10/2 Online safety
Our agenda today:
Review from last time (email)
Presentation: Note the handout and the web material contain more than what we will view in the lesson. So use all sources to become proficient in online safety!
Homework:
Review web lesson. Lots of information.
Spend time looking at resources, both if you have had a breach and how to be safe.
For real life examples, spend some time viewing the "Learn by Example" presentation
Comment in the discussion board on your experiences with phishing and online safety.
Review resources at the bottom of this lesson.
Recording
Miss the class or want to learn more? View the recording of Tuesday's class.
Online Safety Webinar
San Diego County Credit Union is hosting a webinar on October 11 from noon to 1. It will feature hints on how to keep your accounts safe. You need to pre-register.
Quick links:
Self Study: Learn by example
Zoom room:
Either: https://sdccd-edu.zoom.us/j/9191959460?pwd=OXh0RE9ZTVZTWElTMUQ0ZzAxQzExdz09
OR: Meeting ID: 919 195 9460 with password emeritus
Introduction to online safety
Today’s class is all about online safety. We will discuss different types of malware, and how that malware gets onto your system. We will learn how to minimize your chances of downloading malware, and will discuss what to do when you think you have it on your system. In addition, we will discuss anti-virus programs, passwords and apps, how to stay safe and a list of resources to help if you are a victim of a breach or identity theft. Lots of information in today’s lesson!
Malware
Malware is any software installed on your machine which performs unwanted tasks, often for another party’s benefit. They can just be annoying (popups) or serious (stealing passwords or data or infecting other computers on network). Malware gets through by bundling (attached to other software), email attachments or links, or finding security holes in your browser. If you get a note saying that software is needed to view a site, this may be malware. Or, a site may say that clicking on certificate verification will make it safer. Not the case! Once installed, it can be very difficult to remove.
How malware is spread
Malware is spread using different methods including:
Free software offers
File sharing
Torrent (sharing music or movie files through a service)
Malicious files and mobile apps
Removable media (like thumb drives, external drives and discs)
Phishing emails
Smartphones: Your smartphones are not immune to malware.
Some apps may send premium text messages running up charges. They may also enroll your smartphone in a malicious “bot” network, which uses cellular data.
In the wrong hands, your cellphone can get infected with malware which can steal money and credit card information, view and contact your contacts and photos, track your location, read your text messages, save your passwords, send texts in your name and more.
You can also get malware from clicking on a link in your text
Unsolicited calls may also result in malware (or other security problems). Watch for people claiming to be government, utilities or tech firms. Charities can be scam as well as calls pitching for products or services too good to be true. Suspect any offers for free product trials, cash prizes, cheap travel, medical devices, preapproved loans, debt reduction and more.
Social networks are also vulnerable.
By merely receiving a notice in messenger that a friend has mentioned you, you click on it. You are taken outside Facebook to download malware. Attacker adds the post to your timeline so others can click on it. Malware takes over (hijacks) your browser, which is disguised to look like the real one. The attacker captures traffic and hijacks accounts. In the background, others scripts download which protect the malicious code from analysis and makes it invisible to antivirus software. Attackers now own the Facebook account (and anything associated with the hijacked browser (Google drive, Microsoft One Note).
Malicious email:
If malware is software that performs unwanted tasks, email is the vehicle that delivers it to your device. Emails can be harmful to your computer, causing you to click on sites that can leave malware on your system, or trick you into providing some personal information. You may find yourself in an Email scam by responding to a questionable email. Some of these include the old-fashioned fraud emails (business opportunities, health and diet, cable descrambler kits), discount software, advance fee fraud (like the Nigerian Prince), Phishing email (looking for information) or Trojan Horse emails (entice you into installing software, then turning on you).
Malicious email attachments:
According to a 2017 Verizon report, 66% of malware was installed via a Malicious Email attachment. With a malicious email attachment, the attacker will fool the user into downloading malware or other things which can include invoice fraud. Downloading the attachment alone can release the malware and do damage.
Malicious attachments that look like legitimate file attachments, usually an invoice, software update, or other file that seems urgent in nature. These attachments can infect your device with malware that can spread to other systems. Some attachments will take you to a website which asks you to enter your credentials to access the file. However, the file is bogus, and your credentials are now in the hands of the attacker.
