How Vulnerable Are You and What Can You Do About It?

Something Worse Than Phishing


Protection Protocols

Social Media
The first thing is take a look at how much you’re revealing about yourself at social media sites, and never reveal anything that you wouldn’t want a scammer to know, or anything that could be pieced together with other data to create a profile of knowledge about you and your friends. Obviously this covers a lot of potential posting ground, and you don’t want to end up being scared to post anything. So the knowledge that a hacker may be monitoring what you write has to be used with judgement. This knowledge can also be used by you to look at what you posted and then compare it with information mentioned in spear phishing emails that you get. Does this mean you should give up Facebook? While that would obviously increase your overall cyberspace security, you may not want to sacrifice that much. But you can use Facebook’s security features. And you can take prudent actions such as resisting the invitations to share your recent purchases with your friends.Passwords
Way too many people use the same password for numerous sites across the web. This is like advertising, “Hack me!” Use a secure password aggregator like LastPass, Dashlane or RoboForm to store all your passwords, but don’t let it auto-login to your more sensitive sites such as online bank accounts, online retailers, PayPal, eBay etc. Also, make its master password completely unique and impossible to guess. Betterbuys.com has a free tool where you can enter a proposed password and see how long it would take a hacker to crack it in 2016, and in future years when cracking tools get faster. Additionally, make your passwords very, very different for each of your online sites, and preferably passwords that don’t include any recognizable words in them. Because of the sophistication of password cracker software, these days it is now recommended to use 12 characters or more in your passwords. According to BetterBuys, 12-character passwords, given current cracking speeds, are estimated to take 200 years to crack, whereas 9 character passwords typically take only five days to crack. Many people still use simple passwords, like birthdays or pet’s names and all the other things that a hacker would usually check first (and that he could easily find from your social media sites).Dadada

More Tips
When a site requests that you use two-factor authentication — pain in the behind that it may be — use it! This is where a site ties one piece of information, such as your password, to something that you physically have, such as your cellphone, and the account can’t be accessed via one without the other. Some of the services that use this are Gmail, Facebook, Twitter, Instagram and Amazon. When you get an e-mail from a “friend” asking you for something that just doesn’t feel quite right to reveal, or there’s something about the tone of how they’re writing that doesn’t quite gel with the person you know, e-mail them from another account or call or text them and ask them if it really came from them or not. The same is true for banks and other businesses. No legitimate business would ask for your password or account number via e-mail. Many banks have an e-mail address to which you can forward suspicious emails for verification. Here’s another tip: Never open an e-mail attachment that you were not specifically expecting from the sender. If you get an attachment that you are not 100% sure was attached by the sender personally, call, text or e-mail the person and ask him/her whether or not he/she attached it and if he/she has opened it (versus just forwarding it from someone else with no knowledge about it). The bottom line is don’t give out too much personal information online, because you don’t know who might eventually use it against you, or how it might end up being used. In 2016, there are now more and more ways you can be hacked, and you can actually check if you already have been. More specifically, you can find out if your data is among data that was hacked, by going to https://haveibeenpwned.com/ and entering your e-mail address or a username that you use. I entered my e-mail address and found that it was among data hacked from a well-known forum. The site also has a list of the top ten breaches. In addition to the above, of course all the traditional anti-hack caveats still apply. Here’s a short list of some that the UK Daily Telegraph newspaper recommends:- Keep your operating system and software up to date on all your devices as these often included patches for security vulnerabilities. And of course, use and keep updated, good anti-virus and anti-malware software.
- Before downloading an app or program, do some online research into what exactly it is. Check it’s rating, check into the site it’s being downloaded from, check if it asks for unwarranted access to your system, and especially make sure you’re downloading the official version from the official site.
- Check the privacy settings on all your social media accounts to ensure that only the people you want to see your data can. You can use a browser extension like Ghostery to see who is tracking you and to block any unwanted trackers.
- When using online services where security is important, such as e-mail, online shopping, banking, and social media, always check for the padlock symbol before the URL, and make sure the site address begins with https://.
- Make sure your home wi-fi is protected by a very strong password, and when out never use an unsecured hotspot for doing anything that may be personal or private.
- Don’t do anything personal or private while charging your phone via USB in a public place, as it’s possible to hack into your phone while doing so.
- If using messaging apps, use end-to-end encrypted ones like WhatsApp, iMessage and Telegram.
- If you’re asked to click on a link, type out the full URL yourself and put that in your browser instead.
- When done, always log out of any accounts that you logged into.
- If you get a message on your desktop saying you have some kind of system error or infection and asking you to call a number (often claiming to be Microsoft) for help, don’t do it!
Last Words
According to Steve Morgan, CEO and founder of Cybersecurity ventures, “Human error is in fact simply a lack of security awareness training when it comes to hacks and data breaches. Users are careless and make mistakes because they have no idea what to be on guard for.” And Alexander Garcia-Tobar, the CEO of email security company ValiMail, says that companies can block e-mails from phishy sources by using e-mail authentication. Per Garcia-Tobar, “With email authentication properly in place these spoofed emails are blocked before end users ever see them. Therefore, no clever con artist has the opportunity to trick well-meaning employees into giving away the company’s money or secrets.” Keep yourself and your users safe!Sources:
https://mashable.com/ https://www.reuters.com/article/us-usa-election-russia-theory-idUSKCN10801S https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/ https://www.nbcnews.com/politics/politics-news/democratic-national-committee-breached-russian-hackers-n592061 https://us.norton.com/spear-phishing-scam-not-sport/article https://www.betterbuys.com/estimating-password-cracking-times/ https://haveibeenpwned.com/Photo credits:
Cortana scripting language via photopin (license) Stuck on You via photopin (license) Locked via photopin (license)
Leave a Comment
Recent Comments
- No recent comments available.