Maria Korolov

I’m a cyber security enthusiast and a former Microsoft MVP.

You find more our contributors here.

1. Phishing Emails and Tips to Avoid Them

Phishing exampleYou probably think you know how to spot a phishing email, but phishing emails get an average click rate of about 10 percent or higher, according to a report released last month by Wombat Security Technologies.

And there are a lot of them. If you don’t click on one, you might very well click on the next one.

Diligent published the results of a survey last month about which fishing emails people were most likely to click on.

More than 68 percent of people would click on an email if it looked like it came from someone they know. And 61 percent would click on an email that referred to social media, such as one saying “Did you see this pic of you? LOL.” People who got an email that looked like an invitation to access a shared file on a service like Dropbox clicked in 38 percent of the time. Other successful phishing emails were ones that told users that they had to do something to secure their account, that there was a new login for their social media, that they had to appear in court and the notice was in the attachment, or that they were due a tax refund.

According to Diligent, 156 million phishing emails are sent every day, and 16 million of them aren’t detected by spam filters.

So what happens if you click on the link, or open the attachment? You get malware.

More than 90 percent of phishing emails carry ransomware. These are programs that infect your computer and encrypt all your files. The hackers then ask you to send them money to get your files back — but there’s no guarantee that they’ll keep their promise because, after all, they are criminals.

Last year, ransomware hackers took in more than $1 billion from victims.

You can also get infected by malware that spies on everything you do, including the passwords that you type into your online banking site. Other malware takes over your computer and uses it to send out more spam, slowing down your computer and potentially getting you into trouble with your Internet service provider.

Tips for Recognising Phishing
  • Spelling or grammar mistakes. Real companies hire copyeditors to check their emails before they go out.
  • It doesn’t use your name.
  • It’s from someone you don’t know, or it refers to a transaction that is unfamiliar to you.
  • It asks for your personal information.
  • It seems too good to be true. Or, too bad to be true.
  • It is written to sound very urgent, or even threatening.
  • The return address of the email or the URL of the link don’t look right. For example, instead of taking you to MyBank.com, it goes to MyBank-this-is-real-we-swear.com.
  • It asks you for money or a donation.
  • It is really vague, and it wants you to click on a link or download a file to find out more.

With the constant growing rate of cyber crimes and online scams, people lose billions and many people have lost their identity.

This Guide will help you avoid the following:

  • Identity Theft
  • Credit Card Frauds
  • Phishing Emails
  • and more.

We’ve pointed out 14 ways to keep your online activity super-secure. At the end of the article, we’ve reviewed some IT industry experts who give good insight to the future.

 

2. Stop Over-Sharing

Don’t share any personal information online, and especially don’t share your social security number, driver’s license number, address, date of birth, or your mother’s maiden name.

The criminals know that we like to talk about ourselves.

And when they get this information, there’s a lot that criminals can do with it.

 

3. Download Software From Trusted Sources

Untrusted softwareThe internet is awash with different kinds of software that you can download and install on your computer. Keep in mind that not all downloads can be trusted equally. An approved software update for your operating system (usually Windows or macOS) is almost certainly going to be perfectly safe to install. On the other side of the spectrum, a download from a cheap-looking website that promises to clean up the files on your computer could be one worth staying well away from.

Look to download commercial apps bought from secure sites and free apps from sites with a good reputation (such as Tucows and ZDNet, as well as official resources such as the Mac App Store). If you’re unsure about the origin of any piece of software, don’t download or install it. Look it up on the web and check for reviews and blog posts about the software from reputable sources. It’s usually quick to tell whether some software is genuine and trusted by the web community.

 

4. Avoid File-sharing Sites and Torrenting

Sites used to back up and synchronise your files are generally perfectly fine to use, and are much safer than many people might think. But places where you actively exchange content with others – file-sharing sites – have the potential to compromise your computer. This is because such sites often deal in the sharing of files that aren’t meant to be shared.

They could be films, software or other content that has some commercial, copyrighted value. Someone looking to gain control of others’ computers could easily share some rogue software – called malware – that would allow them access to your machine if it were to run on your system.

Be careful, then, whenever using a service like this. It should go without saying that following copyright laws in your country is a sensible thing to do!

 

5. Turn on Two-Factor Authentication Whenever Possible

2 step verificationMost of the most websites most critical to our lives — online banking websites, Gmail, Facebook — offer two-factor authentication.

