1. Phishing Emails and Tips to Avoid Them
You probably think you know how to spot a phishing email, but phishing emails get an average click rate of about 10 percent or higher, according to a report released last month by Wombat Security Technologies.
And there are a lot of them. If you don’t click on one, you might very well click on the next one.
Diligent published the results of a survey last month about which fishing emails people were most likely to click on.
More than 68 percent of people would click on an email if it looked like it came from someone they know. And 61 percent would click on an email that referred to social media, such as one saying “Did you see this pic of you? LOL.” People who got an email that looked like an invitation to access a shared file on a service like Dropbox clicked in 38 percent of the time. Other successful phishing emails were ones that told users that they had to do something to secure their account, that there was a new login for their social media, that they had to appear in court and the notice was in the attachment, or that they were due a tax refund.
According to Diligent, 156 million phishing emails are sent every day, and 16 million of them aren’t detected by spam filters.
So what happens if you click on the link, or open the attachment? You get malware.
More than 90 percent of phishing emails carry ransomware. These are programs that infect your computer and encrypt all your files. The hackers then ask you to send them money to get your files back — but there’s no guarantee that they’ll keep their promise because, after all, they are criminals.
Last year, ransomware hackers took in more than $1 billion from victims.
You can also get infected by malware that spies on everything you do, including the passwords that you type into your online banking site. Other malware takes over your computer and uses it to send out more spam, slowing down your computer and potentially getting you into trouble with your Internet service provider.
Tips for Recognising Phishing
- Spelling or grammar mistakes. Real companies hire copyeditors to check their emails before they go out.
- It doesn’t use your name.
- It’s from someone you don’t know, or it refers to a transaction that is unfamiliar to you.
- It asks for your personal information.
- It seems too good to be true. Or, too bad to be true.
- It is written to sound very urgent, or even threatening.
- The return address of the email or the URL of the link don’t look right. For example, instead of taking you to MyBank.com, it goes to MyBank-this-is-real-we-swear.com.
- It asks you for money or a donation.
- It is really vague, and it wants you to click on a link or download a file to find out more.
This Guide will help you avoid the following:
- Identity Theft
- Credit Card Frauds
- Phishing Emails
- and more.
We’ve pointed out 14 ways to keep your online activity super-secure. At the end of the article, we’ve reviewed some IT industry experts who give good insight to the future.
2. Stop Over-Sharing
Don’t share any personal information online, and especially don’t share your social security number, driver’s license number, address, date of birth, or your mother’s maiden name.
The criminals know that we like to talk about ourselves.
And when they get this information, there’s a lot that criminals can do with it.
3. Download Software From Trusted Sources
The internet is awash with different kinds of software that you can download and install on your computer. Keep in mind that not all downloads can be trusted equally. An approved software update for your operating system (usually Windows or macOS) is almost certainly going to be perfectly safe to install. On the other side of the spectrum, a download from a cheap-looking website that promises to clean up the files on your computer could be one worth staying well away from.
Look to download commercial apps bought from secure sites and free apps from sites with a good reputation (such as Tucows and ZDNet, as well as official resources such as the Mac App Store). If you’re unsure about the origin of any piece of software, don’t download or install it. Look it up on the web and check for reviews and blog posts about the software from reputable sources. It’s usually quick to tell whether some software is genuine and trusted by the web community.
4. Avoid File-sharing Sites and Torrenting
Sites used to back up and synchronise your files are generally perfectly fine to use, and are much safer than many people might think. But places where you actively exchange content with others – file-sharing sites – have the potential to compromise your computer. This is because such sites often deal in the sharing of files that aren’t meant to be shared.
They could be films, software or other content that has some commercial, copyrighted value. Someone looking to gain control of others’ computers could easily share some rogue software – called malware – that would allow them access to your machine if it were to run on your system.
Be careful, then, whenever using a service like this. It should go without saying that following copyright laws in your country is a sensible thing to do!
5. Turn on Two-Factor Authentication Whenever Possible
Most of the most websites most critical to our lives — online banking websites, Gmail, Facebook — offer two-factor authentication.
That means that if someone looks suspicious, like, say, they are logging in from a computer in China and you’ve never used that particular computer before and also you’ve never even left your home town — they’ll step in. For example, the bank might send a one-time code to your phone, or send a code to you by email.
Unless the hacker also somehow got into your email or your phone, they’ll be locked out of your account.
And if you ever lose your password, or someone tries to hijack your account, you can go through the second authorization method to reset your password and get your account back.
But two-factor doesn’t happen automatically. You have to give your cell phone number to your bank. You have to enable the two-factor with Google and Facebook.
If you haven’t done it yet, go and do it.
According to the Pew survey, 16 of people have had their email accounts taken over without permission, and 13 said that this has happened to a social media account.
Here are the instructions for the most popular services:
6. Change Your Passwords After a Breach
Speaking of changing your passwords after a breach, you should do that.
According to the Pew survey, 64 percent of Americans have personally experienced a major data breach.
