Monday, July 1, 2013

Protecting Yourself from Cyber Criminals

Today is Monday, July 1, 2013.

Cyber criminals are on the rise, and people need to be aware of how to protect themselves from these crooks.  Here are a few tips.

While email is not the only way cyber criminals operate, it's still their most reliable source of information.  They do this by a process known as "phishing."

Businesses that keep lists of email addresses are prime targets for cyber crooks.  Sometimes they are able to hack into the computer records of a business to get the addresses.  Other times, they are able to get people to click on a link in an email or click on a video on a social media site.  Once you click on it, they can get into your email and get access to your "address book" - the list of people to whom you have sent emails, which is kept automatically nowadays.

Once they have decided how to get a list of emails, they develop an email message that they can send out to people.  The email may have text, but it often has only a link in the body of the message.  The link may or may not take you to a web site or video.  The web site may look almost identical to the real one that they are posing as.  For example, it may look like a bank site, a site for donations to charity, or a store web site.

The email may thank you for ordering something that you haven't ordered, but say that they need some specific information to process your order.  It may tell you that you have been selected to assist someone in transferring some money from their country to yours, and for your pains you will be paid a large sum of money.  The email may tell you that your credit card has been stolen and that you need to verify some sensitive information.

Some of these spam emails are easy to spot, because they are full of grammatical and spelling errors.  If the email contains a link and nothing else, assume it is spam.   You can always call the person on the phone to ask them if they've sent you something, and why.  If the email was legitimate, they can always resend it to you.  Calling the person is a good practice, anyway, because if they haven't sent you anything, then their email has been infected, and they need to change their passwords and disinfect their computer.  If you don't know the person well enough to call them, then you don't have to feel badly about deleting the email.  

Some emails can infect your computer as soon as you open them.  If the "subject line" seems a little off, if you ask yourself, "Why would he be writing to me about that?" then delete the email immediately without opening it.  If the subject line repeats the name of the sender, that is also a clue that the email is dangerous.  If the email comes from someone you don't know and the subject is strange, just delete it.


Image credit: Technology Trends
How can you be sure you will not be a target of a phishing attack?   You can't, but there are ways to protect yourself.

1)  Don't check email from someone else's computer, and if you take your personal computer with you, avoid checking your email on a public Wi-Fi system such as are used in cyber-cafes, restaurants, hotels, convention centers, and so forth.

2)  If you can't avoid checking email away from home, be aware that if you use a Wi-Fi system from a business, they can and do reserve the legal right to access and read personal emails.  Whatever you do, always sign completely out of your email account when you are done.  It's a pain to sign in and out all the time, but the good thing is that if you do it frequently, you will not forget your password.

3)  Generally there are two things you need: an ID and a password.  If your ID is your email address, that can be very easy for crooks to get, especially if your email address ends in @gmail.com or @yahoo.com.   Never use any part of your email address as your password.

4)  Try to create a different password for each account.  These days, people have so many accounts that they can't keep track of all their passwords.  You can buy a small notebook to write down your most important passwords, to be kept at home under lock and key when you are away.   Whatever you use, avoid using your birth date, your house number, your social security number, your driver's license number or any other number that thieves can figure out, as a password.  Also, don't use your kids' names, your spouse's name or your nickname, if it is publicly known.  Try to use both letters and numbers, and if possible, symbols in your passwords.  Many places now require this, and they also require that at least one letter be capitalized at random.  For a long password, a good option is to use a phrase that you can remember.  Just don't make it something that you are famous for saying.  In addition, make it a practice to change your passwords every few months, and always change your email password if your account is hacked.

5)  Take time to delete old emails.  Delete not only all the emails people have sent to you, but more importantly, emails you have sent to others.  Once you have deleted them from your "inbox" and your "sent mail" box, be sure to empty the trash.  If you have saved a lot of old emails, this process may take some time.  Most email clients nowadays have ways to delete a lot of emails at once.  The BEST thing you can do is to delete emails as soon as you have read them, unless you need to keep them for a reason.  You can always copy and paste the information into a word processing file and save it directly on your computer, then delete the email.

6)  Don't fall for emails that promise guaranteed loans, credit cards, or fabulous travel deals.  If you are looking for a loan or a travel deal, go directly to various web sites and initiate your own contact.  Never, under any circumstances, click on a link from an email.  If the deal is for real, you will be able to find it on the web for yourself without using the link.  Chances are, the deal is probably not real.

7)  These days, hackers can get a lot of information about you, and they can pose as your grandchildren.  They may email you or call you and tell you that they are stranded in another country because they've been robbed, or that they are in legal trouble. They will often beg you not to tell anyone because they are so embarrassed.  The first thing to do is to make no promises.  The second thing to do is hang up and call the loved one at a number that they have personally given to you, or call someone you know who can get in touch with them.  Never agree to wire funds to anyone, even if they seem to know information only your loved one would know.

8)  Know that no bank or official agency such as the IRS will ever ask you for sensitive information in an email. Neither will UPS, FedEx, or any other legitimate business.  It is just not done.  If you get an email from a credit card agency saying your card may have been stolen, call the credit card company directly, using a number they have given you on a bill, and make inquiries. (And if you can't find that card, stop that account and have them issue you another card with a different number.)  Remember that companies are as interested as you are in catching cyber thieves, so they will treat your call with respect.  If an official agency needs to contact you, they will generally do so by mail, at your address of record.   Never give bank routing information in a reply email, and never put information into any field on an Internet page that you have arrived at by clicking on a link in an email.

 9) Be wary of emails from "Wall Street insiders" with hot stock tips, companies asking you to be a "secret shopper" (...and you can keep everything you buy!  Well, duh!  Of course, I keep everything I buy.)  Also be wary of work-at-home schemes and get-rich-quick schemes, such as pyramid sales plans.  If an offer seems too good to be true, rest assured that it is.  Don't bite.

10)  When a disaster happens, such as a hurricane, flood or wildfire,  there are always a number of fake charities that spring up.  Never donate money based on an email solicitation.  Always go directly to a charity site that you know well, such as the Red Cross.  These days, social media offer ways for private citizens to raise money.  Use these only if you know the person well and can verify with them offline that the charity collection is legitimate.

11)  All of these security cautions are just as valid for text messages on your phone as they are for emails.  It is wise never to respond to text messages from someone you don't know. If necessary, find out how to "block" these people from sending you more messages.  And once in a while, delete your old messages, both sent and received.

12)  A caution on phone calls:  Don't be afraid to hang up on a caller you don't know.  Especially if you can't hear them well, never say, "yes" to a question you think you heard.  Always ask them to repeat, speak up, and talk more slowly.  

13)  These days, another way that scammers can get your information is through "apps" for your iPhone or Smart Phone.  If the app is free, know that information about you is probably being collected (such as what type of  Smart Phone or tablet you have, what sorts of things you are interested in, and what shopping sites you visit).  Remember that games often ask the user to buy virtual "coins" or "tokens" to be used in playing a game.  Sometimes they refer you to another related app that requires payment to download.  Naturally, the payment accepted is your credit card, and once you enter that number, you have no idea whom you have really given it to.

14)  Beware of using apps on your Smart Phone or computer such as "Foursquare," which broadcasts your location in real time. Guys can track the whereabouts of teenage girls, and pedophiles can track the location of your children.  If you need to know where your kids are, it's much better to have them call you, or better yet, you call them.  :-)

No comments: