It feels like there's a new story every week about a massive security breach, an innovative hacking technique, or a pesky phishing scam plaguing the internet. To make matters worse, the pandemic has exacerbated the problem by exploiting hybrid work security loopholes as often as possible.
With these online threats on the rise, victims can inadvertently lose data, money and reputation. Companies and individuals alike can make all-too-common mistakes when it comes to staying safe online. We want to change that.
While online security can seem like a daunting task in the face of all these cyber threats, there are simple best practices, effective secure features, and helpful software that can make it easier than ever to actually keep your business' data safe from breaches.
When it comes to something as complicated as cybersecurity, though, it's best to heed the advice of the experts. That's why we've teamed up with online security specialists, including Paige Hanson, chief of identity education at NortonLifeLock, and Matt Davey, chief operating officer at 1Password, to advise on what kind security measures are necessary in 2021, and how business owners and everyday users can protect themselves.
Phishing is the practice of fraudulently convincing users to provide personal information to a hacker through imitation websites, emails, and links. The data harvested in these scams could be a Social Security or credit card number, for example, or login details used on sites and services. The phishing sites or messages typically masquerade as a legitimate site, such as an online bank, tax returns form, or services including DocuSign or Dropbox.
Phishing scams account for 90% of data breaches around the world, so they're an important place to begin when it comes to considering online security. The main advice for handling these scams is reassuringly simple, according to Hanson: “be vigilant and pay attention.”
While we'll provide some more specifics, there is no better way to avoid falling victim to a phishing scam than by being wary of clicking on unexpected emails or the links they contain. Above all, pay attention to what personal information you're providing and where.
In our conversation, Hanson pointed out that there are five different types of common phishing scams that you might come across:
- Email phishing scams
- Phone vishing scams
- Tech support cold call scams
- Pop-up warning scams
- Fake search results scams.
To make sure you don't fall victim to one of these scams, learn more about each of them, below.
Email Phishing Scams
As one of the most common scams out there, email phishing has become a consistent part of having an email account at all. Scammers will send an email that appears to be from a legitimate source – it could be your bank, your credit card company, or even Netflix. This then requires users to provide personal information to “unlock an account” or “verify a purchase.”
In reality, these emails are merely a means of tricking users into providing this information to nefarious organizations. With such data, they can attempt to steal your identity or gain access to your online accounts. Worryingly, these emails can be pretty convincing.
“Phishers have been known to use real company logos to make their communications seem legitimate,” said Hanson. “They also use spoofed email addresses, which are like the actual company’s address. However, the address may be misspelled slightly, or come from a spoofed domain.”
Despite the convincing nature of these emails, there are some best practices you can follow to avoid being duped by such scams. Being vigilant and paying attention is the best way to give yourself a fighting chance against security breaches of any kind, but there are some more specific things you can do to stay safe.
“Do not click any links or download any attachments in the suspicious email,” said Hanson. “Instead, open your web browser and go to the website in question by typing it into the URL bar.”
Being diligent when it comes to sniffing out these scams may seem like it's a bit tedious, but trust us, it's worth it. After all, a few extra clicks is a pretty small price to pay for keeping your personal information safe online.
“Vishing” scams are very similar to email phishing scams, but are perpetrated over the phone rather than via email. Typically, someone will call you, posing as a reputable organization such as the IRS or a credit card company. The caller may insist that you need to provide some personal information to avoid legal trouble or to protect your bank account. How can you avoid getting in trouble? Simple:
“Never give personal information over the phone, and never call the number the caller provides.”
There are very few situations in which you'll need to provide personal information over the phone to anyone following an unsolicited phone call. If you're in doubt, don't answer unknown numbers at all. If you do get a call out of nowhere from someone claiming to be from your bank, the IRS, or any reputable group, end the call. Then, to check if there's a legitimate query on your account, separately contact the customer service team of the relevant organisation, being sure to find the official contact details first.
Source: Federal Trade Commission
Pop-up Warning Scams
Pop-up ads can be annoying enough as it is, without the threat of security breaches looming behind them. Another common form of phishing can take place through pop-up warnings. Just like email and voice scams, these pop-up warns will emulate a reputable brand, claiming that your computer is infected with a virus. Once you click on their link, you'll be prompted to provide your ever-valuable personal information, which will be lost to cyber criminals as soon as you press “OK.”
So what's the best way to keep yourself from being taken by these pesky pop-ups? Hanson has a few ideas:
“Examine the message closely. Look for obvious signs of fraud, such as poor spelling, unprofessional imagery, and bad grammar. Remember, when in doubt, never click on the pop-up. Instead, open your antivirus software and run a system scan.”
As is the case with most phishing scams, pop-up warning scams should be easy to spot if you're paying attention. Whether it's a poorly-spelled URL or a typo-riddled message, these scams aren't nearly as convincing when you stop and think about it for a second.
Tech Support Scams
The problem with avoiding phishing scams is that hackers are specifically manifesting fraudulent problems that you feel the need to solve. In tech support scams, for example, hackers are calling to inform you that they've discovered malware on your computer. They ask you to download software that will allow you to give them remote access to your computer, so they can go in and irradiate the malicious software themselves. Unfortunately, this is not what they're doing.
In most cases, it's very rare to have someone call you out of the blue to fix a problem that you haven't reach out about, but Hanson has some pretty specific advice for those of you that want to be as diligent as possible.
“Never allow remote access to your computer. If a person calls claiming to work for a specific, well-known company, look up the phone number online and tell them you will call them back.”
Giving remote access to anyone, particularly someone that cold called you without you reaching out, is never a good idea. Unless you know the person directly or have specifically sought out tech support and called a reputable organization on your own, just keep your computer to yourself.