That means that if someone looks suspicious, like, say, they are logging in from a computer in China and you’ve never used that particular computer before and also you’ve never even left your home town — they’ll step in. For example, the bank might send a one-time code to your phone, or send a code to you by email.

Unless the hacker also somehow got into your email or your phone, they’ll be locked out of your account.

And if you ever lose your password, or someone tries to hijack your account, you can go through the second authorization method to reset your password and get your account back.

But two-factor doesn’t happen automatically. You have to give your cell phone number to your bank. You have to enable the two-factor with Google and Facebook.

If you haven’t done it yet, go and do it.

According to the Pew survey, 16 of people have had their email accounts taken over without permission, and 13 said that this has happened to a social media account.

Here are the instructions for the most popular services:

 

6. Change Your Passwords After a Breach

Speaking of changing your passwords after a breach, you should do that.

According to the Pew survey, 64 percent of Americans have personally experienced a major data breach.

If you’re one of them, or suspect that you are, go and change your passwords. Start with your most important sites — banking, credit cards, and shopping sites. Then your favorite social media sites.

You probably can’t even remember all the places where you have an account, right?

Seriously, go back to the previous step and install a password manager.

 

7. Consider Using Credit Monitoring

Another thing that the criminals will do if get access to your personal information is open new accounts in your name. You never see these statements because you don’t know that the accounts even exist — until you start getting hounded by collection agencies and discover that you no longer have a credit rating.

Fortunately, protecting against this is very easy, and completely free.

You might have heard that you’re allowed one free report a year from each of the credit monitoring services, so you haven’t bothered with it.

Now, there several free options out there that not only let you check your credit report any time you want, for free, without any damage to your credit rating, but they’ll also send you an alert if anyone tries to open a new credit account in your name.

Capital One and Discover Card both offer free online credit monitoring.

My personal favorite service is Credit Karma, and another popular option is Credit Sesame.

 

8. Consider Using Additional Anti-Virus Protection & Lock Your Screen

Obviously, not clicking on phishing emails is your first line of defense.

But what happens if you do, and the malware starts invading your computer or smartphone?

Hopefully, you have anti-virus in place to catch it.

I use Avast, and there are several others from very reputable companies that doesn’t cost you any money.

You can get the antivirus software for your smartphone, too. However, according to Pew, only 32 percent of people have it.

Another wya to protect your computer or mobile device is to turn on password or PIN or fingerprint locks.

According to the Pew survey, 28 percent of smartphone owners don’t use a screen lock or other security feature to limit access to their phone.

Most people don’t secure their laptops either, and its easy for a thief to grab your device and walk off with it and all the data in it. If you have it set up with automatic logins to your financial sites, email or social media accounts, you are even more vulnerable.

Also, do you have a camera on your computer? I keep a Post-It over mine, and Facebook’s Mark Zuckerberg uses a piece of tape. It’s a quick and easy fix. Personally, I feel happy knowing that some stranger isn’t watching me picking spinach out from between my teeth.

Because of the large number of breaches in the news recently, people are more aware of cybersecurity issues than ever before, said Pew’s Rainie.

“But in their day-to-day life, they don’t act as if it’s a central concern,” he said. “It’s a paradox.”

 

9. Update Your Operating System and Software Promptly

Keep your PC updatedWhen a company discovers that there’s a security problem in its software, it sends out an update.

Some programs update themselves automatically, without asking permission. But many operating systems and applications ask first.

However, most people don’t approve the update right away. Given the choice, only 32 percent of people opt to have their apps update themselves automatically. Of the rest, 38 percent run the updates when it’s convenient, and 10 percent never install app updates at all.

When it comes to major updates, like the phone operating system, 42 percent wait until it is convenient, according to the Pew survey, and 14 percent never update it.

That’s a problem. When hackers find out that there’s a security vulnerability, they rush out to take advantage of it before everyone upgrades. The longer you take, the more at risk you are.

So why don’t people update right away?

“It might be strictly a matter of convenience and control,” said Pew’s Rainie. “Some people think, I want to do updates on my own time. Or, I don’t want to burn through the data on my data cap.”

 

10. Keep an Eye on Your Statements

The sooner you spot a problem, the better off your are. Ask your bank or credit card company to issue you a new card and close the old account. And if the problem came from an online shopping site, file a dispute and change all your passwords.

Consumers who had their account taken over by a hacker had to spend an average of $263 of their own money to get things straightened out, according to Javelin.

You don’t have to be one of them.

 

11. Use Reputable Shopping Sites

Most brand-name e-commerce sites, like Amazon, have good security systems in place and are happy to refund your money if something goes wrong.

