How to Stay Safe and Secure Online
The internet is an amazing tool for everyone from writing emails to your co-workers, making chit-chat with your friends online, using FalixNodes , to remote work in this day of age. Howerver, the internet can also be dangerous, and surfing without taking precautions might put people in risk of losing identities and ruining their life. When it comes to information theft, scams stealing money, data breaches and leaks, stalkers spying one another, and other issues, there is a lot at stake.
It is important to take precautions while using the internet to keep yourself and your information safe from hackers and scammers. We’ll start with the basics and work our way up from there!
What to Look Out For and How to Avoid It
If you don’t know what you’re looking at, you’re going to be misled. Included are not only you, but also your friends and loved ones. Phishing, pop-ups, and scams are all things to be on the lookout for.
There are all types of phishing methods out there, so we’ll go through some examples. Examples below are provided by Phishing.org.
Tech Support Scam:
Over the past few years online service providers have been stepping up their security game by messaging customers when they detect unusual or worrisome activity on their users’ accounts. Not surprisingly, the bad guys are using this to their advantage. Many are designed poorly with bad grammar, etc. but others look legitimate enough for someone to click if they weren’t paying close attention:
Consider this fake Paypal security notice warning potential marks of “unusual log in activity” on their accounts:
Malicious .HTML attachments aren’t seen as often as .JS or .DOC file attachments, but they are desirable for a couple of reasons. First, there is a low chance of antivirus detection since .HTML files are not commonly associated with email-borne attacks. Second, .HTML attachments are commonly used by banks and other financial institutions so people are used to seeing them in their inboxes. Here are a few examples of credential phishes we’ve seen using this attack vector:
Social Media Exploits
Several Facebook users received messages in their Messenger accounts from other users already familiar to them. The message consisted of a single .SVG (Scaleable Vector Graphic) image file which, notably, bypassed Facebook’s file extensions filter. Users who clicked the file to open it were redirected to a spoofed Youtube page that prompted users to install two Chrome extensions allegedly needed to view the (non-existent) video on the page.
Pop-ups are often designed to seem like a dialog box from your computer’s operating system, even if it is a fake. It is generally easy to tell whether a pop-up is a fake by looking carefully at the design, which does not match the design of your operating system at all. If, on the other hand, you are not technically savvy, you may end up failing for one as a result of either completely disregarding it or falling victim to a fake one.
Just like we did with Phishing, we’ll go over some examples:
Pretending to be your Anti-Virus
A pop-up window that pretends to represent McAfee is seen below. Instead of restarting their computer, the warning said that the recipient’s system had been infected with malware or adware and that they should call the number given on the pop-up screen. Scammers, virus creators, fake security software distributors, and others are all too willing to pose as legitimate security groups in order to get access to sensitive information. It is true that destroying the reputation of firms whose technologies identify fraudulent software and connections is a significant benefit for the bad guys.
I believe we are all aware with online frauds at this time, so I’ll go straight to the point on this one and just share a video from the one and only Jim Browning to emphasize the point.
The first precaution to take is 2-Step Authentication, which adds an extra layer of security to your online accounts. If a website does not allow 2FA, take additional precautions and change passwords on such sites on a frequent basis.
If a hacker is successful in guessing your password for a site where you have 2FA enabled, they will be unable to log in without access to your phone or other means of authentication. So, if you get a text message with a verification code but it wasn’t you who signed in, you should take immediate action and reset the password for that specific website in question.
However there are occasions, rare in most cases, where 2FA may fail you. For example, suppose a hacker is successful in accessing your phone and is able to see all text messages received to your phone from other people. Once they have obtained the 2FA verification code by guessing the password successfully, they may proceed to the next step. A hacker successfully hijacked the phone number of a YouTuber because their carrier was fooled by the hacker, true story. I can’t find the video on it sadly, I tried.
So, using a phone number as your 2FA method may not be the best option, we recommend to use a isolated 2FA application on either your desktop or mobile device, a 2FA app that can’t be logged.
Don’t Use the Same Password
Using the same password for everything is a bad decision; instead, use an unique password for each website you visit to keep your information secure. Hackers who correctly guess your password for a particular site that uses the same password as all other sites will have access to all of your online accounts, including your bank account.
Not only that, you shouldn’t be using a common or a generic password either that are easily guessed. It’s best that your password is strong with capital and lowercase letters, multiple numbers, special characters, and more.
If you have trouble keeping up with using different passwords on every website, there are passwords managers you can choose from. We recommend 1Password as your password managers since it has all the features you’ll need.
Password managers are used to help store your usernames, emails, passwords, 2FA codes(if available in password manager), masked emails(if available in password manager), and much more! They can also generate strong passwords for you to use.
Regularly Change Your Passwords
It’s recommended to also regularly change your passwords. Of course, this can be time consuming if you have tons of accounts online, at least change the passwords regularly on the main accounts you use daily. Maybe on platforms like Google, Twitter, Discord, and more.
There are also times when you have to change your passwords:
- After a data breach on a website you use
- Suspect unauthorized access
- Discovered malware or phishing software
- Believed you may of clicked on a phishing link
- or if you have just logged in for a while(and maybe forgot the password generally)
Protecting Your Identifiy
Using Masked Emails
To avoid being tracked when you sign up for something, you can use masked emails to your advantage. We use the word “emails” in the plural since you should not utilize a single masked email address.
There are services these days that make this easy for you like Apple’s “Hide My Email” feature, FastMail, and more. However, most of these services aren’t free and you may need to end up pay a monthly fee, luckily they’re cheap and affordable.
I, Korbs, use FastMail personally using the standard plan($5.00/month) with 1Password intergration.
Let’s set an example, I see a website to watch free movies on, but I have to sign up to watch them. Firstly, I don’t know how legit the website is so I don’t feel like using my personal email, instead I can use a masked email.
Let’s also say this email of mine is, well, [email protected].
Masked emails are randomly generated names, so I could registered on this website with a provied masked email like [email protected]
Using Masked Cards
If you liked the idea of masked emails, you’ll love the idea of using a masked card to protect your money online.
A masked card is a digital service that is used in combination with a standard card. The card number, expiry date, and security code that you get when you mask your card are all unique. Your credit card or bank account will be charged using the information provided in those fields.
Don’t Copy/Paste Everything in the Terminal (for Linux users)
Linux users may assume that their operating system is not particularly targeted by hackers and viruses, which may be mostly true. However, because the terminal is still extensively used on Linux today, there are commands out there that can completely ruin your operating system with simple ones that are allowed to run as root without being detected. This is demonstrated on YouTube by a channel known as Seytonic, who provides the following example:
It makes a lot of sense to target Linux users in this manner because there are a lot of people who are likely new to the Linux eco system and will end up copying and pasting a lot of commands into their terminal.
One command can easily uninstall everything or even worse, delete everything!
So it’s always a good idea to back up your Linux system.