Websites:
Sometimes a fairly innocuous site may contain links to sites which are not to be trusted. One way is through clickbait. Clickbait is when you see a headline on a website, but you can’t reveal the answer until you click on it. Clicking on the image will not give you malware, but it will send you to yet another web page, which may contain additional links which are not reputable. Clickbait is attractive because we don’t like ambiguity, and we find it difficult to leave a site after having our interest piqued.
Examples of malware: (not in class)
Botnet:
Hacker sends out virus or worm to infect vulnerable home computers. This creates a slave network called botnet. In the next stage, the hacker sells or hires out the botnet to other criminals who use it for fraud, spamming, DDS attacks and other cybercrimes.
Ad blockers:
We don’t like those ads. But sometimes, the ad blocker can be fake and might have the ability to remotely inject malicious code into unsuspecting customers of the ad blocker. Some browsers, such as Google Chrome, now have built-in ad blocking, which blocks negative ads such as popups, auto-playing video ads with sound, ads with a countdown and large stick ads. If the browser suspects a website is running these ads, they may choose not to load any ads on that website.
Virus
Virus: A self-replicating code. It must be opened or executed to run it. It looks for programs to infect. It can live in the system (resident), which would mean it could strike again. Or it can only be activated when clicked (non-resident). Computers can become infected with a virus in a number of ways including:
· Accepting software or download without reading the fine print (Trojan Horse)
· Downloading infected software from a bad source
· Opening email attachments containing a virus
· Using an infected disc or thumb drive
· Visiting a malicious site
· Not running updates on browser, programs and operating system
· Using a file distribution network for pirated movies/software
Signs you may have a virus:
· Clicking on an icon or program does not work
· Your device is crashing, freezing or rebooting by itself
· Your antivirus and/or firewall is suddenly disabled
· You see unexpected advertisement windows
· You cannot print
· You no longer have the icons on the desktop, and/or program files in your folder
· You have major problems installing or downloading software
· You can’t access your disk drive or hard drive
If you think a file is suspicious, you should first scan the file for viruses. Using your antivirus program, right click on the file and select “scan for viruses”.
If you are concerned that you are infected, use your antivirus program to run a full scan. Open the program and select full system scan.
If a virus is found, a prompt will be given to move the virus or delete the files. Both are ok.
If you don’t have an antivirus program installed, find a free one online by a reputable company such as Bitdefender, ESET, Trend Micro, Kaspersky or Symantec.
Clickbait
Clickbait is a technique used in websites which is designed to have you click on links that look interesting. In fact, the goal of clickbait is for you to click on the link. It really doesn’t care if clicking on the link provides you with a satisfactory answer. They get paid either way! Clickbait is not in itself malware but could direct you to a bad website.
Adware:
Software that provides unwanted advertising. Includes pop-up ads, banners and in-text links. May redirect to another website, install third party software, track or affect system performance. May even prevent you from using ad removal software.
Spyware:
Script which collects information about your device and transmits it to other sites. So, these sites know where you have visited and will provide sometimes fake websites that would interest you.
Keyloggers:
Software that captures anything that you type. Not only dangerous for your devices (think passwords) but also in terminals at gas stations and ATM machines (known as POS or point of service terminals)
RAM scraping malware
RAM scraping malware is also used for POS interactions, where data is stored unencrypted for just a couple of milliseconds. RAM scrapers use this window of time to grab card data and save as a .txt file.
Browser hijacking software:
Advertising software that modifies your browser settings. Although installing a program may result in a new default browser (not too bad), this new browser can have malicious links in it (that is bad). Always check when installing new software for permissions.
Ransomware:
A particularly malicious software which blocks access to your computer until a sum of money is paid, usually in bitcoin or gift cards. The ransomware encrypts your data in such a way that only they can unencrypt. It is not recommended, though, that you pay the ransom. Instead, contact a professional if this happens to you.
Hacking
Hacking is unauthorized intrusion into a computer or network. Uses scripts or code, gains access through methods such as passwords, bundled software or email. The hacker will find scripts, learn about hacking opportunities and share what they find on the Dark web using special browsers like Tor. They will then share what they have found using Tor (a private browser) to set up botnets, break a security network or share sensitive documents. There are also forums on the dark web where sensitive information is shared. There is a site on the dark web called FreeHacks, which give tips on how to hack and example of hacks to try.