If you’re one of them, or suspect that you are, go and change your passwords. Start with your most important sites — banking, credit cards, and shopping sites. Then your favorite social media sites.
You probably can’t even remember all the places where you have an account, right?
Seriously, go back to the previous step and install a password manager.
7. Consider Using Credit Monitoring
Another thing that the criminals will do if get access to your personal information is open new accounts in your name. You never see these statements because you don’t know that the accounts even exist — until you start getting hounded by collection agencies and discover that you no longer have a credit rating.
Fortunately, protecting against this is very easy, and completely free.
You might have heard that you’re allowed one free report a year from each of the credit monitoring services, so you haven’t bothered with it.
Now, there several free options out there that not only let you check your credit report any time you want, for free, without any damage to your credit rating, but they’ll also send you an alert if anyone tries to open a new credit account in your name.
Capital One and Discover Card both offer free online credit monitoring.
My personal favorite service is Credit Karma, and another popular option is Credit Sesame.
8. Consider Using Additional Anti-Virus Protection & Lock Your Screen
Obviously, not clicking on phishing emails is your first line of defense.
But what happens if you do, and the malware starts invading your computer or smartphone?
Hopefully, you have anti-virus in place to catch it.
I use Avast, and there are several others from very reputable companies that doesn’t cost you any money.
You can get the antivirus software for your smartphone, too. However, according to Pew, only 32 percent of people have it.
Another wya to protect your computer or mobile device is to turn on password or PIN or fingerprint locks.
According to the Pew survey, 28 percent of smartphone owners don’t use a screen lock or other security feature to limit access to their phone.
Most people don’t secure their laptops either, and its easy for a thief to grab your device and walk off with it and all the data in it. If you have it set up with automatic logins to your financial sites, email or social media accounts, you are even more vulnerable.
Also, do you have a camera on your computer? I keep a Post-It over mine, and Facebook’s Mark Zuckerberg uses a piece of tape. It’s a quick and easy fix. Personally, I feel happy knowing that some stranger isn’t watching me picking spinach out from between my teeth.
Because of the large number of breaches in the news recently, people are more aware of cybersecurity issues than ever before, said Pew’s Rainie.
“But in their day-to-day life, they don’t act as if it’s a central concern,” he said. “It’s a paradox.”
9. Update Your Operating System and Software Promptly
When a company discovers that there’s a security problem in its software, it sends out an update.
Some programs update themselves automatically, without asking permission. But many operating systems and applications ask first.
However, most people don’t approve the update right away. Given the choice, only 32 percent of people opt to have their apps update themselves automatically. Of the rest, 38 percent run the updates when it’s convenient, and 10 percent never install app updates at all.
When it comes to major updates, like the phone operating system, 42 percent wait until it is convenient, according to the Pew survey, and 14 percent never update it.
That’s a problem. When hackers find out that there’s a security vulnerability, they rush out to take advantage of it before everyone upgrades. The longer you take, the more at risk you are.
So why don’t people update right away?
“It might be strictly a matter of convenience and control,” said Pew’s Rainie. “Some people think, I want to do updates on my own time. Or, I don’t want to burn through the data on my data cap.”
10. Keep an Eye on Your Statements
The sooner you spot a problem, the better off your are. Ask your bank or credit card company to issue you a new card and close the old account. And if the problem came from an online shopping site, file a dispute and change all your passwords.
Consumers who had their account taken over by a hacker had to spend an average of $263 of their own money to get things straightened out, according to Javelin.
You don’t have to be one of them.
11. Use Reputable Shopping Sites
Most brand-name e-commerce sites, like Amazon, have good security systems in place and are happy to refund your money if something goes wrong.
Scammers still pop up, however, promising goods that they don’t deliver. Check the ratings and customer reviews before making a purchase.
As an extra fail safe, if you pay with a credit card, you can also have them reverse the charges if it turns out that there’s a problem.
12. Don’t Use Unsecured WiFi
Most wireless routers – the devices that share the internet signal around your home or office – will be set to use a form of encryption, requiring a password before you can connect to the WiFi network. Although this is a pain, it is a safe way to ensure that no one else can easily join your wireless network. Doing so would mean they might be able to gain unauthorised access to any of the computers or devices on the network.
When you are out of the home or office, you might connect to a public WiFi hotspot. These often have their own joining criteria (a need to register or enter a password, for example), but some WiFi networks are completely open. Connecting to such networks is usually a bad idea. It’s best to pick a secure network instead or to rely on your device’s own connection to your mobile operator.
An alternative is to use a Virtual Private Network (VPN) app such as Express VPN (review), which allows you to create a secure connection even when you have joined an unprotected WiFi network.
13. Use a Password Manager
According to Dashlane, a password management company, their average user has 120 passwords.
How can a person be expected to keep track of them all?
It’s no wonder that we’re getting hacked. All a hacker has to do is get our stolen information from any of our accounts and they can log into all the other ones.
It doesn’t have to be that way. A password management program collects all your passwords for you right as you type them on your computer or your mobile devices, synchronizes them across all your devices, lets you update them easily, and, best of all, stores them in an encrypted way so that nobody — not even the password management company itself — can get to them.
