As 2016 draws to a close, and the holiday rush of online shopping is in full swing, I thought it would be a great time to recap some tips to stay safe online. No one should have to deal with the painful aftermath of a compromised online account.
1) Use different passwords. Seriously.
With the unfortunate continued database dumps of private information being released, passwords will be leaked. Imagine if you use the same password on your bank website as you do on a social network. Exact passwords on multiple websites allow attackers to pivot attacks to multiple services after “owning” one of them. This can be simply avoided by using different passwords, but I know this is difficult to do. This gives rise to password managers, which securely generate a random password for each service and remember them for you. My favorite is 1Password, which, leveraged with Dropbox, keeps my password vault synced no matter where I go.
2) Look for the lock icon.
Online shopping is here to stay, but steps have to be taken when entering information online to ensure your data entered is safe. Web browsers have made this easier by placing a lock (sometimes green depending on the certificate) on sites that are secure. This means that information sent between you and the website is secured during transit. Look for this icon before you enter any credit card information.
3) Updates aren’t always bad.
People regularly ask me why they should update their software if nothing is wrong. This is especially the case if updates tend to change software that users have become accustomed to using. Some users will start to avoid updates entirely as the perceived problems are greater than the perceived benefits. Security is an ever evolving beast, so staying up to date on software ensures that you are protected. Not updating software makes you an easy target, regardless of how securely you act. Don’t ignore that Java update anymore!
4) Don’t blindly click links from emails.
Any company emailing you asking you to verify information is already suspicious as hell, but we can learn a trick right now. This is a link to google.com, notice the hyperlink means it is clickable. Hover your mouse over that link and in the bottom left corner of your screen you should see the location this link is going. Watch how easily I can trick you. This is another link — google.com — which appears to be going to Google, but it isn’t. Hover your mouse over that link, and you will see it actually redirects you to Yahoo.
This trick is used in phishing emails all the time. The URL may appear to be from a reputable familiar site, but in fact you are being redirected to a fake site that looks almost the same as the intended site. Don’t fall for these tricks. These emails should be in your trash.
5) Trust your instincts. Friends & family are fine.
A common tactic after taking control of an email account is to spam an email to the entire address box of the victim. The email might be a story about how the victim is lost in a foreign country without a passport and needs some money. There are so many variations of these emails, but read the email carefully and you should notice the grammar doesn’t match that of your friend and something just doesn’t feel right. A simple call/text to your friend can confirm this. Their account has more than likely been hacked, so do not fall for anything they are asking for.
6) Two-factor authentication is very helpful.
As mentioned earlier in this post, passwords are constantly being leaked. Thankfully popular sites offer what’s called “2 Factor Authentication.” As the name suggests, in addition to a password you require a secondary code that is usually generated/sent to your mobile phone. This 2nd layer of protection ensures that even if someone obtains your password (whether your fault or not), you have a 2nd line of defense for protecting accounts you care about.
Those were just a few tips, but I’ll leave you with a funny comic depicting the evolution of passwords. Thanks to xkcd.