Malicious email:
If malware is software that performs unwanted tasks, email is the vehicle that delivers it to your device. Emails can be harmful to your computer, causing you to click on sites that can leave malware on your system, or trick you into providing some personal information. You may find yourself in an Email scam by responding to a questionable email. Some of these include the old-fashioned fraud emails (business opportunities, health and diet, cable descrambler kits), discount software, advance fee fraud (like the Nigerian Prince), Phishing email (looking for information) or Trojan Horse emails (entice you into installing software, then turning on you).
Malicious email attachments:
According to a 2017 Verizon report, 66% of malware was installed via a Malicious Email attachment. With a malicious email attachment, the attacker will fool the user into downloading malware or other things which can include invoice fraud. Downloading the attachment alone can release the malware and do damage.
Malicious attachments that look like legitimate file attachments, usually an invoice, software update, or other file that seems urgent in nature. These attachments can infect your device with malware that can spread to other systems. Some attachments will take you to a website which asks you to enter your credentials to access the file. However, the file is bogus, and your credentials are now in the hands of the attacker.
Do not open any attachments that you were not expecting. Documents, PDFs, images and other attachments might be dangerous. When in doubt, contact the sender and ask. But don’t contact by using the reply, as it might be malicious. Call and ask if they did indeed send you an attachment.
There is no sure way to tell if it is malicious. Still, here are some things to consider:
· Your email provider should be scanning for malicious attachments. If a virus is included in the attachment that you are trying to send, you will see a “Virus detected”” error message. You can choose to send without an attachment. If the virus is attached to an email sent to you, they should reject the message and let the sender know. If the virus is found in an attachment in your inbox, you won’t be able to download the attachment. This is true in theory, but things can still get through. So, keep reading!
· Filenames: avoid bizarre filenames and misspelled words. Spreadsheets are usually not named a random string of symbols (this would be suspicious as well)
· EXE files: These are executable files. Only open if you have downloaded them from a reputable source. Do not open an EXE file in an email attachment.
· Zipped files: If you have any doubt, confirm by phone or email (but not replying to this email because you are not sure if it is legitimate)
· Office documents: These can contain hidden macros or scripts that will “allow macros” without knowing what you are allowing to run. Macros can then enable installed malware.
Focus on Phishing
What is Phishing
Phishing is a Cyberattack where attackers attempt to deceive individuals into revealing sensitive information, such as usernames, passwords, credit card numbers, or other personal details, by masquerading as a trustworthy entity.
“Phishing" is a play on the word "fishing," as attackers "fish" for information from unsuspecting victims.
Things to know about phishing:
Methods: Phishing attacks often occur via email, but they can also be carried out through phone calls (vishing), text messages (smishing), or fake websites.
Deceptive Emails: In a typical phishing email, the attacker might pretend to be from a well-known company, bank, or service provider. The email may contain logos, formatting, and language that make it look legitimate.
Urgent or Threatening Language: Many phishing attempts create a sense of urgency, prompting the recipient to act quickly. For example, an email might claim that the user's account will be suspended unless they click a link and update their details.
Malicious Links: Phishing emails often contain links that lead to fake websites designed to look like legitimate ones. Once on these sites, users might be prompted to enter personal information, which is then captured by the attacker.
Attachments: Some phishing emails contain malicious attachments that, when opened, can infect the user's device with malware.
Targeted Attacks: While many phishing attempts are broad and sent to a large number of potential victims, some are highly targeted. "Spear phishing" targets specific individuals or organizations, often using personalized information to make the attack more convincing.
Types of phishing
Email Phishing: Attackers send emails attempting to trick individuals into giving away sensitive information or login credentials. These emails often appear to be from trusted sources, such as banks or government agencies, and redirect users to fake login pages.
Spear Phishing: This is a targeted phishing attack that uses personalized emails to trick a specific individual or organization. It often uses personal information about the target to increase the chances of success.
Whaling and CEO Fraud: Whaling attacks target senior executives with customized content. CEO fraud involves sending fake emails from senior executives to trick employees into sending money to an offshore account.
Clone Phishing: Here, a legitimate email with an attachment or link is copied and modified to contain malicious content. The modified email is then sent from a fake address made to look like it's from the original sender.
Voice Phishing (Vishing): Attackers make automated phone calls claiming fraudulent activity on the victim's accounts. They spoof the calling phone number to appear as if it's from a legitimate institution.
SMS Phishing (Smishing): This type of phishing uses text messages to deliver bait messages. The victim might be asked to click a link or call a number provided by the attacker.
Page Hijacking: This involves redirecting users to malicious websites through the compromise of legitimate web pages.
