The internet is a scary place. After witnessing friends and family suffer countless scams and cheating incidents, we have decided to compile a list of 10 tips to improve your internet safety. We are internet-age geeks and these are our best tips, so listen up.
This is going to be a long one, but we will be as comprehensive and exhaustive as we can. The target audience for this post is internet beginners, teenagers, parents and really anyone born before 1990. Read through everything, and you will be an internet safety expert in no time.
Here’s the cautionary tale that drove us to pen this post:
Jane met Kasem on OkCupid, an internet dating platform. Jane is based in Singapore and she recently broke up with her boyfriend. Kasem is a Caucasian from London and had the most handsome and suave profile picture. He was rich, and he worked as a banker. They immediately clicked and chatted non-stop for weeks online, and even had many Skype video calls with each other. Kasem’s webcam had an error so his video feed was never switched on during their video calls. Jane fell in love with him and Kasem professed his love for her.
Months passed and they were making plans to meet in Singapore. Kasem told Jane that he sent her a large gift package, with a Chanel bag and a diamond necklace, as well as £20,000 British pounds as a gift to her and to be used to pay for his hotel room when he arrived. Jane was overjoyed and waited anxiously for the package to arrive.
A few days later, Jane received a call from the courier to inform her that the package had arrived, but due to the large value of the items, she had to pay for the customs taxes upfront before delivery. Jane was given a bank account number to transfer the monies to. The customs taxes amount was S$3,500 and she happily forked it out, thinking that she would be able to offset the amount with monies from the gift.
After she transferred the S$3,500, she never heard from the courier or from Kasem again.
This is not a story, this is a real life event that recently happened to one of Sheryn’s friends (names of the parties have been changed). Initially, she was stubbornly adamant that Kasem was trustworthy and there was nothing fishy with the gift. Thankfully we managed to change the outcome by counselling her and urging her to call the police. If you have a friend in the same situation, show her this website, set up by the National Crime Prevention Council.
In 2015, there were 3,759 cases of online crimes, resulting in a loss to victims of S$18,120,000. Yes, more than S$18 million dollars.
Alright, now that we have got your attention, let’s proceed to our 10 tips to improve your internet safety.
1. Trust No One
This is a general rule that is not only useful online, but it is useful in real life as well. If you are suspicious of everyone and everything that you see online, and if you can assume from the outset that every internet event that happens to you has a deceptive character to it, you will reduce your chances of getting scammed.
When we say trust no one online, we really mean it.
Here is a modified account that happened when I was studying overseas:
I was in away for a year on a student exchange programme. One day, I was having an urgent financial emergency and needed my mum to transfer funds to me as soon as possible. They had increased the tuition fees and amount that had brought with me was insufficient and the deadline was today. I sent an email to my mum informing her of the urgency of my situation and requesting for S$10,000 immediately, giving her details of my bank account for her to transfer the monies to.
My mum was panicking and she immediately took half a day leave to go to the bank to transfer the monies to me. Suddenly, she received the usual weekly phone call from me and immediately asked me for more details about my financial situation over there.
Yes, I did not send that email to my mum. A fraudster spoofed my actual address to make it seem like I was really sending the email. He probably hacked the next-of-kin contact details from the university database that was breached a couple of days ago.
The other common spoofing technique is called phishing, where the fraudster sends an email that looks nearly identical to an email from your bank or financial institution such as PayPal. They will usually ask you to to change your password due to a security issue, and link you to a site that looks just like the your bank’s website, except it is a front that is used to harvest your password.
Do not trust anyone online, even your own family members. It might not even be them. Don’t believe emails asking you to change your password as well. If there is any doubt at all, make a phone call to check the details.
2. Don’t Be Greedy
This is also another general rule that is as much applicable to real life as it is to online life. A lot of real life scams prey on the greediness of people. The criminals have brought the same trick online as well.
If you’ve been online long enough you would definitely receive an email like this:
Attn: Winner.
Congratulations!
Your e-mail address attached to the Batch N0:P2/0056 with Serial number: 06/1055 drew, 25-04-07 [5] [11] [13] [17] [14] [48] [25], which subsequently won you a prize in the category “B”. You have therefore been approved to claim a total sum of £1,500,000.00 (One Million , Five Hundred Thousand Great British Pounds) in cash credited to file Ref N0: KPL/09-002/JA.
Please be advised as follows: To file for your claim, kindly contact our certified and accredited claims agent with the information below:
***********************************************
Name: Phil Smith
E-mail: [email protected]
Claims processing agent
For: The U.K National Lottery.
***********************************************
You are advised to provide him with the following
information:
Names:
Telephone/Fax number:
Nationality:
Age:
Occupation:
If you respond with the requested details, you can be prepared to have your identity stolen. After that, they will always ask for payment of an ‘administrative fee’ or ‘tax charges’ first before they release all the monies to you. They can ask for as little as S$1,000 or as much as S$100,000. Would you pay if you could receive the lottery winnings of £1,500,000?
