It’s all a numbers game. Nothing ever will guarantee that you will never be victimized online but following a fairly simple set of rules will drastically reduce the chances that you will be a victim.
Rule One
Don’t be tricked into trouble. Most victims of online attacks were, at some point, tricked in a non-technical way that could have happened anywhere and required no computer skills or knowledge. For example, some clever hacker writes an email that looks like it came from your boss and asks you to send him the payroll list with usernames and bank account deposit numbers. Or someone claiming to be your favorite niece calls from Uzbekistan asking you to send a five-hundred-dollar Amazon gift card to her at a post office box in Tashkent because she’s in a jam. Or you get a phone call from Microsoft asking for your account password.
These and similar debacles have all resulted in substantial losses to the victims. Never be rushed. Take time to think it through. Find a way to verify that the request is real. Call your boss, your niece’s mother. Check with Microsoft’s published support number. Do the sensible thing.
Almost everyone knows not to respond to fabulous offers from Nigerian princes, but online criminals are clever, and they know how to play on your emotions and fears. Even the largest and most sophisticated online attacks start with social trickery.
Rule Two
Avoid dodgy websites. You know the sites I mean. The ones that appeal to base instincts or offer something too good to be true. Military super gadgets for $19.99. Unbelievable cures that doctors keep secret for fear of losing patients. Inside financial tips. Salacious celebrity pics.
Some of you remember the ads for spark plugs that triple your gas mileage in the back of men’s magazines, or the ads for miraculous youth-rejuvenating serums on after hours television. Or x-ray vision glasses in comic books. In the old days, you sent in your money and got nothing in return.
Today, click on one of those kind of web sites and you are likely not just to waste your money; you can also infect your computer with nasty malware that will hurt for months to come if the infection is not detected and removed.
Rule Three
Be careful with downloads and installs. Downloading and installing an app is a lot like surgery. When you start an install, you are a patient on the operating table whose life is in the hands of a surgeon. You are completely vulnerable. If your surgeon is a crook, your goose is cooked and laid out on the platter for carving.
Most developers honestly offer useful software and services, but the simplest and most effective way to compromise your computer, laptop, tablet, or phone is to get you to install an application that appears to entertain you or perform useful work, but also opens your device to exploitation.
To protect yourself, get your installs from reputable sources. The Apple, Microsoft, and Google app stores vet the applications they offer. That’s a big help, but they are not perfect. Some nastiness gets through. An app that has been downloaded many times with tons of good reviews is more likely to be safe.
Before you install, check the reviews and the reputation of the developer on the network. Always download from secure (HTTPS) sites. Get your drivers directly from operating system and device manufacturer sites. Third party comprehensive driver sites may be convenient, but the risks are higher.
Rule Four
Scan regularly for malware. There are many anti-malware tools available and almost all are quite effective when used properly. Computer virus is a technical classification of types of nasty stuff that can land on a computer. Malware is more general. A tool that only scans for viruses is old school and ineffective.
Anti-malware tools are very competitive, and the malware landscape changes quickly. The tool that is the best today may be second rate tomorrow and best again next week. The brand of tool is not as important as regular updates and frequent scans. Windows Defender, which is automatically installed and activated with Windows 10 is a good choice because it is updated regularly and scans automatically. It may not be the best on a given day, but it’s probably better than a competitor without the latest updates. If you prefer not to think much about malware scans, it is a good choice.
A note about Apple devices. Contrary to the marketing stories, they too are vulnerable to hacking. Regular, updated, malware scans will help.
Rule Five
Keep your operating system and apps patched. Hackers are industrious devils, always on the prowl for new vulnerabilities. They find the holes and exploit them quickly. The industry battles hackers continually with patches that stop up the holes in defenses. Malware scans spot and thwart attacks after they occur but stopping the invaders before they get in is better. Automatic updates may seem like a hassle, but the benefits outweigh the annoyance. Sign up for automatic maintenance from reputable sources whenever you can. Automatic updates occasionally mess up, but that is happening less and less as the sources get better at patching, and a botched patch is far less damaging that a successful attack.