Calendar Phishing: Attackers send fake calendar invitations with phishing links. These invitations often mimic common event requests.
Link Manipulation: Phishing attacks often create fake links that appear to be from a legitimate organization. These links might use misspelled URLs or subdomains to deceive the user.
Social Engineering: Phishing often uses social engineering techniques to trick users into performing actions or revealing sensitive information.
Phishing is spread by
Malicious attachments (like invoice, software or another file that seem urgent). They can infect your device with malware, or send you to a website where you enter sensitive data
Malicious links: They take you to an imposter website like the real one. They want to fool you into entering credentials. The links can be imbedded in email or as links in a website
Email Requests for sensitive data designed to seem legitimate.
Spotting phishing emails
Suspicious Sender Address: Check the sender's email address carefully. Malicious emails often come from misspelled or slightly altered domain names that appear similar to legitimate ones.
Generic Greetings: Phishing emails often use generic greetings like "Dear Customer" or "Dear User" instead of addressing you by name
Urgent or Threatening Language: Malicious emails often create a sense of urgency, e.g., "Your account will be suspended!" or "Immediate action required"
Unsolicited Attachments or Links: Be wary of unexpected attachments or links, especially if the email urges you to open them.
Spelling and Grammar Errors: Poor grammar, awkward phrasing, or multiple spelling errors can be a sign of a phishing email.
Mismatched URLs: Hover over any links in the email (without clicking) to see where they lead. If the hover link doesn't match the URL in the text, it might be malicious.
Requests for Personal Information: Legitimate organizations will never ask for sensitive information, such as passwords or Social Security numbers, via email.
Too Good to Be True: Offers that seem too good to be true, like winning a lottery you never entered, are often phishing attempts.
Mismatched Email Themes: If the content of the email doesn't match the sender or seems out of context (e.g., a bank sending a discount coupon for shoes), be suspicious.
Check the Signature: Lack of details about the signer or how you can contact the company can be a red flag.
Suspicious Attachments: Unfamiliar file extensions or files you weren't expecting should be treated with caution.
Check with the Company: If you're unsure about an email, contact the company directly using a phone number or website you know is legitimate.
Unusual Sender Behavior: If you receive an email from someone you know, but the tone or content seems off, their account may have been compromised.
No Encryption: Legitimate banks and online services usually send emails that are encrypted. If an email isn't encrypted, that's a potential red flag.
Check for Digital Signatures: Some organizations use digital signatures to verify the authenticity of their emails. A missing or invalid signature can indicate a phishing attempt.
More on Digital Certificates
•They are a cryptographic way to authenticate data (emails, documents, software). Based on public and private keys.
•Purpose in emails: Verifies identity and Integrity
•Should be seen in businesses, government agencies, banks, healthcare and any other service where sensitive data is exchanged
•Digital signatures only provide authenticity, they do not encrypt emails
•View the digital signature on the address bar (padlock, checkmark, certificate), or in the heading (DKIM Signature or S/MIME) or on attachments (“.p7s” extension)
•You may also use digital signatures for important documents (loans, banking)
Finding the digital certificate:
Click on the symbol on the address bar
Click more to see more
Super challenge:
This quiz has 14 screens. You look at the screen and decide whether it is Phish or Real. When you are done, you can see the things that indicate that something was phishing.
Tools to help determine if something is legitimate
How to spot phishing
There are ways to spot possible phishing attempts. They include:
Unknown sender, sender you recognize with a suspicious looking email, or incorrect address
The sender doesn’t seem to know you. ( “Dear Customer”)
Embedded links: Hover over to see if it is from a trusted source
Language, spelling and grammar: Many of these are created in other countries and translated into English. Content is bizarre or unbelievable: Think of the Nigerian Prince.
There is a “call to action” button. This is encouraging you to click there, which can trick you into downloading a malicious code.
How can you tell if an email is malicious?
Unknown sender or even a sender you recognize with a suspicious looking email. Or the address is incorrect. Check the email as well as the sender name. And remember the sender address can be different by just a letter or two. So, look carefully!
The sender does not seem to know you. They address you as “Dear Customer” or may have no contact information.
Embedded links: You can see a link by hovering over it as it is on the page. Before clicking on a link, hover your mouse over the link. This will show you the actual web address embedded in the link. Check this against the actual web address of the trusted source. If you are still unsure, contact the source through another trusted channel (for example, a customer support number listed on the official website) to verify the email is legitimate.
