporary VPN.

⚠️ Beware of certificates

Hackers sometimes try to install their own certificates on your computer or smartphone to intercept your encrypted communications. Regularly check the certificates installed on your devices.

🔌 USB Data Blocker

When charging via a public USB port (airport, café), a hacker can infect your device. AUSB Data Blockerblocks data transfer while allowing electrical charging. It protects against all malware attacks via USB.

🐧 Tails and Qubes

These two operating systems are reserved for experts:

• Tails: runs from a USB stick, leaves no trace on the computer. Integrates Tor, Thunderbird, and PGP.
• Qubes: offers the best protection available, used by individuals targeted by state hackers.

⚠️ Without technical skills, these systems canreduceyour security. Sometimes, it's better to stick with what you know.

8. FINAL NOTES

This guide was created with the help of six professional hackers:Maarten van Dantzig, Rik van Duijn, Melvin Lammerts, Loran Kloeze, Sanne MaasakkersandSijmen Ruwhof. The illustrations are byLaura Kölker. The original Dutch version was translated into English byKevin Shuttleworth.

Do you know someone who could benefit from this advice? Share the link:watchyourhack.com

Watch Your Hack V7.4 — © Daniël Verlaan, 2021