It's a jungle out there on the Internet. Every day you go out to visit websites, check on your checking account, shop on eBay, Google the news, and every day there are predators waiting to pounce on your passwords, abscond with your accounts and infiltrate your identity. They don't discriminate according to age or gender, they just want your numbers. And all too often you make it easy for them to get away with it. Passwords stink. The fact is there is no easy solution to this problem. Biometrics and two step confirmation may eventually help, but even they can probably be hacked. We spoke with both Google and Norton about some of the worst threats in cyberspace and some of the tools you can use to combat them. I came away feeling the guys in the black hats are always two steps ahead of the guys in the white hats.
Number One on My Hit Parade - Identity Theft
As far as I'm concerned, the biggest threat on the Internet is identity theft. That could mean anything from stealing a credit card number and password to making fraudulent purchases, all the way to theft of your social security number to take out loans in your name, or file fraudulent federal tax returns. And once it happens, proving to the authorities that you are you and that whoever said they were you was not is a huge piece of work. Google offered us these thoughts on how to prevent identity theft
Norton says if you think your identify has been stolen, take action immediately by shutting down any affected accounts. Check your credit card history for any suspicious purchases and notify your provider if you believe someone has stolen your account information. Set up a fraud alert with one of the three national consumer reporting agencies (Equifax, Experian, and Trans Union.) This alert will tell creditors to contact you directly before making any changes to existing accounts or allowing someone to open up any new ones.
Norton also sent us notes on some other Internet threats and how to protect yourself. These tips come from Marian Merrit, an advisor to Norton's parent, Symantec.
Don't Get Caught in a Phishing Expedition
Ever receive an email or text from someone you don't know? Phishing messages may look very much like authentic messages from banks or social networks - complete with the company's logos and name in the Web address. But beware! Clicking a link in one of these phishing messages may trick you into visiting a fake website where private information like your user name and login, bank account details, credit card numbers or even social security numbers will be stolen. It's even possible for malicious software or malware to be installed on your computer, even if all you do is click the emailed link. There are several steps to take to avoid being "phished"
First of all, know that your financial institution will never ask for your account number or other sensitive information via email or text message. These days, it's difficult to tell if an email or website is legitimate based on looks alone, so if you're unsure, type the company Web address into the address bar yourself, or call the company directly using their published customer service line (not a phone number in the dodgy email message) to confirm before providing any sensitive, private information.
Malware, Viruses, and Other Bad Stuff.
Malware - or malicious software - refers to viruses, worms, Trojans and other programs that are often harmful to your devices and your personal information. Malware can have a number of functions, like recording your keystrokes, or turning on your web camera without your permission. It used to be very obvious when a computer was infected with malware; it would often run very slowly, or programs wouldn't function normally. However, a key component of today's malware is that it can operate silently without you ever knowing it's there. This way, cybercriminals can continue to steal valuable information or data from you over a longer period of time. Most malware is installed on a computer through malicious attachments or infected links. Because of this, it's important to only open email, IM, or social media attachments that come from trusted sources and delete all unwanted or suspicious messages without opening or responding to them (responding just lets the cyber criminals know they've reached a live account). It's also important to install a comprehensive Internet security suite as your first defense against online threats. If you think you might have malware on your devices, you can find removal tools online for malware that's particularly hard to remove. Be careful that you don't wind up paying money for a set of tools that you can find for free. If you prefer, engage the services of a tech expert like Geek Squad or Norton Live to help with malware removal. Several services offer one-time virus and spyware removal packages.
Are Your Friends Who They Say They Are? - Social Networking Threats
As more of us join social networks, we should be aware that a number of threats or scams can be found on popular social networking sites. These scams operate on the assumption that people are more likely to let their guard down when they believe the information is being sent to or shared with them by someone they're friends with. One such example, known as "likejacking," tricks the user into clicking on links that appear to do one action - such as liking a Facebook page - but conceal another action - such as giving a scammer access to your profile. Once the victim clicks the button, it can give the hacker the ability to post updates from the victim's newsfeed, which can then potentially cause others in your social network to be "tricked" and infected as well. According to the Symantec Internet Security Threat Report, released in April 2013, "likejacking" was one of the top three social media scams of 2012. To avoid social networking threats be careful what you click. If a post looks suspicious or uncharacteristic of a friend, it's better to stay safe than satisfy your curiosity. Navigate directly to official company Facebook pages or websites to enter contests, and if an offer looks too good to be true, it likely is.
If you've fallen for one of these scams and now your account is posting the same strange ad or link in your status, make sure you delete the post. Just click on your name to get to your own page and find the post. Then put your mouse over the right side until an "x" appears and click that. Make your new status a warning to your friends not to fall for it.
Other Steps to Protect Yourself
There's a good chance that you use the same username and password combination for many, if not all of the sites you regularly use, including everything from shopping sites to your brokerage account. That means that if the bad guys hack into just one of your accounts, or steal that information from the vendor or credit card company, they've effectively got the keys to the kingdom. They can start trolling the Internet using sophisticated computer servers until they grab multiple accounts and steal you blind. Google suggests that one way to avoid this is to create different user names or at least different passwords for every service you use. Nice idea, but most folks I know have enough trouble remembering a couple of account passwords. Other places, especially corporate websites, will demand that you change your password periodically, generally 30, 60, or 90 days. Again, nice idea but tough to remember, especially for those of us with short term memory problems.
Of course there are still people who are creating passwords that are so simple that even a two- year old could hack them. Things like 1-2-3-4-5-, or QWERTY. Or Pasword9. Both Norton and Google suggest turning phrases into passwords by substituting symbols in place of letters. Google has a video that does a thorough job of explaining it.
The bottom line here is that there are plenty of steps you can take to protect yourself on line. But the tougher the steps, the more work they will be for you and the harder for you to remember. And even then, none of them is foolproof. Perhaps a combination of biometrics, confirming phone calls to your cell phones, and other steps will eventually simplify the burden. But for now, it's still a jungle out there.
Follow Gary M. Kaye on Twitter: www.twitter.com/@intheboomboxtv