Identity theft criminals have many ways to trick you. Using Psychology of technology principles, criminals design clever emails to collect your login details or get you to install malware (i.e., bad software technology containing virus). According to Spam Laws, 362.5 million phishing attempt emails are sent every day.
A phish attempt is a process that aids in identity theft. Phishing emails looks like they are sent by a legitimate company. In reality, the email contains spam links or malware that can lure you into typing in your username and password. Bad guys hope you use the exact same password and userID for your other accounts, because then they use that login ID to steal credit card information, bank account money, etc. I personally get at least 2 or 3 phish attempt emails daily, and those are just the ones that get past my spam filters.
Why don’t geeks ever get fooled by these legit-looking emails?
Keeping their identity credentials secure is a habit for IT professionals. It’s about to become one of your habits too. You’ve heard some of these techniques before, but it’s now time to take action. I know you’ve been lazy, downplaying the risks, etc. We all put our heads in the sand sometimes. But with an expected billion more people on the Internet in the coming years, now is time to wake up and build a habit of safety for you and your family.
5 ways to keep safe online:
-
Use strong anti-virus software
This seems like a no-brainer to some of you. You may be surprised to find out how many people have not bought and/or installed any protection on their devices (go ahead, ask people around you). Geeks not only install anti-virus software but also write their own scripts to occasionally sweep their machines for bad stuff. Kaspersky, Norton and Symantec are popular anti-virus services. Buy and install the software if you haven’t already, even if you are on a Mac. It’s easy and worth the money. (Parental control software you can skip, though).
-
Construct varied and strong passwords
Geeks sometimes institute password schemes that allow them to have a different password for each site. E.g., categorizing each type of site, adding a sentence to go with it, perhaps adding a date or other number, then initializing the sentence: “Twitter is” + “Social Media Site” + “date 0513” would be a password like this: TiSMSd0513. <- That is a super secure password system that is easy to remember and can be varied for different sites. (Another method: use the same “throwaway” password for unimportant sites that contain no credit card or other info. Just never make that the same as your email password). Remember, it’s OK to write your passwords down on a piece of paper – if you trust the people who are in your living space.
-
Never click on links in email
Geeks don’t click on any links that come from companies, because they know companies are savvy enough to deliver information in more secure ways and would never send “please verify your ID (etc)” emails. Instead of trying to suss out which links are legit, most geeks don’t click on any emailed links at all. Geeks go to a browser, type in the company’s URL and login there if they are curious.
-
Never click on or install attachments
Geeks figure that important things like legal papers or family photos, etc., will be shared in other, more secure ways. If a company is desperate to get a hold of you, they will not be using only email. Snail mail and phone numbers are still the communication methods of choice for companies. Family photos can be shared via Facebook or Flickr. There just isn’t any reason to click on any attachment in email unless you are waiting on a specific pdf from a specific person, and said person has warned you that an attachment is forthcoming. Geeks know important information will find them, without email. FedEx or UPS for example.
-
Have a throwaway email address (or three)
Geeks use multiple email addresses and assign each for different things. I have an email address just for signing up to newsletters and entering contests. I have another email account for general communication. I have yet another one for this blog; I never use the blog email to sign up for anything, so I automatically know any company emails sent to that address are actually phish attempts.
Those are the five main activities that will make vast improvements in your security habits. Another thing I’d like to mention is this: don’t check email when you’re tired or in a hurry. Some phishing attempts can be very clever, as if they were engineered by behavioral experts. It’s easier to fool an exhausted or rushed person. Reading email needs as much of your attention as driving in the snow requires. Lots of bad guys out there are trying to snow you and blind you with your own human faults. Instill few good habits and software automations to get to your destination in one piece.
Stay safe, everyone!
Comments on this entry are closed.
I would just add one: Use multi-factor authentication whenever you can (and especially on your primary email account)
Claude, that’s a very good one. Most end-users won’t get it though. Makes me think about how I could explain ways to institute double or multi auth independent of the provider. Because until providers institute it, users will just go with the flow of whatever design is presented to them. Any ideas?
Independent of the provider is really difficult unless you know of a service which can store impossible-to-guess-passwords and then allow you to login using multi-factor to get access to them.
One thing may be easier tho is that Gmail, Facebook and Twitter offer 2-factor authentication and since a lot of other services can use those services to login, through OAuth, it might be a good option to recommend to activate 2-factor on your favorite service then use that to sign-up to other services.