As we wind down National Cyber Security Awareness Month in October, we count the breaches and total personally identifiable information records lost at more than 13 billion since 2013.
We’ve all heard about Facebook losing millions of records, and Google forgetting to disclose their breach for many months and then announcing they will shut down Google Plus as a result of the breach. That’s just the tip of the iceberg.
Now that we’re approaching the busiest online shopping season, with Black Friday and Cyber Monday right around the corner, it’s the most important time to understand the latest threats and to be vigilant. This is your chance to help halt hackers on the holidays.
1. Understand Email Security Basics
In an email phishing attack, you’ll receive a hyperlink that, if you click it, installs malware. Or there will be an attachment with a name you think you can trust, but if you try to open the attachment, you will also get infected.2. Learn to Guard Against Even More Sophisticated Spear Phishing Attacks
Every day, there’s a cybercriminal somewhere in the world looking to gain access to your identity and credit. They are getting smarter and they are using even more sophisticated techniques to send emails and SMS messages that look really good—like they came from someone you trust. It will usually have a link or attachment that leads to a malware infection.Some people have clicked links from banks with America in their name, but the hackers tricked them by using a font that makes an “r” and an “n” look like an “m,” so it was really Arnerica. If you are really busy, you might not notice the “r” and “n” and click the link and get infected.
Don’t click the links and don’t open the attachments. Talk to your family, friends, and business associates and confirm the email really came from them. Most likely, it’s a cyberattack.
3. Don’t Fall for Bank, Lawsuit, or IRS Telephone Scams
Your bank, a lawyer, or the IRS won’t call you and ask for your password over the phone, or tell you that you are about to be sued or that you’re going to be arrested for not paying taxes.4. Change Your Passwords—All of Them
Do it now and do it as frequently as you can tolerate. If you don’t want to change them often, use any unique characters you can think of, such as a dollar sign ($) or an exclamation mark (!) or replace a letter “o” with a 0 (zero).5. Clean Up Your Apps
Assume most of your smartphone or tablet apps are malware that spy on you and your online behavior. Do you really need them? Delete any apps you don’t use often. Replace apps that take advantage of too many of your privacy settings with similar apps that don’t.On an iPhone, you’re not being eavesdropped on until you run the app. However, I’ve discovered flashlight apps, Bible apps, and emoji keyboard apps that appear trustworthy and turn out to be spyware that passed the “security” tests by Google Play and Apple iTunes online app stores.
You really need to know who made the app and what permissions it really needs—does your flashlight need to turn on your microphone? Does your emoji keyboard need to have any form of internet access, i.e., send your keystrokes to China? And the list goes on.
6. Shop Online Only From Websites You Trust
If you don’t know where the merchant is located, don’t shop online there.If they don’t have a corporate address or are located in another country, it could be iffy whether you ever see the goods you think you purchased. Also, if their shopping-cart experience is not an HTTPS browser session, then everything you type in—your name, address, and credit card information—is going over the internet unencrypted, in plain view.
7. Check Websites have SSL Encryption
Never buy online using your credit card on a site that doesn’t have SSL (secure sockets layer) encryption installed. It’s easy to tell you are in a secure, encrypted session: You should see an icon of a locked padlock in your browser and the website URL starts with HTTPS not HTTP.8. Don’t Use Cash or Debit Cards
You have three major choices when shopping—cash, credit, or debit. In rare, but growing, instances, there’s even a fourth option called Bitcoin, which is now accepted at some merchants, including Overstock.com. Bitcoins could be considered equivalent to the cash option, because once used, you can’t get them back.9. Don’t Use Public WiFi Without Using SSL Encryption
Public WiFi networks can be a hacker’s dream. If they want, they can see what websites you are visiting and insert malware into your computer or another device. The hacker also has access to any information you are sending out over the internet, which could include credit card numbers or other critical information.10. Be Wary of Porch Pirates
There are hackers who have learned how to track packages online. Some of them may be criminals in your city or town. If they know a package is arriving on your porch when you aren’t home, they might just nab it.It’s best to have items delivered to your office, or to a family or friend’s house where you know someone will be home during the day, so they can sign for it and take it inside where it will be safe.
Finally, I just want to remind you that if it’s too good to be true, it probably is a scam.
There are new attacks online where the hacker pretends to be a family member or friend you haven’t seen in years by faking their Facebook account or stealing their password. Then, they claim you can trust them to go give $500 to the U.S. government to get a $10,000 grant. Then they have the fake U.S. government agent’s Facebook account contact you in Messenger and confirm that it’s all real and you can trust them.
Just remember: Money does not fall from trees, and if you give anyone a penny of your hard-earned money, never expect to see it back.
Then there are online dating scams, where your future soulmate asks you for money online because he or she needs it for the plane ticket to see you. These people are also fraudsters who should be in jail.
Remember, if someone calls you claiming to be from the IRS, or a law firm, or Microsoft technical support asking for money, these are the three biggest phone scams lately. Never give your credit card or personal information to anyone over the phone, especially if they are calling you.