Language, spelling and grammar: Many of these are created in other countries and translated into English. Look for mistakes, even minor ones.
Content is bizarre or unbelievable: Think of the Nigerian Prince.
There is a “call to action” button. This is encouraging you to click there, which can trick you into downloading a malicious code.
The email is asking for sensitive information, hoping that one person will fall for it! (This is known as phishing)
How to tell if an email attachment is legitimate
There is no sure way to tell if it is malicious. Still, here are some things to consider:
Your email provider should be scanning for malicious attachments. If a virus is included in the attachment that you are trying to send, you will see a “Virus detected”” error message. You can choose to send without an attachment. If the virus is attached to an email sent to you, they should reject the message and let the sender know. If the virus is found in an attachment in your inbox, you won’t be able to download the attachment. This is true in theory, but things can still get through. So, keep reading!
Filenames: avoid bizarre filenames and misspelled words. Spreadsheets are usually not named a random string of symbols (this would be suspicious as well)
EXE files: These are executable files. Only open if you have downloaded them from a reputable source. Do not open an EXE file in an email attachment.
Zipped files: If you have any doubt, confirm by phone or email (but not replying to this email because you are not sure if it is legitimate)
Office documents: These can contain hidden macros or scripts that will “allow macros” without knowing what you are allowing to run. Macros can then enable installed malware.
How to tell if a website is malicious
A scamming website performs its work in 3 steps:
1. Bait: Draw users in via email, social media, texts, messaging, other websites
2. Compromise: Users do something to expose information or devices to attackers
3. Execute: Attackers exploit the users to misuse their private information
Look for these clues:
Emotional language (is there an elevated level of urgency, optimism or fear?)
Poor design quality (low resolution images, odd layouts)
Odd grammar (spelling mistakes, broken or stilted English or grammar errors)
Absence of identifying web pages (is it missing contact us or about us? Is there a phone number? Can you call it?
Check the spelling (there is a difference between amazon.com and amozon.com)
Check the prefix (Phishers are now learning that many browsers ignore the prefix, which should be http:// or https://. So they are using http:\ as their prefix. This can send you to a non-legitimate site.)
Check the domain name (usbank.com is not the same as usbank.co, FBI.gov is not the same as FBI.com)
How to identify an imposter scam:
Occasionally, you will be contacted by a specific person or representative of a business (such as bank) or government (such as IRS). They might call, send a text or email. Here are some warning signs that this may not be legitimate:
· Money needed immediately
· You need to pay a fee to get somethings for “free”
· You won a prize, but they need more information
· Something is wrong with your computer
· A friend or relative needs to borrow money
· A person or business requests money in the form of a gift card, wire transfer or prepaid debit
Other examples of scams
· Social security scam calls
· Parcel tracking text scan
· Amazon Prime Renewal phone scams
· Gift card scams
· Navy Federal Credit Union scams through email
· TSA Precheck Renewal
· Email asking to validate your COVID-19 status
· Scammers promoting local police support
· Letter from a law firm telling you that you have inherited money
· Note from company (Netflix) saying you need to update your billing information
· Phone call from tech support saying your device is not working properly
· Message from Publishers Clearing house claiming you are a winner
Activity:
Can you spot an online scam? Try this short quiz to find out.
Apps:
Can you get a virus from an app?
No, but you can get other forms of malware which may steal money, steal credit card information, steal contacts and sensitive photos, track your location, read text messages, save passwords, send SMS messages, and spend your money.
Can you get malware from an App from the Apple App store?
Unlikely, although it has happened. To be sure, only install apps from the Apple App store. These apps go through thorough testing and verification prior to release. Your iPhone is protected as long as you did not jailbreak it or use third party apps. Apps outside the Apple App store require that you jailbreak the phone.
Can they be trusted? Short answer no!
· Not necessarily safe if in the Google or Apple App store
· Definitely can be unsafe if not on the Google or Apple App store
· Who makes the app? Special caution for beauty apps, VPN apps, and antivirus apps
Tips on how to tell if an app is safe:
· Find out how the app uses your personal information. If it is sharing with others, it could be malicious. How do you know? First, if it is free, they are not obligated to disclose their advertising and tracking service, so it is probable they are tracking you.
