Make life tough for computer hackers.

Are you under the illusion that Internet hackers will never find you? I am hoping this article will raise your paranoia level a tad and convince you to take at least a few preventative measures to protect your private information.

For starters, take this two-year old quiz on data privacy. The situation has only worsened since this was written, but I think you will be surprised by what you learn, I know I was!

internet protection graph

Some terminology you should know:

Phishing – Someone trying to trick you, a scammer posing as an official, or a trusted representative of a business or other entity, often by mail, into providing personal data or credit card account information.

Skimming – Capturing information from the magnetic stripe on debit or credit cards using ‘skimmer’ devices that are secretly installed on card reading machines or ATMs.

Malvertising – Malicious online advertising that contains malware – software intended to damage or disable the computers it enters.

Ransomware – A malicious program that disables your computer then hijacks, encrypts and holds all your files hostage, and demands a fee to release the files and restore your computer.

Ghosting – Stealing the identity of a deceased person to illegally open credit accounts, get loans and/or utility and medical services all in that person’s name.

Spyware is a type of malware that enters your computer or phone and tracks your actions and obtains information about you without your knowledge or consent.

Drive-by-download is the downloading of a virus or malware onto your computer or mobile device when you visit an unsafe site. You don’t even have to click on anything on the site to have the malware download.

Brute-force attack is a hacking method to find passwords or encryption keys where every possible combination of letters and characters is tried until the correct one is found.

How to protect against debit and credit card skimmers:

Digital thieves are targeting ATMs and other cash dispensing machines. They use skimmers- hard to see devices that steal the data from your card.

Inspect the machine – does the card slot or keyboard seem loose? Does anything about the machine look odd or suspicious?
ATMs in remote locations are not inspected regularly and can be tampered with by skimmers. The safest ATMs are inside banks.
Cover the keypad to protect any hidden cameras from recording the PIN you type in.
When paying with your debit card, if you do not have a chip card, or the store doesn’t have a chip card option, opt for the ‘credit’ option instead of ‘debit’ so you won’t have to type in a PIN.

Skimmers are also after your credit card information. My credit card has been hacked three times this year alone. If you get sent a replacement credit card with a chip, use it! That new technology encrypts your account information, which makes it more difficult for hackers to create fake cards.

How to protect your ‘smart’ home from being hacked:

Do your homework on every ‘smart’ product you buy and go with a trusted brand. Larger internet-oriented companies, like Google, Amazon and Apple for example, develop products with the best security possible. They constantly provide updates as new developments occur to fix any vulnerabilities. Read the company’s privacy policies to see what information they are capturing about you from their products. If so, what do they do with the data and who is it available to?
Connect all your ‘smart’ gadgets like the Nest thermostat, Samsung refrigerator, Amazon Echo, and Phillips Hue smart bulbs to a Wi-Fi network which is separate from the one your computer, smartphone and tablet use. You can set up a guest network, and lump all your ‘smart’ items together on it to interact with each other, leaving your personal computing devices safer.
Each ‘internet of things’ device should have its own unique strong password. If you cannot memorize these passwords, that means they are strong enough!
While most manufacturers should send you notification of updates, they don’t always. Keep on top of each company and check regularly for updates.
Call me paranoid, but I am a little suspicious after doing the research for this article! Consider putting a piece of opaque tape over any camera device in a ‘smart’ gadget for which video recording is not its primary purpose, and hitting the mute button on any device that has a microphone and could be recording conversations, like smart speakers.

Keeping your computers and smart phones healthy and virus free:

Install updates for your software when they are offered on your phone and computer, your apps, your web browser, your ‘smart’ gadgets, and the software running your Wi-Fi router. Always opt for turning on the ‘receive automatic updates’ feature. Never click a link in an email if you are uncertain who sent it. Instead, type the address into your browser.

