Maria Korolov

I’m a cyber security enthusiast and a former Microsoft MVP.

You find more our contributors here.

1. Phishing Emails and Tips to Avoid Them

Phishing exampleNo doubt think you know how to spot a phishing email. But do you?

Phishing emails get an average click rate of about 10 percent or higher, according to a report released last month by Wombat Security Technologies.

And there’s a lot of them. If you don’t click on one, you might well click on the next one.

Diligent recently published the results of a survey regarding which phishing emails people were most likely to click on.

More than 68 percent of people would click on an email if it looked like it came from someone they know. And 61 percent would click on an email that referred to social media, such as one saying “Did you see this pic of you? LOL.”

People who got an email that looked like an invitation to access a shared file on a service like Dropbox clicked in to it 38 percent of the time.

Other successful phishing emails were ones that told users that they had to do something. Instructions/information such as:

  • Needing to secure their account
  • Needing a new social media login
  • Have a court appearance – the court notice being in the attachment
  • Were due a tax refund

According to Diligent, 156 million phishing emails get sent every day, and 16 million of them aren’t detected by spam filters.

So what happens if you click on the link, or open the attachment? You get malware that’s what.

More than 90 percent of phishing emails carry ransomware. These are programs that infect your computer and encrypt all your files. The hackers then ask you to send them money to get your files back — but there’s no guarantee that they’ll keep their promise. Well they are criminals after all!

Last year, ransomware hackers took in more than $1 billion from victims.

You can also get infected by malware that spies on everything you do, including the passwords that you type into your online banking site. Other malware takes over your computer and uses it to send out more spam. That slows down your computer with the potential to get you into trouble with your Internet service provider.

Tips for Recognising Phishing
  • Spelling or grammar mistakes. Real companies hire copy editors to check their emails before they go out.
  • It doesn’t use your name.
  • It’s from someone you don’t know, or it refers to a transaction that is unfamiliar to you.
  • It asks for your personal information.
  • It seems too good to be true. Or too bad to be true.
  • The tone is urgent or even threatening.
  • The return address of the email or the URL of the link don’t look right. For example, instead of taking you to MyBank.com, it goes to MyBank-this-is-real-we-swear.com.
  • It asks you for money or a donation.
  • It’s as vague as it can be, and it wants you to click on a link or download a file to find out more.

With the constant growing rate of cyber crimes and online scams, people lose billions and many people have lost their identity.

This guide will help you avoid the following:

  • Identity Theft
  • Credit Card Frauds
  • Phishing Emails
  • and more.

We’ve pointed out 14 ways to keep your online activity super-secure. At the end of the article, we’ve reviewed some IT industry experts who give good insight to the future.

2. Stop Over-Sharing

Don’t share any personal information online, and especially don’t share your social security number, driver’s license number, address, date of birth, or your mother’s maiden name.

The criminals know that we like to talk about ourselves.

And when they get this information, there’s a lot they can do with it

3. Download Software From Trusted Sources

Untrusted softwareThe Internet is awash with different kinds of software that you can download and install on your computer. Keep in mind that not all downloads are equally trustworthy.

An approved software update for your operating system (usually Windows or macOS) is sure to be safe to install. On the other side of the spectrum, a download from a cheap-looking website that promises to clean up the files on your computer is one to stay away from.

Look to download commercial apps bought from secure sites and free apps from sites with a good reputation (such as Tucows and ZDNet, as well as official resources such as the Mac App Store). If you’re unsure about the origin of any piece of software, don’t download or install it. Look it up on the web and check for reviews and blog posts about the software from reputable sources. It doesn’t take long to tell whether a piece of software is genuine and trusted by the web community.

4. Avoid File-sharing Sites and Torrenting

Sites used to back up and synchronise your files are generally fine to use, and are much safer than many people might think. But places where you’re active in sharing content with others, file-sharing sites for e.g., have the potential to compromise your computer. This is because such sites often deal in the sharing of files that aren’t intended for sharing.

These files might be films, software or other content that has some commercial, copyrighted value. Someone looking to gain control of others’ computers could easily share some rogue software – called malware. This would allow them access to your machine if it were to run on your system.

Be careful, then, whenever using a service like this. It should go without saying that following copyright laws in your country is a sensible thing to do!

5. Turn on Two-Factor Authentication Whenever Possible

2 step verificationMany of the most websites most critical to our lives: online banking websites, Gmail, Facebook etc. offer two-factor authentication.

