At the end of last week's article, I
alluded to the idea that no software – anti-virus or otherwise –
is going to mitigate your own bad behavior online. So what did I
mean by that?
It occurs to me that there are things I
do, or do not, do automatically because I know they are
security risks. Now, having been online since . . . well, when I
first got online, I was very young . . . Prodigy was still a thing
(remember Prodigy? Anyone? Bueller?); being on CIS (CompuServe
Information Systems) or GEnie (General Electric's answer to CIS)
meant you were a geek (I was on both); modems were 1200 baud if you
were lucky; Internet was dial-up only; and printers were dot matrix
(ask your parents).
My point is that I've had a number of
years to develop behaviors that are now so ingrained in me that I
don't even think about them . . . behaviors that have kept me from
having any major security issues. I've never had anything more
serious happen than being infected with the odd virus every now and
then, and much of that I owe to knowing what kind of behavior can be
dangerous. It's a challenge to write this, since some of these
things are completely unconscious at this point, but I'll give it a
go. . . .
Be careful where you download from.
You probably know this is important. But, though an anti-virus can
alert you to problems once they've occurred, or warn you about risky
behavior, it won't stop you
from downloading that file or program. Why? Because if you want to
download a new game or trial program, or whatever it might be, and
your anti-virus tells you you can't, what is the first thing you'll
do? Disable it! So then you have no
protection. So the anti-virus will ask you if you are certain that
you want to download it, it will warn you that it could give you a
virus, but it won't stop
you in the end. It's up to you to make sure that you're downloading
from a reputable source, that the website is what it appears to be,
and not a fake.
Be
careful of fake sites that look like the real thing, and always check
the URL (Uniform Resource Locator – also known as the website's
address) to make certain it is genuine. If
it says, ″www.yootoobe.com″
instead of ″www.youtube.com,″
you should run away! You'd be amazed at how many people don't
notice, or worse, don't check. It's entirely possible to create a
site that looks like
the site you think you're visiting –
logos, images and all
– but is really a fake.
This is particularly dangerous if it's your bank or other
financial-related site. This is one place where spelling
really does
count!
If you get an email from what you think
is your bank, and it has a link, don't
click on that link!
If you look closely, what you think is a link to Wells Fargo may be
a link to ″welsfargo.com″ - notice the spelling? Only one ″L″.
It's the kind of thing that is easily-overlooked, and the Bad Guys
know this. This type of link can be used to get you to log in to
their fake
site with your real
password, which is then collected and used to drain your accounts.
This
is what is meant by, ″phishing.″
In
fact, people so frequently
are
oblivious to
this sort of ploy
that some phishers, who are either lazy or cocky . . . or both . . .
have even been known to use fake addresses like,
″www.hackyou.wellsfargo.com″
in the links they send out in emails. If it's hidden in an HTML
email – since you don't see the actual link – you should
be able to see it in the address bar if you click on it and it opens
up a new tab or window. Which brings to mind a few more things you
should not do: don't click on links in emails (with few exceptions),
and don't use HTML mail.
Never
click on links in emails; type the URL in yourself, from scratch.
If
your bank or other financial institution, or any other important site
such as these, emails you, they
shouldn't put links in the email; frankly, they should know better at
this point. But if you really believe it's from who you think it's
from, and you need to log in to your account, do
not click on the link!
I can't stress this enough! What you should do is to open a browser
page and type
in the address yourself.
Yes, I realize that can be a little inconvenient, but it's much
better than suddenly having no money in your account and no way to
pay your mortgage or rent, let alone your bills, isn't it?
Don't
use HTML Email.
Most
people, it seems, use HTML in their mail. I suppose that's because
they don't know why they shouldn't. But if you use text-only
in your email, for one thing, it can clue you in to a fake link like
I've described above. If you can't see
the links, you have no
chance at all
of spotting a fake. An HTML link to, say, Bank of America, can be
hidden behind the familiar logo. In other words, you click on what
appears
to be a genuine Bank of America logo . . . and it probably is . .
.genuine in that the Bad Guys downloaded it directly from the Bank of
America website. And yes, that's easy. I
can do it. (And I'm not even a hacker, I'm just a person with lots
of experience on the 'net who knows what's possible – though I
don't always know how
it's possible. But this time I do
know.)
HTML
email also carries a greater risk of virus. I won't go into the
technical details, because that's not what this series of articles is
about. Suffice it to say that HTML email is more dangerous in this
respect than text.
Other
reasons to not
use HTML email seem obvious to me, but
you may not know about them. Firstly, it's often slow. Why? It
requires more bandwidth. Now, this may not seem important to you
when you're on your high-powered desk-top, but if you're on Wifi, or
a mobile phone network, you might be able to see the difference.
Secondly, it often takes longer to appear than regular text, because
it takes longer to load. In other words, it just uses up resources
unnecessarily. Thirdly,
you may not have any problems composing
an email in HTML, but think about the recipients. Not everyone needs
or wants your email with fancy backgrounds and pretty colors.
(Personally I have my settings so that only text appears unless I
click to load the rest.) What's more, there are still a lot of email
apps that won't even read
HTML email.
In
the end, it's up to you whether or not to use and read HTML email,
but knowing that text email is less likely to be a security risk, I
hope you give this question some thought: do you even really NEED
anything more than text in your email?! Does it make that
much of a difference to you? If you can't answer an unequivocal,
″YES!″ to those questions, I strongly advise you to turn it off.
Another
thing that people – especially younger people who have grown up
with the internet and mobile phones – do that they should probably
be more careful about is giving out information. People simply
overshare information . . . about themselves, about their families .
. . about all kinds of things. Without going into great detail (that
might eventually become another article itself), let me just say here
that it would be wise, before you post something on Facebook or
Google Plus or even Path, before you Pin or Tweet or Share, and
especially
before you Snapchat (because just because you think
it will go away, doesn't mean it actually does)
. . . to ask yourself: do I really
want
to put this out their for all the world to see? Because on the
internet, that's what you're doing. Regardless of where you post or
how private you think it is, the rule of thumb is to never
post anything you wouldn't want on the front page of the New York
Times.
Once
again, it looks like this is running long. So tune in next week for
more about how your behavior can affect your security . . . and why
you should
be suspicious!