And you get all that for the amazing price of … zero dollars.
Why isn’t everyone using one of these things? Mostly because the programs have only become really usable in the past couple of years, and many folks haven’t heard of them yet, said Pew Research Center’s Rainie.
Today, only 3 percent of Americans use a password management program to keep track of their passwords.
The best password manager out the right now for the average consumer is LastPass, which is free, and works on multiple devices.
DashLane’s free version currently only works on one device, but it has a feature where it can change all your passwords for you all at once if there’s been a breach. They also have a version that syncs your passwords across all your devices, for $40 a year.
14. Back Up Your Data
While it’s crucial to keep your computer protected from the outside world, it’s important to remember that you keep data – that’s files, documents, pictures, music, videos – for a reason: to use them. The last thing you want is for the hard disk inside your computer to fail and for you to lose any or all of that precious information. So, what to do? The best course of action is to put in place a backup routine. That means finding a way to copy your information to a safe place so that you don’t rely solely on your computer’s hard disk.
Backups can be made to an external hard disk, such as one connected to the computer via a USB cable. More and more people are now turning to cloud backups, which means that your data is transferred securely over the internet to a service such as Dropbox. For the best protection, use a combination of physical and cloud backups. Doing so will mean your data should be safe even if disaster were to strike. A service such as Acronis may suit you if you wish to go for the hybrid backup route.
5 Expert Opinions on Internet Safety
1. Lee Rainie at the Pew Research Center on Passwords
“You could argue that it’s the safest thing,”
“Unless you’re tortured, you’re not going to pass it out to other people.”
How many people can keep track of dozens of passwords, each long and complicated, with numbers and symbols, and change them on a regular basis?
“It probably means that people use simpler passwords than they should, and they use similar passwords across multiple sites,” he said.
“There’s a paradox in the way that people think of online security.”
“People are generally aware of the problem”
“And their awareness of the problem has grown over the past several years. But in their day-to-day life, a lot of people, even if they express concern or anxiety, don’t act as if it was a central concern of their lives.”
2. Al Pasqual at Javelin on Identity Theft
“This past year is very significant,” said Al Pascual, research director and head of fraud and security at Javelin Strategy & Research, which produced the report. “We’ve seen so many different types of frauds that are driving incident rates higher that it’s incredible.”
The biggest problem? Account takeover, he said. That’s when a criminal gets access to your bank account or your online shopping account or your credit card account and just goes to town.
They get some of their information by hacking into websites and databases. But some victim are actually giving up their personal information voluntarily to the bad guys.
“They looking to social media for data they’re using to commit fraud,” said Pascual.
But staying off the Internet altogether doesn’t necessary help, he added.
“If you’re not a frequent digital user, you have a higher risk of fraud lasting longer,” he said.
For example, someone who gets an email alert for unusual transactions, or regularly checks their online bank account, would be more likely to spot problems quickly than someone who gets a paper statement once a month that they may — or may not — examine closely.
3. Stephen Coggeshall at LifeLock On Credit Cards & Common Online Frauds
Unlike basic credit monitoring services, which only let you know that something has happened, LifeLock helps individuals protect their accounts from being taken over, and then also helps resolve any problems that occur.
He recommends that you should be wary of anyone who contacts you out of the blue.
“If you get an email, phone call, or a letter from some entity requesting information, or suggesting that they’re going to help you, or who want to deposit a million dollars into your account from a Nigerian prince — you should automatically be suspicious,” he said. “If you contact an institution you can pretty confident that this is correct, but if they contact you, you have no idea who they are.”
He also added that customers be extremely careful if they believe that their permanent information is compromised.
Credit cards can be canceled and new ones reissued.
“But if your permanent credentials are compromised they are out there for ever,” he said.
And criminals can use this information to do some serious damage — like getting a major bank loan in your name.
“If the bank sees they know the social and date of birth, they assume it’s you,” he said.
4. Joseph Carson at Thycotic (3 billion user credentials have been stolen in 2016)
That comes out to hackers getting their hands on the logins and passwords of three out of every seven people, said Joseph Carson, head of global strategic alliances at Thycotic Software Ltd.
Most people aren’t aware of how many passwords they have. There are logins for their email accounts, social media sites, shopping sites, finance sites, for all their favorites games and online applications — and the numbers just keep growing.
There were 75 billion passwords in use today, he said, and another 25 billion will be added over the next three years. And that’s not even counting the passwords using by Internet of Things devices and other types of passwords that are used in the background and most people aren’t even aware of.
“The growth in passwords is accelerating at a massive pace,” Carson said. “In the next eight years, the number of passwords will triple.”
5. Dodi Glenn at PC Pitstop
He recommends that people be careful about the information they share online and that they avoid shady shopping sites.
“If the price is good to be true, it likely is,” he said.
He also recommended that people use a different password for each of their online accounts, and that they avoid clicking on links in suspicious emails or opening attachments.
So what do you do if you get an unexpected attachment from someone and it sounds really important?
“Send them a separate email, or call them to verify,” he said.