Anti-Social Security: What are the easiest ways to protect yourself online?
2018 has been a busy year for the hackers so far. In June Reddit was attacked resulting in the theft of customer emails and data; Timehop suffered a similar treatment in July resulting in the theft of over 21 million email addresses and MyHeritage suffered a data breach affected a whopping 92 million people.
Question one, “Why should I care?”
Believe me, you should. Hackers are not just stealing email addresses for the sheer fun of it. Getting a large pile of email addresses is only step one in a set of schemes designed with only one intention – to part people from their money.
“How does having my email address help them? Surely the whole point of my email is for people to have it?”
Well, sort of, but think about it. Firstly, having your email address is, in some ways, a lot like having your real-world address. Do you really want some creepy strange bloke knowing where you live? Secondly, your email address isn’t just that any more. It’s one part of the logon credentials for most of your life. Nearly every online service uses email addresses to identify you even online storage like Asset Bank uses email to identify users. Think about your facebook user name that you type to sign in? If they know your email address they know that. Do you use online gaming? Own an Xbox? If you’re on Google or iCloud your whole online presence is mapped in those accounts and they store even secure information like photos; credit card details; family member locations and more.
“Yeah but I’m protected, right? They can’t get me. I’m savvy to all their tricks”
Can’t they? Most standard online security is simply based on knowledge. If you know enough to get into the account then you can. Jennifer Lawrence famously had her account accessed and nude photos of her leaked online back in 2014. She had enough public information for these online intruders to guess her email address and the answer to her security questions. Job done.
Now, think about every online survey you’ve ever done. “What is your favourite dog?”; “Which Vegetable are you?”; “How long would you survive in a fight with a velociraptor?” (These are genuine examples by the way). Think about every time facebook redirected you to a third party website and you were asked to either re-enter your details or provide information. Think about all those adverts that promised a chance to win an iPhone or a Playstation 4.
It is well past time for us all to get serious about our online security because the threat is very genuine and more and more people are being affected by targeted online attacks and thinking you’re savvy enough or smart enough to navigate through them all safely is the worst thing you can do. In 2017 more consumers in the 20-29 bracket lost money then those in the over 70’s bracket.
Now, ask the right question.
“How do I stop them?”
The first step is to look at what a scammer would need to get into your sensitive data or money. This will typically be:
Your email address or login user name for an account
The answers to your security questions
Possibly a PIN number or verification code depending on your security
Your bank details
Your credit card details
These are the things you have to protect. Here’s some tips and tricks to help you do just that courtesy of internet security portal vpnadviser.com.
Email address: This is the easiest one. Create an additional email address or an alias and use that for all your online social activity. Do not link it to anything important. Make sure that this email address has completely different information from your real one. Give yourself a nick name in it, or use an online handle. Keep your “real” email for trusted and verifiable sources such as your online banking. You can usually even set up forwarding between your fake email and your real one so you only really need to log into the genuine address to check your emails.
Password: No-one likes doing this but kiss your current passwords good bye. Chances are they’re not secure. If they contain words; names; incremental number strings or indeed any non-random characters then they’re a security risk. Odds are also good that you’re using the same password for multiple accounts. This is one of the easiest ways for someone to get access to your info. They hack their way into something with very little security, get the password and then try to log in on a site with much better security. The ideal password is something that’s random and that you only know because you memorised it by rote. However, if you have trouble remembering these, here’s a good middle ground. Pick a song. I’ll use Bohemian Rhapsody. Now pick a line. I’ll go with line 7. Now express the number and the first letter of every word on that line as your password. Finally, put a non standard character on the end. I’ll use the dollar symbol.
So, my password would be: 7Ijapb,Inns$
Line 7: I’m just a poor boy, I need no sympathy $
Easy to remember, all you need is the song, the number and the symbol. Very hard to guess.
Security Questions: This one shouldn’t be tough. Lie and memorise the lie. For example, a common security question might be “What is your mothers maiden name?” To which I’d have an answer of “Uncle Bulgaria”.
Verification codes, bank details and credit card details: I can bulk all these together and cover them with two simple rules.
Rule One, don’t give them out online unless you are 100% sure a genuine and secure website. There’s a couple of easy checks. Firstly, look in the address bar. If the website doesn’t have “HTTPS://“ at the front of it, don’t put in your details.
Secondly, look for spelling errors and poor syntax. Professional websites can afford to hire someone to check their spelling. In addition, if they make reference to you, look to see if they’re using your name. If they call you “Customer”, “Sir” or “Madam” then be very skeptical.
Finally, if anything pops up with a warning, do not click on it. Ever. Quit your web browser completely and run your anti-virus software from your start menu. Then, when you re-open your browser do so without launching any old windows (on some browsers this is the shift key). If necessary, disconnect from the internet and then open your browser. Connect to a trusted site and see if any messages pop up. No? It was a scam.
Rule Two, don’t give your details out unless you’re 100% sure you’re on a genuine and secure connection. Low security connections are as much a threat as low security websites and public hotspots, Internet cafes and free wi-fi in airports or bars are leading to a whole new breed of fraudulent scams. If you want to maintain a secure connection whilst using these, invest in a VPN. They’re pretty cheap and well worth the piece of mind since they encrypt all data traffic across them. Check out VPNadviser.com for a list of reviews for tested VPN providers.
And last of all, please remember this golden rule. Before you ever put information on line ask yourself this one question.
“What is the absolutely worst thing someone else could do with this data?”