While you can usually tell that an email is fraudulent from the abundance of grammar mistakes and the dodgy contact email address, sometimes it is not so simple. The fraudulent email can look really official and convincing, especially if you are someone who had recently bought a lottery ticket.
Don’t do it! Anything that purports to give you free money online is almost certainly a scam.
3. Do Not Click on Strange Links
This is the thing about links, if you’re running an outdated web browser or an operating system with the automatic updates disabled, or if you are simply unlucky enough to encounter one of those zero-day exploits – clicking on an innocuous link could result in getting your computer infected with a virus. This is the most common way that even the most careful internet users will get their computers infected with a virus.
Let’s run through some common scenarios where you will have malicious emails or websites trying to lure you to click on links:
- You receive an email from a friend or colleague that purports to be an electronic greeting card with an external link or some other interesting website that is designed to catch your attention. STOP! Hover your mouse over the link and have a look at the target address. If it even looks remotely suspicious, do not click on the link. This is the most common way that viruses are spread within internal office networks.
- You receive a message on Facebook from a close friend with a link to a site selling some cheap Ray-Ban sunglasses. STOP! Your friend’s account has most probably been hacked, and the link may contain some malicious code that could hijack your computer.
- You are trying to look for some torrents, free downloads, illegal software or keygens, and you see a link on Google that shows an unknown site with exactly what you want. STOP! There is a small chance here that this website contains malicious code that will install a virus on your computer when you simply click on that link.
- You receive an email from your bank informing you of a security breach and asking you to change your password. Or your bank could just be asking you to update your personal information and credit cards. STOP! This could very well be a phishing scam that is designed to look like an email from your bank. When you click on the link, you will be brought to a website that looks identical to your usual internet banking website. The criminal will be able to break into your bank accounts the moment you key in your login and password into this phoney website. The best and safest way to verify a request like this is to call your bank.
If anyone sends you a suspicious looking link to click, do not click on it.
4. Never Download Email Attachments
Of course there are times when you have to download email attachments. If your boss or colleague sends you work documents to discuss or edit, you have no choice but to download those. The threat here is often when you receive a non-work related email attachment, or an email that is deceptively designed to look like a work email but actually contains a malicious attachment.
For email attachments, the file extension is the most important. The file extension refers to the three letters at the end of file name. If the file extension has the following extensions, DO NOT DOWNLOAD OR OPEN THEM:
.bat .cpl .cmd .com .exe .hta .jar .js .msi .pif .reg .scr .vbs .wsf
Please note that this is a non-exhaustive list, so if you see a file extension that you have never seen before, you should play it safe and avoid downloading it.
Even your usual Microsoft Office files such as .doc, .xls and .ppt may contain malicious macros that may install a virus on your computer. The only defence to this particular threat is to have a good anti-virus installed with automatic scanning and real-time monitoring features.
5. Do Not Respond to Messages or Emails from Strangers
You may suddenly get a random email from a stranger or a message from a random person on Facebook with this really pretty or handsome profile picture. If the two of you share absolutely no mutual friends at all, this should be a major red flag. Chances are that person has approached you for one of the following nefarious purposes:
- To get more information about you to pull off a con job in real life, to steal your identity or to crack your password security questions.
- To get you to purchase a product or service with your credit card details, and you can imagine what happens next.
- To pull off a love scam on you, as we detailed in our opening cautionary tail at the beginning of this post.
- To ask for your help to receive a large amount of money on his behalf, with you keeping a small percentage that could be thousands of dollars. This is usually a money laundering scam.
- To seduce you and to get you on a video chat. The pretty girl will be secretly recording you while you expose yourself in compromising positions. The next is blackmail and what we call cyber extortion.
This list is not exhaustive, but we’re sure that you get the idea by now. Just ignore all emails and messages on social media platforms from strangers and you will be on your way to enhancing your internet safety.
6. Pay Attention to Grammar and Formatting
So criminals generally have bad grammar. Just a few days ago we received a message to our Facebook page that looked like an official notice informing us that our page was going to be suspended:
Dear Facebook user,
We have reviewed the suspension of your Page. After reviewing your page activity, it was determined that you were in violation of our Terms of Service. We have provided a warning to you via email, but you have not responded to our notification. Therefore, your account might be permanently suspended.
If you think this is a mistake, please verify your account on the link below. This would indicate that your Page does not have a violate our Terms of Service. We will immediately review your account activity, and we will keep in touch.
Verify your ac count at the link below:
==============================
Link Removed
==============================
When we received this notification on our Facebook mobile app, it looked really legit and we were a bit shocked. However, criminals always leave traces of poor grammar. There are many things to be picked on in that example above, but the most obvious is in the sentence “This would indicate that your page does not have a violate our Terms of Service.” 90% of the time, even the best scams have at least one grammatical error somewhere in the message or email. If it is legit, you should expect zero grammar errors.