This means that, if someone looks suspicious in any way they’ll step in.  So should it appear that you’re logging in from a computer in China, and you’ve never used that particular computer before, and also you’ve never even left your home town – well, alarm bells will ring and they’ll intervene. For example, the bank might send a one-time code to your phone, or send a code to you by email.

Unless the hacker also somehow got into your email or your phone, they’ll be locked out of your account.

And if you ever lose your password, or someone tries to hijack your account, you can go through the second authorization method to reset your password and get your account back.

But two-factor authentication isn’t automatic. You have to give your cell phone number to your bank and you have to enable the two-factor with Google and Facebook.

If you haven’t done it yet – now is the time.

According to the Pew survey, of 16 percent of respondents said their email accounts had been taken over. While 13% said this had happened to one of their social media accounts.

Here are the instructions for the most popular services:

6. Change Your Passwords After a Breach

Speaking of changing your passwords after a breach – you should do that.

According to the Pew survey, 64 percent of Americans have personal experience of a major data breach.

If you’re one of them, or suspect that you are, go and change your passwords. Start with your most important sites: banking, credit cards, and shopping sites. Then move on to your favorite social media sites.

Chances are you can’t even remember all the places where you have an account, right?

Go back to the previous step and install a password manager.

7. Consider Using Credit Monitoring

Another thing that the criminals will do if they get access to your personal information is open new accounts in your name. You never see these statements because you don’t know that the accounts even exist. Well not until you start getting hounded by collection agencies and discover that you’ve no longer got a credit rating.

Lucky then that protecting against this is very easy.  And free.

You might have heard that you’re allowed one free report a year from each of the credit monitoring services, so you haven’t bothered with it.

Now, there several free options out there will let you check your credit report any time you want, for free, without any damage to your credit rating. And they’ll also send you an alert if anyone tries to open a new credit account in your name.

Capital One and Discover Card both offer free online credit monitoring.

My personal favorite service is Credit Karma, and another popular option is Credit Sesame.

8. Consider Using Extra Anti-Virus Protection & Lock Your Screen

By now you should have the idea that NOT clicking on phishing emails is your first line of defence.

But what happens if you do, and the malware starts invading your computer or smartphone?

With luck you have anti-virus in place to catch it.

I use Avast, and there are several others from very reputable companies that don’t cost you any money.

You can get the antivirus software for your smartphone, too. Yet, according to Pew, only 32 percent of people have it.

Another way to protect your computer or mobile device is to turn on password or PIN or fingerprint locks.

According to the Pew survey, 28 percent of smartphone owners don’t use a screen lock or other security feature to limit access to their phone.

Most people don’t secure their laptops either. It’s simple enough for a thief to grab your device and walk off with it and all the data in it. If you’ve got it set up with automatic logins to your financial sites, email or social media accounts, you’re even more vulnerable.

Do you have a camera on your computer? I keep a Post-It over mine, and Facebook’s Mark Zuckerberg uses a piece of tape. It’s a quick and easy fix.  I’m happy knowing that some stranger isn’t watching me picking spinach out from between my teeth.

Because of the large number of breaches in the news recently, people are more aware of cybersecurity issues than ever before, said Pew’s Rainie.

“But in their day-to-day life, they don’t act as if it’s a central concern,” he said. “It’s a paradox.”

9. Be Prompt about Updating Your Operating System and Software

Keep your PC updatedWhen a company discovers that there’s a security problem in its software, it sends out an update.

Some programs do automatic updates, without asking permission. But many operating systems and applications ask first.

Most people don’t approve the update right away. Given the choice, only 32 percent of people opt to have their apps update themselves on an automatic basis. Of the rest, 38 percent run the updates when it’s convenient, and 10 percent never install app updates at all.

When it comes to major updates, like the phone operating system, 42 percent wait until it’s convenient, according to the Pew survey, and 14 percent never update it.

That’s a problem. When hackers find out that there’s a security vulnerability, they rush out to take advantage of it before everyone upgrades. The longer you take, the more at risk you are.

So why don’t people update right away?

“It might be strictly a matter of convenience and control,” said Pew’s Rainie. “Some people think, I want to do updates in my own time. Or, I don’t want to burn through to my data cap.”

10. Keep an Eye on Your Statements

The sooner you spot a problem, the better off you are. Ask your bank or credit card company to issue you a new card and close the old account. And if the problem came from an online shopping site, file a dispute and change all your passwords.

Consumers who had their account taken over by a hacker had to spend an average of $263 of their own money to get things straightened out, according to Javelin.

You don’t have to be one of them.

