Protecting Yourself Online

Protecting Yourself Online

We are always digitally connected and have our devices front and center in our daily lives. We have become more dependent and tied to our electronic leashes, whether we are on the go or relaxing at home. And when we are home, chilling on our couch and comfortable, it is not the time to let our “digital situational awareness” guard down. We should always be aware of suspicious activity and be digitally situationally aware. There are a lot of scams and tricks trying to get you or your family members to divulge personal information or take some sort of action. The goal of these scams is to take advantage of your natural tendencies and reactions.

phishing & smishing

The most common types of digital scams these days come in the form of fraudulent email, text messages, and direct messages (thru social media). This is known as Phishing and SMiShing. They can be difficult to detect, and most of the time they look pretty close to a legitimate email or text from a business you use, are familiar with, and even someone you “know.” These scammers do a good job of disguising themselves to “appear” like a business, friend, social media account, or person you know.

There usually is an urgent request to update/confirm your account information, verify your identity, or have you take some sort of action. 

Some of the most common types of phishing/smishing scenarios are:

  • Phishing emails, texts, direct messages asking for sensitive information, or asking you to click on a link or open an attachment. These links are typically embedded with some type of virus that could compromise your computer, phone, or track your keystrokes (aka get your passwords).

  • Requests to update or provide account numbers, usernames, and passwords.

  • A notification that you’ve won something and in order to claim your prize you must click a link and/or provide some type of information. Some even want you to provide a credit card. Why would you need to provide a credit card for something you have won?!

  • The company has noticed some type of suspicious log-in activity and needs you to verify your account.

  • Emergency requests for money from someone you “know” asking for your assistance.

  • Other methods including phone calls claiming to need urgent information, and even physical mail requesting sensitive information.

Below are 4 ways to help you identify if what you received is suspicious and might be malicious or a scam:

  1. Who is the sender? This is your first clue that an email, text, or direct message may not be legitimate. Do you know the sender? If not, treat the message with suspicion, and do not open any attachments or click any links until you verify it is legitimate.

    • Scammers will often disguise themselves as a business, friend, or social media account you might know. They will make slight variations in the email address, URL, or social media handle. So with a quick glance, it appears the sender is legit but upon a more detailed examination you’ll notice something might be off and this can be as simple as one character or letter.

  2. What is in the body? The body of the message can hold a whole new set of clues, including misspelled words and confusing context. For example, are you being asked to verify a banking account, login to a credit card that you don’t have an account with, or provide personal or credit card information? Is the language written in a way that doesn’t form complete sentences?

  3. Are there any attachments? Do NOT open an attachment if any other aspect of the message seems suspicious. Attachments often carry malware and can infect your device.

  4. Are Links/URLs included? Similar to attachments, do NOT click on a link if anything else about the message seems suspicious. If you do click on a link, be sure to also verify the actual URL. The variations can be slight, but they make all the difference.

what you can do to help protect yourself online

As always, there are things we can do to identify and protect ourselves.

  • When it comes to messages, don’t click on any links or open any attachments from unknown senders.

  • Any unexpected requests for information from your bank or credit card company can be verified by calling the number on the back of your card.

  • Be mindful of what you are posting to social media and consider these 10 things. Are you giving away personal details?

  • Maintain and secure passwords. Don’t share your passwords with anyone and if you write them down (which I don’t advise) keep them in a locked place. More about passwords below.

  • Keep your software up-to-date.  When you get a notice that a new patch or software update is available don’t ignore it. Oftentimes these updates include fixes to help make software more secure.

  • Utilize tools provided to you. For instance, does your bank or credit card have fraud detection alerts you can turn on? If so, proceed with doing this. Most institutions these days have departments that are focused on cyber-security and make sure that customer data is as safe as possible. So if they do provide fraud detection tools, take advantage of it.

  • Use Multi-Factor Authentication (MFA). MFA is something you may have already been exposed to but didn’t know what it was called. MFA verifies the user’s identity by requiring some additional credential. So instead of just asking for a username and password, MFA requires another credential, oftentimes a code from that has been sent to their phone, that will be used to verify that you are the person who is accessing the system.

  • Use a Virtual Private Network (VPN). VPN is a connection method used to add security and privacy to public networks. It basically protects you and keeps your online activity private and secures your information when using public WiFi connections. I never use public WiFi either on my laptop or my phone without using a VPN. There are many VPN services available, I use ExpressVPN and its paid service. There are free VPN services available but be cautious as I’ve read that some sell your private information to third-party services.

keeping secure passwords

You can’t use many apps or websites without having some type of login which means creating a password. Long gone are the days when your dog’s name or a birth date would be enough. Here are 5 easy ways to create and secure a better password: 

  1. Create strong passwords and avoid common dates, names, or phrases. A strong password is a combination of letters (upper and lower case), numbers, and symbols. They are typically 15+ characters in length and they are not dictionary words or have any tie to you or your family.

  2. Don’t use the same password for every account and app you have. Using the same password across the board puts all your accounts at risk.

  3. Use a Password Manager – With so many things that require a login, it is overwhelming to not only create but remember passwords; that’s where a password manager comes in. Not only can you store your passwords in a password manager but they can also randomly create strong passwords.  Personally, I use 1Password and love that it can be accessed from my laptop or phone. It’s a yearly subscription service and I’ve been really happy with it. You can actually use it for more than just storing passwords.

  4. Change your passwords frequently and don’t reuse passwords.

  5. Never share your password.

Make sure you’re educating yourself, your family, children, and friends on the importance of online protection and how to stay digitally situationally aware, even if it’s just taking basic precautions. You can use breaches reported on by the news as an easy way to bring up the topic especially around tax season and the holidays. Remember, criminals are always looking for an easy target even when online.

Personal SafetyEmily V.Safety Start Here, Safety Tips