Scammers still pop up, however, promising goods that they don’t deliver. Check the ratings and customer reviews before making a purchase.

As an extra fail safe, if you pay with a credit card, you can also have them reverse the charges if it turns out that there’s a problem.

Chrome HTTP not secure
Don’t visit a shopping site that isn’t have a GREEN certificate on browser bow. This means they don’t encrypt your credit card data.

 

12. Don’t Use Unsecured WiFi

Most wireless routers – the devices that share the internet signal around your home or office – will be set to use a form of encryption, requiring a password before you can connect to the WiFi network. Although this is a pain, it is a safe way to ensure that no one else can easily join your wireless network. Doing so would mean they might be able to gain unauthorised access to any of the computers or devices on the network.

When you are out of the home or office, you might connect to a public WiFi hotspot. These often have their own joining criteria (a need to register or enter a password, for example), but some WiFi networks are completely open. Connecting to such networks is usually a bad idea. It’s best to pick a secure network instead or to rely on your device’s own connection to your mobile operator.

An alternative is to use a Virtual Private Network (VPN) app such as Cloak, which allows you to create a secure connection even when you have joined an unprotected WiFi network. Such apps are ideal for mobile phones, tablets and laptops.

13. Use a Password Manager

According to Dashlane, a password management company, their average user has 120 passwords.

How can a person be expected to keep track of them all?

It’s no wonder that we’re getting hacked. All a hacker has to do is get our stolen information from any of our accounts and they can log into all the other ones.

It doesn’t have to be that way. A password management program collects all your passwords for you right as you type them on your computer or your mobile devices, synchronizes them across all your devices, lets you update them easily, and, best of all, stores them in an encrypted way so that nobody — not even the password management company itself — can get to them.

And you get all that for the amazing price of … zero dollars.

Why isn’t everyone using one of these things? Mostly because the programs have only become really usable in the past couple of years, and many folks haven’t heard of them yet, said Pew Research Center’s Rainie.

Today, only 3 percent of Americans use a password management program to keep track of their passwords.

The best password manager out the right now for the average consumer is LastPass, which is free, and works on multiple devices.

DashLane’s free version currently only works on one device, but it has a feature where it can change all your passwords for you all at once if there’s been a breach. They also have a version that syncs your passwords across all your devices, for $40 a year.

14. Back Up Your Data

While it’s crucial to keep your computer protected from the outside world, it’s important to remember that you keep data – that’s files, documents, pictures, music, videos – for a reason: to use them. The last thing you want is for the hard disk inside your computer to fail and for you to lose any or all of that precious information. So, what to do? The best course of action is to put in place a backup routine. That means finding a way to copy your information to a safe place so that you don’t rely solely on your computer’s hard disk.

Backups can be made to an external hard disk, such as one connected to the computer via a USB cable. More and more people are now turning to cloud backups, which means that your data is transferred securely over the internet to a service such as Dropbox. For the best protection, use a combination of physical and cloud backups. Doing so will mean your data should be safe even if disaster were to strike. A service such as Acronis may suit you if you wish to go for the hybrid backup route.

 

5 Expert Opinions on Internet Safety

1. Lee Rainie at the Pew Research Center on Passwords

Pew Research just did a survey, released last week, and found that 86 percent of people keep track of passwords by memorizing them.

“You could argue that it’s the safest thing,”

“Unless you’re tortured, you’re not going to pass it out to other people.”

How many people can keep track of dozens of passwords, each long and complicated, with numbers and symbols, and change them on a regular basis?

“It probably means that people use simpler passwords than they should, and they use similar passwords across multiple sites,” he said.

“There’s a paradox in the way that people think of online security.”

“People are generally aware of the problem”

“And their awareness of the problem has grown over the past several years. But in their day-to-day life, a lot of people, even if they express concern or anxiety, don’t act as if it was a central concern of their lives.”

2. Al Pasqual at Javelin on Identity Theft

According to a new report, total losses last year hit $16 billion in the U.S., with more than 15 million people falling victim. That’s about one out of every 16 consumers.

“This past year is very significant,” said Al Pascual, research director and head of fraud and security at Javelin Strategy & Research, which produced the report. “We’ve seen so many different types of frauds that are driving incident rates higher that it’s incredible.”

The biggest problem? Account takeover, he said. That’s when a criminal gets access to your bank account or your online shopping account or your credit card account and just goes to town.