11. Use Reputable Shopping Sites

Most brand-name e-commerce sites, like Amazon, have good security systems in place and are happy to refund your money if something goes wrong.

Scammers still pop up though promising goods that they don’t deliver. Check the ratings and customer reviews before making a purchase.

As an extra precaution, if you pay with a credit card, you can also have them reverse the charges if it turns out that there’s a problem.

Chrome HTTP not secure
Don’t visit a shopping site that doesn’t have a GREEN certificate on its browser bow. This means they don’t encrypt your credit card data.

12. Don’t Use Unsecured WiFi

Most wireless routers – the devices that share the Internet signal around your home or office – will be set to use a form of encryption that needs a password to let you connect to the WiFi network. Although this is a pain, it’s a safe way to ensure you’re not making it easy for others to join your wireless network. Not doing this would mean they might be able to gain unauthorised access to any of the computers or devices on the network.

When you are out of the home or office, you might connect to a public WiFi hotspot. These often have their own joining criteria (a need to register or enter a password, for example), but some WiFi networks are completely open. Connecting to such networks is usually a bad idea. It’s best to pick a secure network instead or to rely on your device’s own connection to your mobile operator.

An alternative is to use a Virtual Private Network (VPN) app such as Express VPN (review). This allows you to create a secure connection even when you have joined an unprotected WiFi network.

Such apps are ideal for Android and iOS. For more comprehensive reviews, take a look at our Homepage: VPN Comparisons.

13. Use a Password Manager

According to Dashlane, a password management company, their average user has 120 passwords.

How on earth does a person keep track of them all?

It’s no wonder that we’re getting hacked. All a hacker has to do is get our stolen information from any of our accounts and they can log into all the other ones.

It doesn’t have to be that way. A password management program collects all your passwords for you as you type them on your computer or your mobile devices. It synchronizes them across all your devices and lets you update them easily. But best of all it stores them in an encrypted way so that nobody – not even the password management company itself – can get to them.

And you get all that for the amazing price of: NOTHING.

Why isn’t everyone using one of these things? Chances are it’s because the programs have only become usable in the past couple of years, and many folks haven’t heard of them yet, said Pew Research Center’s Rainie.

Today, only 3 percent of Americans use a password management program to keep track of their passwords.

The best password manager out there right now, for the average consumer, is LastPass, which is free, and works on multiple devices.

DashLane’s free version currently only works on one device. But it has a feature where it can change all your passwords for you all at once if there’s been a breach. They also have a version that syncs your passwords across all your devices, for $40 a year.

14. Back Up Your Data

While it’s crucial to keep your computer protected from the outside world, it’s important to remember that you keep data – that’s files, documents, pictures, music, videos – for a reason: to use them. The last thing you want is for the hard disk inside your computer to fail and for you to lose any or all that precious information. So, what to do? The best course of action is to put in place a backup routine. That means finding a way to copy your information to a safe place so that you don’t rely on your computer’s hard disk alone.

You can make your backups to an external hard disk, such as one connected to the computer via a USB cable.

More and more people are now turning to cloud backups. Cloud backups give you a secure  way of transferring data over the Internet to a service such as Dropbox.

For the best protection, use a combination of physical and cloud backups. Doing so will mean your data should be safe even if disaster were to strike. A service such as Acronis may suit you if you wish to go for the hybrid backup route.

5 Expert Opinions on Internet Safety

1. Lee Rainie at the Pew Research Center on Passwords

Pew Research, in a recent survey, found that 86 percent of people keep track of passwords by memorizing them.

“You could argue that it’s the safest thing,”

“Unless you’re tortured, you’re not going to pass it out to other people.”

How many people can keep track of dozens of passwords, each long and complicated, with numbers and symbols, and change them on a regular basis?

“It probably means that people use simpler passwords than they should, and they use similar passwords across multiple sites,” he said.

“There’s a paradox in the way that people think of online security.”

“People are generally aware of the problem”

“And their awareness of the problem has grown over the past several years. But in their day-to-day life, a lot of people, even if they express concern or anxiety, don’t act as if it was a central concern of their lives.”

2. Al Pasqual at Javelin on Identity Theft

According to a new report, total losses last year hit $16 billion in the U.S., with more than 15 million people falling victim. That’s about one out of every 16 consumers.

“This past year is very significant,” said Al Pascual, research director and head of fraud and security at Javelin Strategy & Research, which produced the report. “We’ve seen so many different types of frauds that are driving incident rates higher that it’s incredible.”

The biggest problem? Account takeover, he said. That’s when a criminal gets access to your bank account or your online shopping account or your credit card account and goes to town.

