Today's guest blog is by Doug White who knows a thing or two about protecting against hackers and identity theft. After all, he is the Chair of Cybersecurity and Networking at RWU. Pretty cool, huh? Read on to find out the three biggest mistakes you're probably making when you're online and how to fix them ASAP.
The internet is like the seediest market in the worst neighborhood in the sleaziest town in the world. And like that market, it’s filled with good people with great deals, the scum of the earth, and kitten videos (well, not so much kitten videos). Now, most of us would think twice about venturing into that market, or bars in Mos Eisley, but on the internet we don’t think twice. We click links, we download files, we upload files with flourish. Wow. The end result is about the same. Some small percentage of us come back with a great story (or a kitten video) and some other percentage of us get abused (And yes, Han Solo fired first.)...So, three things you can do TODAY, to improve your chance of survival:
I got robbed once. A guy offered to rent me a motorcycle and then said “It’s right back here in this alley.” I was stupid. I was also a tourist who really wanted a cheap motorcycle. On the internet, this very approach is one of the most successful rip-offs. Called phishing, it basically gets you to give up your info for free. The most common phishing attack is simply an email blast sent to millions of accounts saying something like “Validate your account immediately to avoid a special fee that has been assessed by congress.” You click the link to Bank of Tatooine and get a nice BOT login screen. This is a fake. So how can you tell? Well, THINK before you click. Ask yourself - Is this real? Check the link. Hover over the link and see if the link seems realistic: Is it BankofTatooine.com or is it BOT.file.foo.bar.ru/ripemoff/stupid/gotcha? It’s easy enough to go to the actual bank site and see what it should look like, but it’s also easy to copy the bank site exactly. Mostly, THINK. Would your bank ask you for this information blindly? Would congress ever actually do anything? In all cases, if you even have a remote thought that this is a phishing attack, call them using the number on your card or the bank’s website and ask about this request. But mostly, THINK. Almost every company on earth has a policy against requesting personal data via email or phone. (And yes, they do this by phone too and pretend to be the IRS, Microsoft, Bill Clinton, you name it.)
2) Use Protection.
Malware, botnets, viruses. They exist everywhere. And just like catching Tropical Sprue from drinking bad water (I will avoid all the obvious double entendres here.), you can catch all these things while just browsing. You need a malware detector (Malwarebytes.org is free). You need anti-virus (not many free ones, but it’s worth paying), and you may also need anonymous browsing (tor, incognito mode, etc.). My suggestion is to create an email account just for strangers and strange places and use that address when you meet someone new. Use the TOR browser or at least incognito mode, if you think you're going to sites which may be questionable (That’s a tough call.), but mostly, ensure you have filters in place. Just like meeting strangers on Craig’s list...
Finally, cynicism and paranoia have found a home (Yay, me!). If it sounds too good to be true, it is. You didn’t win the Spanish Lottery. You didn’t have a distant relative die in Nigeria and leave a fortune in the bank. BigDaddy21 is probably not a good person to meet via Craigslist in a parking lot (He drives a white van.). That great deal on exercise machines that requires you to pay the shipping up front, right? How about the remote login scam? A guy calls and tells you that your computer is infected with a virus and if you don’t let him fix it right now, remotely, you will be banned from the interweb forever. Scam. I could go on but there’s a word limit. NOTE: You can check out PattyJ.com for help with the lines that come from scowling.
Scared? That’s good. Remember, when you are walking alone through the internet, it’s a good idea to hang onto your belongings with both hands and have a can of “Wild Hog Pepper Spray”. No? Well, I’ve got a really good deal on some land in Kenya I can get you in on…
More About Doug
Doug White is the Chair of Cybersecurity and Networking programs at Roger Williams University. He has worked in the technology industry for many years and specializes in networking, disaster, forensics, and security. He has been paid to break into buildings, talk tech people out of their usernames and passwords, steal money, and figure out horrible scenarios like “What if a rabid shark swarm was caught up in a tornado while a core meltdown occurred? Could we still watch Netflix?” Doug has a PhD in Computer Information Systems and Quantitative Analysis from the University of Arkansas, is a Certified Computer Examiner, A Cisco Certified Network Administrator, A Certified Information Systems Security Professional, and a licensed private investigator. (And he actually got robbed twice.)
Photo Credits: Photo of lap top courtesy of #PattyJDotCom. Photo of Doug White courtesy of Ashley Farney: To see more of her work, click here.