Staying Safe Online

There isn’t a week that goes by without news stories breaking about website X being ‘hacked’ and its user database being plundered. It seems that everyone who has done anything on the internet will have his or her details already out there in the anonymous ether. This could be ‘just’ your email address, but sometimes more sensitive material like partial passwords or banking details will be visible for would be hackers and other kinds of people with bad intentions. It can be extremely confusing and scary if you listen to all the headlines in the news and various blogs. This post is to make a bit more sense of it all and to give you some advice on how to keep yourself safe. The short of it is to use common sense, and if it feels too good to be true, it probably is.

One of the core things to do is to avoid weak or/and the same passwords for websites you frequent. Ideally, you use strong passwords and individual ones for each website or service you use. If you are a big fan of Apple products and use mainly an iPhone, iPad and/or MacBook or iMac to log into things, the in-built Keychain functionality is excellent. Apple will create individual passwords for each service and store this in the Apple cloud for you to access across all your devices, without you having to remember the password itself. There are a few PC based platforms that can offer similar services, such as LastPass.

However, if you are still relying on creating manual passwords yourself, and you can’t deal with juggling 6+ passwords, try to avoid using the same password across all properties. If you check HaveIBeenPawned.com, it could show you what the risk of that would be. You might have used your password at a dodgy site in the past you have entirely forgotten about, and it could pose a significant risk to you for websites that hold your more sensitive information. The key here is to have levels of passwords, 3 might do the trick.

Have a level for the utmost important stuff, pretty much anything that has your banking details in and personal IDs such as social security numbers. At this level, you can expect some form of two-factor authentication being offered by the site/service. This could be, next to your online username/password, another way of verifying that you are you. Commonly used is a text to your mobile phone or, in some more advanced cases, an authentication device or app on your mobile phone. Have a password that is hard to crack, usually using lower case and capital letters, numbers and special signs. Don’t write this password down, but memorise it.

Next, to your ultra-secure level, have a medium level password. For example, you can use this for your social media accounts, LinkedIn and Netflix subscription. All things that represent value, albeit it not always monetary, but if breached, won’t cause irreversible damage to your life. If any of these might get broken into, you will most likely go through the trouble of reclaiming it, but it won’t be a life or die scenario. Again, use all the rules in creating a password. Also, as with the ultra-secure one, don’t write it down.

Now, for the throwaway account, you know the password you will use for sites you don’t want to create an account for, but the site/service is set up in such a way you can’t avoid it. Still, aim to use a secure password, but you can write this down if you want to. If you are unfortunate enough to have one of these sites breached, then you can just consider this a burner account.

For all three levels, you also might want to consider using three different emails altogether. With most of us being able to have and maintain multiple email accounts in our email clients, it makes sense to insulate the different levels completely. This doesn’t even need to come at a cost, as most email services are completely free.

Once you have created a sort of defence system for your emails and passwords, you will also need to consider your online behaviour and browsing habits. The key is to use common sense. Don’t give away your details on sites you don’t trust or look slightly dodgy. Don’t install software on your PC or Mac if it isn’t from a reputable source. Be careful when downloading files in general and make sure you have some proper antivirus and malware protection installed. Also, with your browser being so pivotal in accessing the internet, be very careful with downloading extensions onto the browser.

In most cases, you can avoid falling victim to scamming and hacking by being vigilant. In most cases, the URL is a dead giveaway in assessing if you are dealing with the real deal or potentially being tricked into something. For example: ‘apple.com’ would be the official site and ‘applesupport.com’ looks official but most likely isn’t. It is still tough to spoof URL addresses, albeit it not impossible. If for some reason your browser is compromised, there are ways to spoof an URL. More common is so-called ‘phishing’ via emails. This is a practice where an urgent sounding email pretends to be from a legitimate company but isn’t. And they would try to trick you in either going to a faked login portal or open an attachment. Again, vigilance is key and try to verify if the email you have received is real. Studying the email header usually gives away the true origin of the email, spelling mistakes in the email are quite common as well. If that all checks out, you can always go to the, what you know is official, website and dial the helpdesk number there, rather than relying on a number or email in the potential ‘phishing’ email.

Even with being extremely vigilant on all online communications, people still fall victim to scams. An essential part of this type of trickery is something that is called ‘social engineering’. This is when, with mostly partial information, a scammer gets in contact with a victim and teases out additional, potentially harmful, information. This could be via utilising partial information from data breaches or more aggressive methods (and targeted) methods such as IP scanning. The latter involves getting IP information and getting your physical location. Click here to read more about IP scanning and the ways you can protect yourself.

The process is as follows: say a scammer gets partial information, such as a phone number and name, perhaps even the last 4 digits of someone’s bank card. The scammer would phone the victim and claim to be from the bank. By using the victim’s name and last digits of the bank card, they could establish familiarity with the victim. I.e. they would ask for example what the first 4 digits are of the bank card ending in the 4 numbers they already know. The victim would assume, based on the scammer knowing their name and last 4 numbers, that the person on the other end is legitimate. The scammer can build on this information and start teasing more details out of the victim, sometimes in multiple sessions pretending to be from different companies. I.e. if the scammer gets the card number, he or she could call back pretending to be from the electric company and say a payment fell through. The scammer would suggest they have the card number on file and all he or she needs is the verification code to complete a relatively small payment.

As much as the internet has brought us delights and ground-breaking services and quality of life improvements, it still is a place where human interaction takes place, and people would want to take advantage of that. Use common sense and some of the methods discussed to stay safe and avoid falling victim of a scam!

Photo 1 freestocks.org on Unsplash; Photo by Two Paddles Axe and Leatherwork on Unsplash