They get some of their information by hacking into websites and databases. But some victim are giving up their personal information voluntarily to the bad guys.

“They’re looking to social media for data they’re using to commit fraud,” said Pascual.

But staying off the Internet altogether is not guaranteed to help, he added.

“If you’re not a frequent digital user, you have a higher risk of fraud lasting longer,” he said.

For example: someone who gets an email alert for unusual transactions, or regularly checks their online bank account, would be more likely to spot problems faster than someone who gets a paper statement once a month that they may – or may not – examine closely.

3. Stephen Coggeshall at LifeLock On Credit Cards & Common Online Frauds

Stephen Coggeshall knows all about identity theft. He’s the chief analytics and science officer at LifeLock Inc., a company that offers identity protection services, and is well aware of what happens when a user’s identity becomes compromised.

Unlike basic credit monitoring services, which only let you know that something has happened, LifeLock helps individuals protect their accounts from being taken over, and then also helps resolve any problems that occur.

He recommends that you should be wary of anyone who contacts you out of the blue.

“If you get an email, phone call, or a letter from some entity requesting information, or suggesting that they’re going to help you, or who want to deposit a million dollars into your account from a Nigerian prince – be suspicious,” he said. “If you contact an institution you can be pretty confident that this is correct, but if they contact you, you have no idea who they are.”

He also added that customers should be cautious if they believe that there’s been a compromise of their personal information.

You can cancel your credit cards and get new ones issued. “But if your personal credentials are compromised they are out there for ever,” he said.

And criminals can use this information to do some serious damage – like getting a major bank loan in your name.

“If the bank sees they know the social and date of birth, they assume it’s you,” he said.

4. Joseph Carson at Thycotic (3 billion user credentials have been stolen in 2016)

According to a report released last week by Thycotic and Cybersecurity Ventures, 3 billion user credentials and passwords werestolen last year.

Put another way: hackers got their hands on the logins and passwords of three out of every seven people, said Joseph Carson, head of global strategic alliances at Thycotic Software Ltd.

Most people aren’t aware of how many passwords they have. There are logins for their email accounts, social media sites, shopping sites, finance sites, for all their favorites games and online applications – and the numbers keep growing.

There are 75 billion passwords in use today, he said, with another 25 billion set to be added over the next three years. And that’s not even counting the passwords using by Internet of Things devices and other types of passwords used in the background that most people aren’t even aware of.

“The growth in passwords is accelerating at a massive pace,” Carson said. “In the next eight years, the number of passwords will triple.”


5. Dodi Glenn at PC Pitstop
Dodi Glenn is the senior director of security intelligence and research labs at PC Pitstop LLC, a security software company headquartered in Myrtle Beach, SC.

He recommends that people be careful about the information they share online and that they avoid shady shopping sites.

“If the price is too good to be true, it likely is,” he said.

He also recommended that people use a different password for each of their online accounts, and that they avoid clicking on links in suspicious emails or opening attachments.

So what do you do if you get an unexpected attachment from someone that sounds important?

“Send them a separate email, or call them to verify,” he said.

  • +

1 comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

  1. I am probably an atypical reader of this sort of blog, Maria, and so the problem I’m about to air is unlikely to be one many others share, but it’s good to have an opportunity to express it and if there are any suggestions out there as to how I could address it I’d love to hear them.

    My problem relates to Point 5: Turn on Two-Factor Authentication Whenever Possible

    We do not get a mobile signal where I live. I have a very basic mobile for use when I’m away from home, but it will not receive even texts in any part of the house or garden.

    When two-factor authentication involves receiving a code by text and entering it online on another device I have a problem. Sometimes there is an option at the time the authentication is needed to nominate a mobile number for the code to be sent to. This is not ideal, but it enables me to phone a friend with mobile reception and get them to collaborate. Recently, however, having given Google an “alternate” email address and a security question a year or two back, I was confronted with the requirement to key in to my computer a code that was going to be sent to my mobile phone. (I must have given Google this number some time, but don’t recall doing so. I would certainly not have done so if I’d known it was going to be used like this.) There was NO other instruction/advice/suggestion. Take it or leave it.

    Once, in this type of situation, I got into the car and drove a couple of miles to where there was a mobile signal, received the text and drove back. When I came to enter the code on the computer there was a timed-out message. So, scuppered.
    As far as I can see, my only recourse is to take the mobile and the laptop to somewhere, such as a public library, where there is accessible wifi and a mobile signal.

    Am I missing something?