They get some of their information by hacking into websites and databases. But some victim are actually giving up their personal information voluntarily to the bad guys.

“They looking to social media for data they’re using to commit fraud,” said Pascual.

But staying off the Internet altogether doesn’t necessary help, he added.

“If you’re not a frequent digital user, you have a higher risk of fraud lasting longer,” he said.

For example, someone who gets an email alert for unusual transactions, or regularly checks their online bank account, would be more likely to spot problems quickly than someone who gets a paper statement once a month that they may — or may not — examine closely.

3. Stephen Coggeshall at LifeLock On Credit Cards & Common Online Frauds

Stephen Coggeshall knows all about identity theft. He’s the chief analytics and science officer at LifeLock Inc., a company that offers identity protection services, and is well aware of what happens when a user’s identity is compromised.

Unlike basic credit monitoring services, which only let you know that something has happened, LifeLock helps individuals protect their accounts from being taken over, and then also helps resolve any problems that occur.

He recommends that you should be wary of anyone who contacts you out of the blue.

“If you get an email, phone call, or a letter from some entity requesting information, or suggesting that they’re going to help you, or who want to deposit a million dollars into your account from a Nigerian prince — you should automatically be suspicious,” he said. “If you contact an institution you can pretty confident that this is correct, but if they contact you, you have no idea who they are.”

He also added that customers be extremely careful if they believe that their permanent information is compromised.

Credit cards can be canceled and new ones reissued.

“But if your permanent credentials are compromised they are out there for ever,” he said.

And criminals can use this information to do some serious damage — like getting a major bank loan in your name.

“If the bank sees they know the social and date of birth, they assume it’s you,” he said.

4. Joseph Carson at Thycotic (3 billion user credentials have been stolen in 2016)

According to a report released last week by Thycotic and Cybersecurity Ventures, 3 billion user credentials and passwords were discovered to have been stolen last year.

That comes out to hackers getting their hands on the logins and passwords of three out of every seven people, said Joseph Carson, head of global strategic alliances at Thycotic Software Ltd.

Most people aren’t aware of how many passwords they have. There are logins for their email accounts, social media sites, shopping sites, finance sites, for all their favorites games and online applications — and the numbers just keep growing.

There were 75 billion passwords in use today, he said, and another 25 billion will be added over the next three years. And that’s not even counting the passwords using by Internet of Things devices and other types of passwords that are used in the background and most people aren’t even aware of.

“The growth in passwords is accelerating at a massive pace,” Carson said. “In the next eight years, the number of passwords will triple.”


5. Dodi Glenn at PC Pitstop
Dodi Glenn is the senior director of security intelligence and research labs at PC Pitstop LLC, a security software company headquartered in Myrtle Beach, SC.

He recommends that people be careful about the information they share online and that they avoid shady shopping sites.

“If the price is good to be true, it likely is,” he said.

He also recommended that people use a different password for each of their online accounts, and that they avoid clicking on links in suspicious emails or opening attachments.

So what do you do if you get an unexpected attachment from someone and it sounds really important?

“Send them a separate email, or call them to verify,” he said.

  • +

1 comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

  1. I am probably an atypical reader of this sort of blog, Maria, and so the problem I’m about to air is unlikely to be one many others share, but it’s good to have an opportunity to express it and if there are any suggestions out there as to how I could address it I’d love to hear them.

    My problem relates to Point 5: Turn on Two-Factor Authentication Whenever Possible

    We do not get a mobile signal where I live. I have a very basic mobile for use when I’m away from home, but it will not receive even texts in any part of the house or garden.

    When two-factor authentication involves receiving a code by text and entering it online on another device I have a problem. Sometimes there is an option at the time the authentication is needed to nominate a mobile number for the code to be sent to. This is not ideal, but it enables me to phone a friend with mobile reception and get them to collaborate. Recently, however, having given Google an “alternate” email address and a security question a year or two back, I was confronted with the requirement to key in to my computer a code that was going to be sent to my mobile phone. (I must have given Google this number some time, but don’t recall doing so. I would certainly not have done so if I’d known it was going to be used like this.) There was NO other instruction/advice/suggestion. Take it or leave it.

    Once, in this type of situation, I got into the car and drove a couple of miles to where there was a mobile signal, received the text and drove back. When I came to enter the code on the computer there was a timed-out message. So, scuppered.
    As far as I can see, my only recourse is to take the mobile and the laptop to somewhere, such as a public library, where there is accessible wifi and a mobile signal.

    Am I missing something?