Update and strengthen your passwords. I read somewhere that we should consider our passwords as the front door to our wealth and private information. The entrance can be made of cardboard, or can be impenetrable. Here are some tips:

Use two-factor authentication on your most-used Internet services like Apple, Google, Twitter, Facebook, Microsoft and banks.
Use a different password on every site.
Use passphrases instead of a single word.
Use a password manager instead of storing your passwords on your computer. Change your passwords annually on the most important accounts.
Lock everything!

Carnegie Mellon University (CMU) researchers developed a quiz to see how our perceptions of password strength compare to CMU’s study participants’ and their models of attackers. In the future we will be able to do away with passwords and use body parts instead. Fingerprints might be too available and thus not secure, but Karl Martin, founder of a start up in Toronto, is promoting the idea that the electrocardiogram, the heart rhythm, is a good way to identify people. The pattern of the rhythm is different for everyone, and he is developing a wristband that uses your heartbeat to identify you to your computer. *Update – the CMU quiz is no longer available but the article is worth reading.

Encrypt your smartphone and computer in case of loss or theft. Encryption makes it much harder for your information to be retrieved without your permission. A password AND a fingerprint lock on your smartphone is an example.

Back up everything important to you on an external hard drive.

Don’t allow apps to use your location and delete apps you no longer use. Many apps are watching what we are doing and where we are going.

Consider increasing your web browsing privacy by clearing your browsing data. It will mean that frequented sites that helpfully remember your password won’t, and you will need to re-login but you will be able to give unwanted and pesky marketers the slip. Note – Adobe Flash is a common means of transportation for malware into your computer.

To see what information is on the internet about you, go to Google’s Maps Timeline where Google gathers information about where you have been on the internet. On Google’s My Activity site, you can see your searches, the websites you visited in Chrome, the YouTube videos you’ve watched, and any voice instructions to Google’s Assistant. The good news is that Google presents the data it has on you in a dashboard for you to see and delete if you want to.

Use PayPal instead of a credit card on sites that you don’t know and trust.

Do not use any site that doesn’t start with https (the ‘s’ stands for secure), especially if you are using a credit card. You can install an extension called HTTPSEverywhere which prevents your browser from going to any site that doesn’t have https.

To check if your computer has been invaded by a virus or malware, download the free app Malwarebytes which will search and remove any worms, Trojans, or generally nasty stuff on both Macs and PCs.

Some apps that will help:

Every time you hear of a massive data breach on the news, activate HaveIBeenPwned.com. Enter your email address and username and the site will tell you if hackers have exposed any of your personal information. It will also help you fix the problem.
JustDelete.me helps clear browser history by linking directly to the cancelation pages of lengthy lists of social media sites, retailers and other businesses that might have data on you.

If your information is hacked:

Turn off the Wi-Fi connection, shut down and disconnect your computer.
Use the apps and websites listed above to scan your computer to detect and remove any infection.
Take your computer to your service person for help in backing up important files to a clean hard drive and wiping clean the infected one.
Reset all your passwords.
Consider a credit freeze. This alerts the three credit companies not to give out your credit history or allow any credit applications or loans in your name. This is especially important if your SS number is stolen. You can lift the freeze at any time.

To fully understand the scope of the internet hacker problem, check out the Digital Attack Map which provides a daily map of world-wide internet service attacks. It is developed and published by Jigsaw, Google’s in-house security think-tank.

A note about Internet privacy:

On April 4th, 2017, Congress voted to overturn the FCC privacy protections for Internet users, which were set to go into effect this year. These rules would have prevented internet providers like Verizon and Comcast from collecting, storing, sharing and selling certain types of customer information (people’s web browsing, app usage, and location) without user consent. Advertisers buy that information and target ads. The ads that result often carry malware and can be dangerous.

Make sure you share this information with your friends and family, and keep their privacy safe. Just push the button on the bottom of the article.

To learn more about creating good passwords, go to http://cups.cs.cmu.edu/passwords.html

To read about body parts replacing passwords go to http://www.cbsnews.com/news/technology-that-uses-your-body-as-your-password/

Read ASE’s earlier article about safely storing passwords.

Honey, Do You Remember the Password?

Password safety