Posted 10/18/2012 Updated 10/18/2012
by 1st Lt. Sean Harcourt
55th Communications Squadron
10/18/2012 - OFFUTT AIR FORCE BASE, Neb. -- The Internet is a facet of daily life. From social interaction, to travel plans, to banking and more, pieces of our lives that used to be done on paper are being performed digitally. This opens a lot of conveniences but it also makes everyone participating more susceptible to cyber-attacks. This article contains some advice and tips that you can use to protect yourself when conducting business or social interaction online.
I'm sure you've seen the tips that say to use a different and complex password for every site. While this is certainly the best advice, most people find it quite cumbersome and unrealistic depending on the number of accounts you may have with various companies. If you are going to make compromises between security and convenience, make them intelligently and carefully. For example, using the same password for multiple sites of the same type might be acceptable in some cases. For example, using the same password for Overstock.com and Amazon.com is not a bad idea, as even if that password is compromised it doesn't allow someone to do a lot by itself. The one password you never want to use more than once, and should be your most secure password, is your e-mail password. Consider your e-mail password the golden key that unlocks all the doors. If someone can break into your e-mail, they can simply use the "I forgot my password" option on almost any site and subsequently lock you out of your own accounts or worse. You may think to yourself "but even those password recovery systems usually ask a personal question, how would they answer that?" That is where social networking safety comes into play.
Social networking is a huge industry today. Facebook is estimated to currently have 500 million active users and Twitter is projected to have 250 million active users by the end of the year. All those users and activity is looked at as a treasure trove of personal information ripe for exploitation by criminals. Much of what you can do online to protect yourself is a logical extension of what you do to protect yourself in a physical manner on a daily basis. For example, most people don't like it when others they may not know very well show up uninvited. So why would you send a Facebook friend request to someone you barely know without sending them a message? This helps assure them that you are not an unknown adversary simply looking for an easy way to view more personal information. Some people just accept every friend request they get, with no thought as to who or what they are exposing themselves, they could even be a potential employer looking to see the pictures you only show to friends.
That leads to the next tip, limit the information you show. Some of this is personal preference, for example you may or may not want to display things like where you work, political affiliations, etc. But you definitely want to avoid posting, even to friends, things like your e-mail address and phone number. These can be used to initiate spear phishing, targeting information gathering, attacks against you from seemingly legitimate sources. Even listing out your favorite books and movies for example should be avoided. Remember those security questions for reclaiming a password? They often ask you questions oriented around "What is your favorite XYZ" or "What was your first XYZ". Social networking sites can make answering these questions relatively easy if you leave enough clues for others to find.
Some other quick tips for safe social networking are:
- Know how to use your privacy settings. Periodically view your profile as a user that is not signed in so you can see what is exposed.
- Be careful about the specifics you post, especially in regards to loved ones and children. You don't want to be revealing information that can be used to potentially trick a child into trusting a stranger.
- Be mindful of the photos you post and the ones in which you are tagged. Employers surfing social networks is becoming common practice and it may not be the best idea to make the pictures of that awesome weekend available.
- Be mindful of posting photos of your children on sites that are open to the public; especially if they indicate your geographic location. Child predators can use this information to trick children into thinking they are a family friend.
Online banking is a great convenience these days. William "Willie the Actor" Sutton is famous for supposedly having said, when asked why he robbed banks, "Because that's where the money is." This common sense approach to crime also makes online banking a potentially lucrative avenue of income for criminals. When it comes to online banking, you really need to approach security from every aspect.
Our articles previously this month this discussed the importance of using trusted wireless networks and e-mail security. Both of these apply to online banking to stay safe but there are other tips you need to follow as well. First and foremost, when browsing to any website with a login, once you are logged in look for "https" as the first thing in the URL web address. Seeing this is only a first step, as it signifies that your data is being encrypted as it's transferred so it cannot be easily intercepted and read. Some other simple tips are to not check your banking information on untrusted systems, like a system at a public library or even at a friend's house. You also want to avoid checking your banking information, or even your e-mail, on a trusted system in a public place. For example checking your banking information on your own personal laptop at an airport or coffee house is not advised as not only are you going to be on a public, unencrypted network, but it also allows passersby to "shoulder-surf" and see not just the information on screen but potentially capture your passwords by watching what you type. With the capabilities available in mobile phones, one could discretely record your keyboard as you type and play it back slowly later to capture even the most complex of passwords.
Some final quick tips for online banking:
- Never give out your password, account, Social Security, or PIN numbers via e-mail. Legitimate inquires for any of this info will come either over the phone (make sure you place the phone call, don't give this information in phone calls you receive) or through web forms on the website of the banking institution.
- Be wary of copycat sites. It is not difficult to make a website look legitimate. Make sure the URL web address matches that of the institution you are accessing.
- Log out of your account every time you are done using it.
- Check your bank statements often. Don't wait for the paper statement to find out your account is compromised, by checking your account balances daily or at least weekly you will be able to spot abnormal changes much faster and potentially prevent abuse.
Many of the tips for staying safe while shopping online are similar to the tips for safe online banking. One difference is when shopping you are looking for deals and bargains. Be wary of the tried and true phrase "if it looks too good to be true, it probably is." Things like offers for free items with purchases and the like are usually scams and can be used to capture your account information.
One tip that can really save your finances if compromised is to use credit cards instead of debit cards. Credits cards are just that, credit. You have a maximum limit that can be drawn and the rules on refuting purchases made with credit cards are often somewhat less restrictive than those for debit cards. As debit cards are a direct link to your account, using your debit card to make online purchases can result in a quickly drained bank account if your shopping account is compromised. In conjunction with this practice, it is also best to use only one credit card for all your online shopping needs, as it limits your exposure if compromised better than having multiple credit cards that can be accessed. You can also consider purchasing gift cards at a local store for use on a particular internet site.
The same quick tips for online banking apply to online shopping. There is also no reason you would ever need to provide your Social Security number for online shopping. Another online shopping scam is auctioning empty gift cards from eBay. If you are going to purchase a gift card for someone from online, make sure to buy it directly from the source company.
No security is foolproof and all of it may be compromised if a perpetrator is persistent enough. The best thing you can do to protect yourself is employ multiple layers and methods of security to make it as difficult as possible. Criminals like to go after the easiest prey, so if you make yourself a difficult target they will typically give up fast and move on. If you would like to learn more about how to protect yourself online you can check out these links: