Don’t Get Hacked: Tips for Avoiding Email & Online Hacks
Published on Aug 16, 2013 by Christine Janesko
The list of well-known and well-heeled companies that have been hacked in one way or another keeps getting longer. Just within the past 12 months, that list includes: Yahoo, LinkedIn, Twitter, Facebook, NBC, Bank of America, Evernote, and Microsoft.
If these companies can get hacked, so can you. Hackers have different methods and motives, but most hackers are after your financial information so they can steal your identity, says Steve Emery, Full Sail’s Director of Application Development.
Emery, who worked with both the FBI and the CIA during a 30-year career with IBM, said hackers are both devious and organized: “They keep profiles, they work in teams, they actually sell their information back and forth. It is very scary,” says Emery.
Fortunately, there are some precautions you can take to fend them off. Here’s a rundown:
Don’t Click on Suspicious Links
You’ve probably received an email from a friend whose email has been hacked. It’s usually an odd, one-sentence email, urging you to click on a link and check out some great site, coupon, or article. When a hacker sends emails pretending to be the hacked victim, this is called spoofing.
“If things don’t smell right – if it’s not like what you would think [your friend or family member] would do, you should be immediately suspicious,” says Emery. You can mouse over the link to see if the URL matches the one that you’re seeing. (If you’re computer savvy and you want to check to see who really sent the email, you can also check the header or source information. Click here for details on how to access headers and how to read them.)
Hackers also send spoofed email designed to look like it comes from your bank or credit card company. Maybe it’s from your bank – or maybe it’s not. The best course of action is to bookmark your bank’s website and always access the site through that bookmark, says Emery. Or Google it. Just don’t click on that link in your email.
Use Two-Factor Authentication Wherever Possible
Two-factor (or two-step) authentication is a login setup that requires you to provide both something you have (in hand) and something you know. Typically, the something you have is a code that has been sent to your cell phone. That way, even if a hacker obtains your password, it’s unlikely they will also have your cell phone. Many people don’t realize they can set up two-factor authentication now with a variety of online services, including Google (for Gmail and Google Apps), Facebook, Dropbox, LinkedIn, Apple, Microsoft, and Twitter.
With some companies, if you log in from your usual device, you won’t be asked for the second authentication. However, if you log in with a device or IP that isn’t recognized by the site, you will be asked for the second authentication. Other companies may ask for the second authentication once a month or every time you log in. Here’s an example of how this works with Apple.
Use Trusted Payment Services and Vendors
Be careful where and how you shop on the Internet, says Emery. Would you shop in a dangerous part of a city with ominous back alleys and poor lighting? Probably not.
“The Internet is really no different,” says Emery. “You go where the lights are bright, work with well-known vendors like Amazon – not necessarily places that you never heard of, that may not even be in this country, and may not even have a product, and all they’re doing is collecting your credit card information.”
Emery also recommends using PayPal or Google Wallet for online transactions. “Vendors work with those companies to get their payments, but they never get any financial information about you,” points out Emery.
Set Up a Login on Your Computer
Everyone in Full Sail’s IT department is required to set up a shortcut to quickly lock their Mac whenever they leave their computer.
“The Mac has a great capability called a ‘hot corner’ so you can wipe your finger across the pad as you walk away, so it’s no big deal to lock it – and that’s our practice here in IT,” says Emery.
In fact, if anyone is caught leaving their computer without locking it, his or her colleagues will actually get on the computer and change various settings so they know they’ve been caught. “We’re pretty merciless,” jokes Emery.
But this exercise is to illustrate what can happen to an unattended computer in a matter of a few seconds. Some hackers will deliberately distract a computer user in say, a Starbucks, get on their computer, and download a piece of malicious software onto their machine in a span of 15 seconds, says Emery.
Uses Better Passwords
If you’re using short passwords, words from the dictionary, things people could figure out about you (your date of birth or a pet’s name), sequential strings of numbers, or the same password on multiple sites, you’re asking for trouble, say IT security experts. Even words with commonly used letter substitutions (3 for e or 0 for o) are not very safe.
One way to create unique passwords that you can remember is to use a pattern that you can adjust to each site; however, it shouldn’t be an easy pattern to break. Read this CNET article or WikiHow page for advice on creating good password patterns.
Another option is to create complicated (or randomly generated) passwords that you keep stored in a secure password keeper or a “keyring.” Two popular ones are LastPass and 1Password, both of which are available for iOS, Android, Mac, and Windows, but there are a plethora of similar apps out there. Just be sure to read reviews and select one you trust, advises Emery.
“The ‘keyring’ allows you to store all these very good passwords under very strong encryption such that it can’t be hacked,” says Emery.
Some security experts also recommend storing your passwords in an app that is not connected to the Internet or on the cloud – which is an option with 1Password and LastPass.