Interestingly this check works for real world counterfeit products as well. If counterfeiters have to copy large chunks of text, they generally make grammar mistakes.
7. Install a Free Anti-Virus Program
This is a must for all internet users. Install a reliable and free anti-virus software and keep it active and updated. Here are protection tests from two of the most reputable antivirus testing organisations:
http://chart.av-comparatives.org/chart1.php
http://www.av-test.org/en/antivirus
After taking into account the protection tests as well as the resource usage tests here and here, our top pick is Avast Free Antivirus. And no, they are not paying us to say this. So uninstall whatever bundled antivirus that you’re using now (those are usually bloated and lousy), and get Avast.
A good antivirus has real-time protection. This means that it monitors all actions on your computer, and automatically deletes a malicious attachment that is downloaded. It also blocks infected websites from messing with your computer. That said, all antivirus software has failure rates, and they are always vulnerable to zero-day exploits.
If you do not use a good, updated antivirus, your passwords can be easily accessed by hackers. An infected site could install a keylogger on your computer, and every password that you type would be recorded and sent to the hacker.
8. Beware of Masked Links
Always always hover over a supposed link to check the true destination. On hover, the true destination will appear at the bottom of your web browser. If there is a discrepancy between the displayed link and the destination link this is a large red flag.
Beware of masked links. Once in a while, the high level scammer will be able to mask the true destination of the link, even if you hover over it. A good example is the very familiar Google search results, which show the ultimate destination link when you hover over them. However, try right clicking and copying the link address of a Google search result, and you will see something very different. Thankfully we have almost never seen scammers being able to do this, but it doesn’t hurt to be cautious.
Do not visit dodgy links. For example, scammers may try to spoof well known websites, by changing a character or two in the domain – e.g. gooogle.com. Such websites are almost certainly filled with scams and viruses.
9. Use a Very Strong Password
Are you using a common password? Check out the most recent list of the 25 most common passwords. Hackers can easily break in to your account if you are using one of those passwords.
We recommend the latest security breakthrough which is the use of passphrases. This method is much easier to remember and provides a higher level of security. Basically this involves using four common random words as your password – these words must not mean anything to anyone else, but it must have some meaning to you. To use Lifehacker’s example, “NissanAltima” is a proper noun that is easily guessed, but “My03AltimaGorgeousIsBlue” will be much harder to guess. There’s a passphrase generator by xkcd that you could use. Mix in some intentional typos, misspellings and special characters, and you’re good to go. For example, “KnoScoreMoonS*pirit” will be extremely difficult to crack using brute force attacks.
Do not use the same password everywhere. Often times when a website is compromised, the hacker will obtain the credentials and passwords of all its users, thus exposing your password. This should be common sense but people still do it because they have trouble remembering passwords. This is what I do to overcome poor memory:
- Use two or three base passwords.
- For websites that have nothing secure or important and you don’t mind losing the account, you can use your common weak password.
- For websites that you care about, use a strong passphrase. Each website should have a different password, so add minor changes to your passphrase for each website depending on the website’s characteristics.
- For websites that are absolutely secure with sensitive information – such as your main email account or bank website – use a different and stronger passphrase with significant changes for each website, such that it is impossible to deduce the password to your first bank should your second bank’s password be compromised.
Remember, strong passphrases together with a reliable updated antivirus are the most important things to do and you would have significantly improved your internet safety.
10. Avoid Dodgy Websites
There are a few categories of dodgy websites – fake controversial news websites, scam websites that are misspellings of well known websites, websites that purport to offer free illegal software and downloads.
Fake controversial news websites. I hate these the most because I have a family member who always falls for them. They post some controversial fake news, and it goes viral, especially amongst the senior citizens and elderly, and soon you get to hear about the ‘news’ during dinner. The fraudsters do this to attract eyeballs to their website, thus earning advertising revenue. If a piece of controversial and amazing news is not covered on large mainstream news websites, it is probably fake.
Misspellings of well known websites. These are often included in email or message links trying to convince you to go to a known website to update your password details. Always scrutinise the final destination of the link by hovering over it before clicking on it. If it is a misspelling, DO NOT CLICK!
Websites that offer free illegal software and downloads. Well, websites that can get away with illegal activity are likely to be able to get away with hosting malware on their sites as well. Use these at your own risk.
Final Thoughts – 10 Tips to Improving Your Internet Safety
Well, we hope this post has been able to save someone the grief of getting their account information stolen or getting an antivirus loaded on their computer. We trust that internet safety should not be a problem for you anymore. To summarise our 10 tips to improving your internet safety:
- Trust No One
- Don’t Be Greedy
- Do Not Click On Strange Links
- Never Download Email Attachments
- Do Not Respond to Messages or Emails from Strangers
- Pay Attention to Grammar and Formatting
- Install a Free Anti-Virus Program
- Beware of Masked Links
- Use a Very Strong Password
- Avoid Dodgy Websites
For more articles like these remember to like our Facebook page!
Be the First to Comment!