· Permissions: The app may require permission for certain features. For example, a heart rate workout tracker would want access to your health access, and you might have to enable certain aspects of that health data. Once set up, the permissions are made and the data will be exchanged. Make sure it makes sense. A flashlight app will need access to the camera flash, but nothing else. A book app does not need access to the camera. On an Android device, app permissions are included in settings. ON the iPhone, clicking on the app in settings will show you what it has access to. Beware of apps which ask for lots of permission (such as managing files, using contact information from friends, or camera).
· Understand when and why the app will track your location. This information would be part of the license agreement that we often scroll past.
· More research on the app:
o Look at the developer’s name right under the app’s name. You can do a Google search to find more information about the developer such as a website. If they have created a number of apps (well-reviewed), then it is probably safe.
o Look how many times it has been downloaded. The more downloads, the safer it may be (to an extent of course!)
o Look for an app that has been around for a while, but has been recently updated. In the Google Play store, you can find this information under “read more”.
o Read reviews. There should be lots of reviews, and they should have some positive and some negative points in them.
o Spelling and grammar errors: Since often apps are created in other countries, the grammar or spelling may be incorrect. This is a red flag.
o Unbelievable discounts: If it seems too good to be true, it probably is!
· Avoid third-party apps: These are ones which are found outside the App Store or the Google Play Store. Third party apps bypass security measures making it easier for a hacker to infect your device with a bad app.
· NOTE: If you suddenly have lots of ads after downloading an app, you may be a victim of “targeted advertising”. Although not malicious, they can be annoying and might slow down the phone. Delete any apps which seem to get these ads.
What to do if...
You are contacted by a scammer:
Research the person, business or government agency to see if they are a scam
Hang up if it is a computer issue
Don’t trust caller ID
Don’t send money to someone you do not know
If someone claims to be a friend or relative, validate before giving money.
You are a victim of an imposter scam:
Contact your financial institution (as long as you did not pay with a gift card, prepaid debit card or wire transfer)
Report the scam
Contact FTC at 1-877-382-4357 (or online at reportfraud.ftc.gov
Report it to the FBI Internet Crime Complaint Center
Report to your local police department
If it is a tech support scam:
Disconnect your computer from the Internet immediately
Use another PC to change passwords
Check browser for unfamiliar extensions or add-ons and remove them
Run your anti-virus and ant-malware programs
You are hacked
If your computer is acting differently (can’t turn it off, running slowly, opening pages you didn’t select, popups) then you may have been hacked. Steps to take:
Stop: Stop shopping, banking and entering passwords until the problem is resolved
Update: Update your security software. Install a new version.
Find and Delete: Using security software, scan your system. It will flag malware, which you can delete (or archive). Restart your computer. Contact a professional if problems persist.
After cleaning: Change critical passwords to long and strong passwords
Final notes: Keep your operating system and web browsers up to date
You are the victim of a data breach
A breach typically exposes personal information and not passwords, but if there is a concern, change your password. If you have used the password in other places change them. If your account has been hacked as well, you will need to confirm or repair all recovery information. Consider two-factor authentication. Additionally, if your accounts are breached, you can:
• Freeze your credit. Make sure to include all three credit bureaus
• If it was your phone account, change your cell phone account password and PIN numbers.
• Consider multifactor authentication
• Follow the advice of data breach letters and take advantage of free monitoring if offered
• Be on the lookout for phishing. They may want to exploit what they know already.
• Monitor your financial accounts (credit cards, banking, utilities)
• Contact the DMV is your license has been exposed
Resources when your identity is breached:
Website: Have I been pawned? This website will check if your email or phone is in a data breach. https://haveibeenpwned.com/
Consider contacting the Identity Theft Center . You can call (888.400.5530) or live-chat on the company website www.idtheftcenter.org. You can also check their website for information on latest breaches and additional resources.
Norton (as in anti-virus) provides information on 5 different types of breaches and what to do in each one.
Were you affected by the T-Mobile breach? Here are some suggestions from Consumer Reports
Want to cut down on data collection and hackers? Consumer Reports offers a free personalized plan to help you organize your digital life. Here were the suggestions made when I completed the form.
What can you do for a safer you?
Use a good antivirus program
There are many antivirus programs available. Some are free, others have costs involved. Unfortunately, you may find that the anti-virus program you downloaded is actually malware! And, when googling anti-virus programs, you may end up with malignant sources as well. The go-to site for best antivirus programs can be found at AV-Test, which is an independent IT-Security Institution. On this site, you choose your device (mobile Android, Windows, Mac or Business) and you can see the operating systems which were tested during that period. Sites are tested for protection, performance, and usability. Some will receive a top billing. For example, the top-rated antivirus programs for Windows 10 are: Avira, Bitdefender, Kaspersky, Quick Heal and Trend Micro. Unfortunately, among the lowest scoring for protection is Microsoft Windows Defender. You can learn more about this by visiting their website at: av-test.org
Use a safer browser which include certain features:
· Web of trust (https://www.mywot.com/): Uses community input to verify the safety of a site. Needs to be installed on each browser.
