There are many nasty things to watch out for when using the internet, but unfortunately some people are still unaware of many basic ways to stay safe while online. Last week somebody I know had their email account hacked due to a phishing email that was circulating. I have compiled a list of things to look out.
- Nigerian emails
I say Nigerian but in reality these can come from anywhere. These emails often follow the lines of “somebody has passed away and I can transfer $1 million to your name if you give me your bank account details”. It’s common sense, but people actually fall for this. Never give out your bank account details, and don’t trust these emails.
- Dodgy links
Make sure you check where suspicious links actually lead to. It is very easy to have a link look like it leads to a legitimate site but instead it takes you somewhere else. See this link for example www.google.com. It would appear to take you to Google but instead leads to Yahoo. You can hover your mouse over the link and check the bottom left of your browser window to see where links really lead.
One of the most effective ways bad people can hijack an account is by setting up a website that looks exactly like the real one. This is called Phishing. Always check the URL in your browser to make sure you are on the correct website, this is often combined with dodgy links. A better solution is to bookmark the correct website and using the bookmark when you want to access it.
- ‘Congratulations’ ads
You are not the one millionth viewer, you have not won any money. Ignore these.
- Secure browsing vs. insecure browsing
When browsing the web there’s two ways your data can be sent. Encrypted, making it useless for spying on, and unencrypted, where anybody between you and the website you are trying to access can view everything that is being sent and received – to get your data to where it needs to go it actually travels through many other computers, any could be malicious. When you access a secure website it will have a padlock at the top of the browser. If you think the website is secure but you get a security prompt, close the site, somebody could be trying to see your information. Because over a regular insecure connection everything you send can be spied on, never enter personal information or credit card details if the website isn’t secure and doesn’t show the padlock.
- Simple passwords
You have probably seen the bars that rate how strong or weak your password is. Always try to use a strong password, use capitals, lowercase, symbols and numbers. The reason for this is the more possibilities, the harder your password is to figure out. Using standard words from the English dictionary makes your account extremely vulnerable.
- Sharing passwords
Use a different password for all the websites you use. If you share the same password between WebsiteA and WebsiteB, the owner of WebsiteA may try your password for WebsiteB. If they are the same then your WebsiteB account has been compromised.
- Recovery answers
I make it a rule of thumb to enter long and random answers for recovery questions. Questions such as “What is your mother’s maiden name?” can be easily guessed, and a casual conversation could have you spilling the beans to an account with simple questions.
- Public wifi
A free wifi hotspot might seem like a dream come true, but hold on a minute. Anybody connected to that hotspot can see all traffic on the network. Avoid wifi networks without passwords, and if you need to use one, don’t enter any passwords, personal information or credit card details.
- Spoofed emails
An email from firstname.lastname@example.org may not actually be from your best friend. The sender’s email address shown in an email can easily be spoofed to make it appear like it came from somebody you know. Even if it actually has been sent from your best friend, their account may have been compromised, so don’t trust links, even from people you know.
- Antivirus software
Install antivirus software and run checks regularly, once a month or so. If you think you may have been hacked, run a virus scan immediately and don’t login to any websites until you are sure your computer is safe.
- Logout of sites when finished
When you have finished using a site you have logged into, logout. Generally when you login to a site your browser is supplied with a ‘session key’, which gets sent with every request to the website, instead of sending your username and password every single time. If an internet bad guy gets this ‘session key’ they can see what you would have seen, this is called ‘session hijacking’. When you logout your session will be destroyed by the website, making your old ‘session key’ invalid, and useless for anybody trying to use it. Sometimes the ‘session key’ may exist within the URL, so if you send somebody a link to a site you have logged in to, make sure you are not supplying them with your ‘session key’ accidentally.