Security Tips
Unfortunately, privacy is something everyone needs yet few understand how to protect. Without it hackers can get at your account numbers and private life. Yet to understand what to do seems to require a degree in computer science.
And to make matters worse, straight-talk privacy statements don't seem to exist anymore. Standard corporate-think makes nearly inevitable very tricky privacy statements tip-toeing around all the things that they really are doing to violate privacy. The bottom line is that the more they know about you the more control and profit they attain. But there are far worse things than corporations. Today ransomware is a growing problem. And it's evolving.
Millions of accounts each year are attacked by one or more highly sophisticated online threats.
Fortunately, following a few rules can make the average person many times safer.
This list of tips is only meant to be helpful, not comprehensive. It's best to check with several such lists before making your own.
First, it's important to make use of a fully upgraded browser. Then watch carefully to the left of the URL each time you pull up a website. If there is a red exclamation point then any information that you type on that site is at risk. Worse yet, cookies (invisible programs) may have already been launched that do not follow security guidelines. Avoiding these websites will help to prevent 3rd parties from interfering. Then, be sure to use strong passwords on everything you do online, then store them safely, either on an air-gapped computer, or a notepad that you keep in a safe place.
The number one most important rule: never click on an ad.
You could make use of one mobile device for banking purposes only, keeping it clean of all other activities. And you may want to make use of an indirect Paypal or Google payment number for all your on-line shopping, and bill paying, as an added layer of defense in on-line transactions.
It's best to NEVER click a link within an email without first verifying that the sender is someone you know and trust. It's that first click that engages most real threats, and they will say whatever they think is most likely to get you to click. Don't trust the name in the "from" line. They can fill in any name they wish, and may even know names of friends of yours and put one of their names there. Instead, verify the sender's address in the header before clicking any link. Remember: standard e-mail is inherently flawed and cannot be made completely safe. A well designed web-mail system is safer. Runbox and gmail are good examples.
Telling A Phishing Website
Possibly one of the trickiest points that must be understood is how to tell the difference between a link to a valid website, versus a link to a phishing website. The sole function of a phishing website is to get you to believe it is the right website so that you'll go ahead and type in some important information that they can then steal from you. Such as your login to the real site you thought you were at, or your mailing address, cc number and/or social security number. Here's the steps we suggest to help spot a phishing site...
- be sure you know the correct domain name spelling for the website you wish to visit; the entire domain name must be displayed exactly correct within the url of the link and not contain a period immediately after the primary domain name; if not sure then check reliable sources and get it right before attempting to visit the site (example: if the site you wish to visit is www.example.com, then by all means www.example.com.tw will be a phishing site designed to steal personal information, and the giveaway was the ".tw" at the end, or any url where the primary domain (www.example.com.tw) is immediately followed by a period (www.example.com.tw))
- do not trust the link text, that could be anything at all to fool you
- instead, look carefully at the mouse-hover-url to see that it contains the correct entire domain name and with no period right after it (so let's say you want to visit example.com, then consider these valid: abc.example.com, www.example.com, https://example.com/images/tree.htm, https://example.com/images?tree, and these invalid: example.com.cn, example.com.a83231b.us, examp1e.com)
- be sure the SSL is working from the very first click (you should see a padlock near the url bar on the first click, otherwise it is not setup right and can easily be thwarted by hackers to get at your session, and/or it could be a phishing site)
- then after that very first click you'll also need to look over the url again, because the mouse-hover-url could have been a trick as well (though very unlikely); look at the url in the address bar to be sure the domain name is still correct, and still does not have a period immediately after it
- and last but not least be sure the page you are looking at makes sense; it's ok to be suspicious
- if anything listed above was wrong then the only safe thing you can do is click the "x" to get rid of that browser tab, and then run your virus and malware scanners
One of the most common and unfortunately most serious phishing website scenarios involves pluralization or the lack of it in some portion of the domain name. For example: barclaysus.com/activate is valid, while barclayus.com/activate is actually a phishing site designed to steal from you. (And when accessed again it becomes an advertising site. ...slippery as weasels.)
|