· Web address: HTTPS should begin the web address if you are putting in sensitive information like address, birthday and credit card information
· Security symbol: Besides HTTPS, you should also see a lock someone on the browser’s address window.
· Update your browser regularly. Each browser has its own way of doing this, so become familiar with your browser. (Google Chrome: Settings > About> It will tell you if it is up to date)
Use a strong password:
· Strong (over 8 characters include letters, numbers and symbols. Mix letters and numbers.
· Do not use personal information in a password
· Use a password generator to set one up, and to store passwords. Examples include Last Pass (https://lastpass.com/) or Dashlane (https://www.dashlane.com).
· Do not share with others
· Don’t store them on your device. If you must, hide and encode.
Consider using a VPN:
A VPN (virtual private network) is a method used to add security and privacy to public and private networks. It allows the user to send and receive data across public networks, using a private network instead of the public network. There are many types of VPNs. Some are free, and others cost money. It is better to pay for your VPN, as the free ones may often violate privacy standards. Remember if you are using your own Wi-Fi or a cellular connection, you probably do not also need a VPN. Also, if your surfing on public Wi-Fi systems is pretty basic (web searches, basic websites), then a VPN is not necessary.
VPNs protect your online identity and data sent online. It does not protect you from malware, phishing scams nor does it protect your data on your devices. Some possible suggestions from various sources:
· Express VPN (https://www.expressvpn.com/)
· NordVPN (https://nordvpn.com/)
· Mullvad (https://mullvad.net/en/)
· TunnelBear (https://www.tunnelbear.com/)
The website whatismyipaddress.com lists a number of VPNs and includes some specifics about them. While you are there, learn more about IP addresses, checking how sent you that email, and are you blacklisted? Someday, we will do more on this interesting topic!
Consider using your cellular hot spot or purchasing a hot spot:
Many cell phones offer the capability of using your cellular connection for a portable Wi-Fi. This is especially useful when you are away from home and want to access a sensitive site. The process involves setting up your phone for this, which will include a password, then opening your other device and looking for your phone network. You will have to enter your password on your phone onto the other device. A purchased hot spot will be set up in a similar fashion.
Additional resources
Website: What are some common email scams and what can you do to avoid them? This is an interesting assortment of them. Particularly intrigued by Swatting...
Activity: How good are you at spotting Email scams? BTW, I took these quizzes and did miss a few. Fun way to see how much you learned!
Here is the Phishing quiz by Google that we did in class
Another good phishing quiz. It asks for your email address, but you don't have to fill it in.
This is a nice basic quiz designed for seniors.
Website: All about Email scams. Includes activities and lots of examples.
Resource: Have you been a victim of Identity Theft? Visit the Identity Theft Government site to learn more.
Resource: Hacking is a problem that seems to affect all of us at one point or another. Here is a great informational site on hacking.
Interesting web article: How does the information used by hackers become available? Follow this story as the author goes onto the dark web to discover more about Russian hackers.
Adware: Learn more about adware, and then learn how to clear your browsers of adware.
Ram scraping: How do they do it? This article outlines how ram scraping is done. Maybe a little technical, but eye-opening!
Website: The FDA offers some tips on preventing skimmers at the pump. Very informative!
Online presentation: At a 2018 conference, information was presented on some prominent Russian hackers. This presentation shows what they did, how much money they made, and what was used. Very fascinating!
Video: Street Smarts for Seniors, a presentation by the Brooklyn Police Department. It is about 30 minutes long, but easy to follow and very useful.
Tutorial: Avoiding Malware from GCFLearnFree
Flyer: Basic tips for online safety
News article: Sure, a VPN offers secure connections. But they are not all the same. And some are worse than public Wi-Fi!
News article: Here are some of the more reputable VPNs (includes more information on VPNs)
After completing the lesson, do this on your own:
Watch this video for some examples of email scams
Open your email program and click on the spam folder (REMEMBER YOU WILL NOT CLICK ON ANYTHING, JUST OPEN)