Are you an easy target for Internet fraud? You are if you are not exercising due care with the security of your online accounts. Here is a quick refresher course of safety principles to keep in mind:
1. Email is ground zero. Many websites like Facebook and Twitter require you to use your email address as your log-in. Consider having a secondary email account you use just for log-ins like this, different from the address you use to correspond with friends, family, and financial institutions. And whatever you do, ignore it when these websites invite you to give them your email address and password (!!!) so they can search for people you already know. If you wouldn’t give these people the keys to your house, then don’t give them the keys to your online house either. Protect your email addresses and passwords.
2. Easy is bad. Passwords should be something you can remember, but hard for anyone else to guess, even with computerized help. Don’t use the names of family members or pets, or any such thing that can be guessed by someone who knows you. An enormous number of people still use the word “password” as their password. Bad guys will try that one, believe me. In fact, your password should not be any single real word. Thieves can run “dictionary attacks” to try to hack your password. They have software that repeatedly tries to log in to your accounts using every word in the dictionary as a password. Making two attempts per second, they can try 172,800 words in a single day. Since the average American’s vocabulary is between 30,000 and 75,000 words, these attacks can succeed in breaking into your accounts quickly. You can defeat dictionary attacks simply by using random combinations of upper and lower case letters, numbers, and special symbols rather than real words. If a particular site is set up so that passwords are not case sensitive and special characters are not allowed, at least use a long phrase, rather than a single word.
3. Don’t hide the key under the welcome mat. Don’t write down a list of your passwords and keep it in a notebook or day planner near your computer. Potential thieves are not just lurking in cyberspace, they may be standing in your home or office one night. And you should decline those helpful offers from your computer’s operating system to remember the password for you.
4. One is not enough. some people have just one password they use for all of their accounts, because it’s faster and easier than remembering 25 different ones. Don’t do this. If that one password is lost, then your whole online life is at risk. In early 2013, Twitter acknowledged that it had been hacked, and that more than 250,000 usernames and passwords had been stolen. Imagine you were someone with only one password. The thief could now access your email with that same password (see point #1 above) and learn a lot about you — including where you do your banking. They could then attempt to log onto your bank account as you. Even if they don’t know your username, most websites have those helpful “forgot your username?” prompts that will send the information to your email address of record. Do you see how this can go from bad to worse in a hurry?
5. Be leery of links. Every day I get spam email from senders posing as UPS, American Express, Pay Pal, Bank of America, LinkedIn, Facebook, and dozens of others private companies and government agencies. After delivering a bogus message, these impostor emails all invite me to click on a link, often to a place where I can “log in for details.” These are “phishing emails,” attempts to trick me into providing impostors with my login credentials to the real sites. Never log in to a site you do business with from a link in an email.Enter the real site’s email address in your browser.
6. Think like a spy. Do you use public WIFI in places like Internet cafes or hotel rooms? Install VPN software to keep your web traffic private. It’s a safer way to use WIFI hot spots. Do you have sensitive information stored on your computer? Things like wills, trusts, and other legal documents, client records, or privileged communications? Use a good encryption program like PGP or TrueCrypt to make this data unreadable even if the computer is lost or stolen.
The annual Norton Cybercrime Report says U.S. consumers lost more than $20 billion to computer attacks in 2011. So by taking these precautions, you’re not being paranoid; people really are out to get you!