Fake Search Results Online
Scammers have gotten pretty smart over the years, which means you're going to have to do more than just avoid cold calls. Some hackers will pay for ads on Google search results, posing as support services aimed at solving computer problems. Placed at the very top of Google search results for keywords like “Facebook customer service,” these scams are all too tempting, particularly for novice users.
The worst part of these scams is that hackers can gain access to your information in a number of ways. Sometimes the link immediately downloads malware onto your computers. Sometimes the phone number is fake and leads to vishing scam like behavior, despite you being the one to call in. The best way to stay safe?
“Examine the URL closely,” said Hanson. “Creators of fake websites will sometimes try something called typo squatting, where they register a domain name that looks like the URL of the legitimate site they’re duplicating.”
Another best practice for avoiding search result scams is to keep your clicks away from the ad section of Google. A single scroll will get you to the real results of your search inquiry, and those are far less susceptible to nefarious scammers.
The convenience of free public WiFi and easily accessible charging ports is too hard to pass up sometimes. Whether you're at an airport or your local coffee shop, the idea of connecting and plugging in to these free amenities feels like a no-brainer. However, it's worth noting that public WiFi and charging stations lend themselves to a wide range of online security risks that you might want to keep an eye out for.
For one, public WiFi hotspots can be set up by anyone. Typically, you'll be dealing with a free network provided by a hotel or coffee shop for use by patrons. But these often feature lax security measures, which can open up users to Man-in-the-Middle attacks, malware distribution, and other invasive breaches. Despite these risks, 81% of Americans still connect to these potentially problematic networks, with 25% accessing bank accounts online, and 16% actively providing credit card details. Yes, these public WiFi networks are typically safe enough for social media browsing and streaming, but we certainly wouldn't recommend doing any banking or purchasing via these networks, just to be safe.
If you're particularly concerned about browsing the web on public WiFi, then it may be a smart idea to consider using a VPN. Doing so reroutes your connection through another server of your choice, and indeed, using a VPN can be a safe and recommended way of securing your browsing and privacy.
Public Charging Stations
While public WiFi is understandably a bit more vulnerable, public charging stations seem innocent enough, right? Unfortunately, security experts recently discovered hackers have been taking advantage of these charging stations to steal information directly from your device.
“Just by plugging your phone into a [compromised] power strip or charger, your device is now infected, and that compromises all your data,” said Drew Paik, a security expert at Authentic8, to CNN.
Don't go fearing every plug socket you see. In most cases, these charging stations are likely to be safe. In rare occasions charging stations could be compromised, particularly in high security areas such as airports – which is typically where you're looking to use these stations. The onus will be on the public spaces or building hosting these stations to increase their security monitoring, to help users feel more secure.
Use Strong Passwords
Passwords have been the primary means of protecting information on computers since the 1970s. While biometric data logins such as face ID or fingerprint scans are increasingly popular, it's good old-fashioned passwords that most of us rely on. And most of us are also going about it completely the wrong way.
Despite 70% of users no longer trusting passwords to protect their online accounts, many don't put in the time to really practice truly good password behavior. And that, said Matt Davey, COO of 1Password, is a problem.
“No security method is completely fail-safe,” Davey told us. “But good password habits are one of your strongest lines of defense against an attack.”
Until we come up with something better, using strong and unique passwords is a notable obstacle to hackers attempting to steal your personal information. That is, of course, as long as you make them long enough and don't re-use the same password over and over on multiple accounts.
If your password is still just “password,” you're not taking online security seriously enough. Even variations with numbers, letters, and other special characters have little effect on hackers, as there's only one key factor that can really slow them down.
Source: UX Planet
The key to a strong password, more than anything else, is length. A long, unique password can make it infinitely more difficult for anyone to guess or hack their way into your account, whereas varied characters have almost no effect.
While that's a great starting point to make password security a priority, it's not the only best practice you should employ when it comes to password safety, according to Davey.
“You should never reuse a password across multiple sites. If you have to share a password with someone else, make sure you do it securely; don’t send them in an email, SMS or instant message. And if a password is compromised, make sure you change it.”
All that might seem like a bit of a hassle. That's where password managers can seriously come in handy. You can store all your different passwords in one place with a password manager. They can generate new, unique passwords for you. And, they can log you in automatically, so you don't have to remember all these passwords yourself. They're peace of mind to help you know that your accounts are secure.
Strong passwords are helpful, but if you're looking to really bulk up your online security, two-factor authentication is the way to do it. This newer method of securing accounts asks users to provide a password and a second form of authentication, typically text or email confirmation via a smartphone, and it's incredibly effective. One Google study found that two-factor authentication “blocked up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation.”
“Even if someone were to get hold of your username and passwords; requiring multiple forms authentication means an attacker would need access to your device too,” said Davey. “The more safeguards you have in place, the stronger your security.”
The reality is that there isn't a fix-all solution to online security, but adding passwords, two-factor authentication, and a bit of vigilance can do wonders in decreasing the chances of an attack. Because your online defense needs more than one strategy.
“We think that layering security, at multiple levels, is the best way to protect your information and secure your online life.”
Next Steps For Staying Safe Online
It's safe to say you're probably feeling a bit apprehensive about the security of the online world. As you can see, there are a lot of online threats when it comes to using the internet, but being aware of what they are is the first step in making sure you're safe online. These threats, as we mentioned, include:
- Phishing scams
- Sketchy public WiFi and charging stations
- Password hackers
While being vigilant and paying attention can help you to avoid some of the worst of them, there are dozens of resources available to everyday users designed to protect you from them. By taking advantage of VPNs, password managers, and any other online security tool, you'll be able to freely surf the web without worrying about who's trying to get ahold of your personal information.
Read more about online security on Tech.co