At Telkos, security is the guiding principle of our service delivery. It is not considered a technical component, but a core standard on which we design. Starting from network infrastructure and cloud services, to advanced systems for data management and storage, we provide an integrated security architecture that guarantees consistent security for individuals and businesses at all operational levels.

When a page uses HTTPS, your browser and the server create a secure and encrypted channel through the protocol TLSThis encryption protects data in transit, passwords, form data, private keys, cookies, and other sensitive information, making it almost impossible for unauthorized persons to read or intercept them.

If a page uses HTTP, or if the connection is degraded by HTTPS in HTTP, your traffic is sent in plain text, making it easier for attackers to intercept or intercept it. Attacks like packet sniffing are especially dangerous on public networks and can reveal passwords, cookies, and other sensitive data.

Traffic sent without encryption (e.g. HTTP) can be easily captured by attackers. A common technique is ARP spoofing, where the attacker manipulates the ARP tables on the network to redirect your traffic to them, before it reaches the router. This makes the communication readable to the person monitoring the network. On public wifi networks, attackers can eavesdrop and obtain insecure data, including passwords, form data, and session information.

Tip: Always use one VPN before connecting to public networks. A VPN encrypts all your traffic, making it impossible monitoring or intervention from attackers, even if they try to track your communication.

Use strong, unique passwords. Passwords are the first line of defense. Weak passwords make it easy for attackers to gain access to your accounts.

Create long, complex passwords with letters, numbers, and symbols. Never use the same password for different accounts. Consider using a password manager for security and convenience.

Enable multi-factor authentication (MFA)

MFA (Multi-Factor Authentication) adds an extra layer of protection. Even if your password is compromised, MFA can prevent unauthorized access and protect your accounts. Setting up MFA is simple and can be customized to your way of working, through mobile app, SMS, email, or physical key.

Example: Thomas and Ana use the same password for their online banking accounts.

To Thomas (no MFA) –  the attacker steals Thomas’ password via a phishing email. Without MFA, the attacker can immediately log in, transfer funds, and access sensitive information.

To Ana (with MFA) – Ana’s password is also stolen. However, with MFA enabled, the attacker must pass a second verification step such as a code from a mobile app or a physical security key. Without this second step, the attacker cannot log in.

Keep your devices and software up to date

Outdated software can make your devices vulnerable. Regularly update your operating system, browser, and banking apps to protect against vulnerabilities that attackers can exploit.

Why is old software dangerous?

Attackers can exploit outdated applications or operating systems to steal data, install malware, or take control of the device.

Malicious sites and phishing links become more dangerous when software is not up to date.

Regular backups

Accidents happen. Devices can fail, accounts can be compromised, or ransomware can lock your data. Regular backups are a safety net that ensures that even if something bad happens, you can recover your information and continue operations without losing critical assets.

Back up critical data securely, offline if possible. This protects against ransomware or accidental data loss.

Attention to phishing and malicious applications

Phishing is when attackers pose as someone you trust, e.g. your bank, email provider, or even Telcos, in order to get you to provide sensitive information (passwords, private keys, financial data, etc.).

Phishing example:

You may receive an email: “Your account has been compromised.. Click here immediately to reset your password." If you click and enter your password on that fake page, the attacker gains access to your account, can read your emails, steal personal data, or regain control of other accounts that use the same password.

How to prevent it:

Verify the sender, check the full email address, not just the name; Do not click suspicious links, hover over the link to see the URL before clicking; Never give out passwords or financial information via email; Use two-factor authentication (2FA) where available; If in doubt, contact Telko's support service through the official channel; Do not use links or numbers found in the suspicious email; Report phishing messages to the security team for removal and prevention.

Illustrative examples

Ana sees a promotion for a cryptocurrency wallet on social media and decides to search the App Store for "MySafe Wallet."

Two applications appear in the search results:

MySafe Wallet MySafe Ltd (official, 500k installs)

MySafe Wallet  Secure Crypto (i rrem, 50 instalime)

Deceptive application has an icon and screenshots similar to the official version. Whenever the user types the 12-word phrase, the attacker takes full control of the wallet and transfers all cryptocurrencies. The fraudulent app uses similar publisher names and copied descriptions to deceive the user.

Why is it dangerous?

If Anna types the seed phrase into the fake app, the attackers gain full access to her funds. Fake apps often look legitimate, but their goal is to steal private keys.

How to verify officiality – Instructions for customers

Go to the official website of the seller (company website) and follow the link to the app store there, do not just use the App Store search; Check the publisher (developer) and the number of verified installs/reviews. Read the description of the app; Pay attention to spelling mistakes; general phrases or mention of the seed phrase as necessary. A serious wallet will never ask you for the seed phrase through an external app.

Never share your seed phrase, private key, or PIN with anyone.

Illustrative example

A phishing email sent on behalf of Kosbank may contain a fake link, such as https://k0sbank.com/security, and ask you to log in immediately to verify a suspicious action. Entering your credentials on such a page gives the attacker the opportunity to transfer funds without your knowledge, access other linked accounts, and steal personal data.

Key signs of phishing include: URL that resembles the official website but with a slight change, use of HTTP or insecure certificate, suspicious email address, and creation of an emergency. To protect yourself, do not click on the link; type the official website address yourself; check the TLS certificate; enable 2FA/MFA, and use a password manager. If you have entered data on a fake website, contact your bank immediately.

How to protect yourself:

Log in to your account by typing the exact bank URL into your browser, not by clicking on a link from an email;

Check the certificate TLS and the domain before entering the password, to make sure the site is official and secure.

Activate MFA/2FA dhe përdorni një password manager, which helps to detect fake pages and does not place credentials on insecure domains.

5. Always verify banking websites and apps

When you log into your online bank, make sure you are using the official and secure website. Check that the page address starts with HTTPS and for the browser to display security key icon. Click on the icon to verify. security certificate, make sure it is valid, issued by a trusted authority, and belongs to the correct domain of your bank. Do not click on links that come from emails or messages that request banking information. In most cases, they are phishing attempt designed to steal your data.

Example of fraud with banking applications:

The customer downloads a banking application from an unofficial source thinking it is legitimate.

The app asks for its credentials and, sometimes, access to SMS or two-factor authentication codes.

Once the user adds the information, the attacker can log into the real account, make unauthorized transactions, or gain access to MFA codes.

Rule: Only download apps from official sources like Google Play, Apple App Store, or official websites.

6. Storage and protection of digital currencies

In today's world, digital currencies have become an essential part of personal and business finances.
Platforms like Binance and similar ones make it easy to buy, sell, and manage cryptocurrencies. The security of these assets starts with your own awareness and care.

Even the most popular platforms cannot fully protect your funds if your personal security is weak. Below are some essential practices for protecting crypto assets:

– Use strong and unique passwords. Choose a long, complex password that is not used on any other platform. This significantly reduces the risk of your accounts being compromised.

– Keep private keys offline and secure. Never store your keys on devices connected to the internet. Use hardware wallets or secure offline methods to protect them.

– Enable multi-factor authentication (MFA). MFA adds an extra layer of security even if your password is compromised. Be careful with fake applications or fraudulent websites who may try to trick you into revealing your private keys.

Common scenarios, from E-Mallet Fishing leather single fake apps or attacks on public networks show that even the smallest mistakes can have serious consequences.

Our goal is to strengthen, not to scare you. By following good security practices, you maintain control over personal and financial data, making it much more difficult for attackers to succeed.

Security is not just about software, but also about the habits, awareness, and proactive actions you take every day.

Telkos will continuously offer safe instructions that enable you to use technology with trust and responsibility.