Rule Six
Use strong passwords. Password cracking has become much more sophisticated. Long (sixteen characters or more) random passwords are still very difficult to crack, but hackers have ways of cracking commonly used passwords. Any single word that appears in any dictionary, any common sequence of characters (like ‘123456789’ or ‘qwerty’) is a breeze. A password manager utility that generates long random passwords is useful. Never duplicate a password. Some of the most egregious breaches in recent years have been based on duplicated passwords.
When available, use multi-factor authentication (MFA) in addition to a password. MFA is much more difficult to hack into than even the strongest password. For example, sites and devices that request a finger print or a face scan after entering a correct password are safer than a password alone because the chances that a hacker can get both are low. The strongest multi-factor systems use an app generated token, like a 5 character code, or require a special USB device (key) that you have to plug in. Critical accounts, such as your bank or your brokerage account should always use multi-factor authentication.
If you follow these rules, I can’t guarantee that you will not suffer from an attack, but the chances that you will be a victim will be far less.
I’ve been brief in this post. If you need more information, I am available from 3pm-4pm the first and third Wednesdays of each month at the Ferndale Public Library, or you can read my book Personal Cybersecurity. It is available from the library, or you can buy it on Amazon here.
I gave a talk on these rules at the Whatcom County Library System North Fork Community Library on October 19, 2019. The fall colors were stunning. I’ll be giving the same talk at the Ferndale and Lynden Public Libraries in February and March. I’ll also be giving talks on online privacy at Ferndale and Lynden.
Hi Marvin. Are you related to Nadine? There was a Nadine Waschke in my FHS class of 1970. My problem is Facebook on my I phone. Someone in Texas got into it, changed password and email. So I can’t get in and change it back. My backup email was a old excite.com account that I learned excite had closed. I could not reopen it and can’t create new one as they are not accepting new accounts now. FB is too busy to investigate my problem. Not important enough. So I created a new account and reentered all my stuff. I installed FB two part log in. Don’t know what else to do I try to follow your 7steps on phone and computer.
Thanks. Steve Erickson
Nadine was my sister. She died several years ago living in Eugene.
Using two-part authentication on your new FB account is a very good idea. It will probably prevent losing your FB account again. For email, I use Google gmail myself and it works pretty well, although Google does take advantage of your data. Several of my acquaintances have switched to Protonmail ( https://protonmail.com/ ). They offer free service, but most people decide to pay for it. ProtonMail has a strong reputation for privacy and security.
You didn’t say how you were hacked. Two factor authentication and following my 6 rules will probably prevent it happening again. Is any activity showing up on your old FB account? I’ve never had to recover an FB account, but I’ll ask around, see if any of my colleagues know how to do it.
Steve– Have you tried following the steps at https://facebook.com/hacked ? You really should try to regain control of your old account. You don’t want some criminal masquerading as you through your account. They could do some substantial damage. My colleagues tell me that facebook may ask you to send them a photograph of yourself holding your drivers licence to verify that you are really yourself. Best, Marv
Dear Marv:
I thoroughly enjoyed your “presentation” at the Ferndale Public Library last Saturday (1 Feb). Thank you. Very informative and helpful.
I don’t know your policy on answering questions from your on-line admirers, but here goes …
My browser has recently started displaying a lot of Russian-looking text. For example, when I search for something, the first line of the window that pops us is in Cyrillic — and more is scattered through the list of “hits”. I also recently had my Google maps go “all-Russian”, although I did manage to change the language back to English.
What’s going on here? How can I repel this Russian invasion?
Thanks for your help.’
Chuck
Glad you enjoyed the presentation. I hope you can come to the talk on online privacy next Saturday (2/8) at 3:30p, same place, the Ferndale Public Library.
I’m not sure of the cause of your invasion, but I had a similar German invasion not too long ago. I started getting entries in German on Google searches. That was not too surprising since I read German well enough that I visit German language web sites once or twice a week. Google must have picked this up in their user behavior vacuum cleaner and decided German was my preferred language. I didn’t mind. I treated it as an opportunity to tune up my German reading skills, but eventually Google noticed that I usually click on English language sites and quit returning German.
My guess is that something similar happened to you. If it is really annoying, come in to one of our Wednesday sessions at the Ferndale library and we can explore it. Bring in your computer if it’s portable. We can probably figure out how to stop it.
Best, Marv