Be smart on the Internet. Learn some rules and tips for avoiding phishing attacks and downloading malware.
- [Instructor] Internet security comes down to one single issue: be smart. That's a tall order. Being smart is difficult even for smart people. That's because, unlike Vulcans, humans are emotional and we can be manipulated into doing things that aren't smart. Even IT professionals have done dumb things on the internet because they were too busy to be smart. It happens. To help you be smart, I offer three suggestions. Be wise with your online passwords.
Confirm that you're using the correct website and review all download options. Recently, a very prominent figure in the online community had his accounts hacked. Turns out this genius was using the same password on all his internet accounts. Again, I remind you that even professionals do dumb things. Various websites require you to configure an account and apply a password. The account name can be a unique username or your email address.
This inconsistency can get you into trouble. The account password must be a secured password and it should be unique for each site. This is a tall order, but it's necessary. The password must be complex. Don't use the word password or 123456, or any of these popular and lamentably common computer passwords. These are the first passwords that the bad guys try. This list was taken from the most frequently used passwords from the past year.
A good password is at least eight characters long. If the site requires numbers, uppercase, lowercase letters, symbols, spaces, then add them because well, they're required. But a complicated password isn't necessarily the best password. Mathematicians have shown that if you combine a string of words together, they prove more difficult to crack or guess than those other secure password techniques. Here are a few super complex passwords that are easy for a human to memorize, but difficult for a computer to guess.
Each consists of four words that normally don't go together, but which could be memorized. longfacekingvolcano, requiredlunchinfectiontomato, brokenelevatordogstomach, belovedturtlecoffeeintelligence. For even higher security, you can add a few little jots and tittles around these separate words. For example, a letter, 1long-face-King, and it's a capital King, volcano. You still have the words, but you spice 'em up a little bit with some extra characters that add even more security.
These can include exclamation points, spaces, underlines, throw in a capital here and there, add some numbers. You can still keep your words, but you add those symbols in there that are not too difficult to remember. It's not like those secure passwords that are generated that are just a bunch of gibberish. In this case, you just add a few more characters and your good passwords become the best passwords. Once you've created the password or updated an existing lame password, write it down. I'm serious. Note the website, write down your account name or email associated with the website.
Write down the password. Now, keep this list handy but not obvious. You could keep it on the computer, but print it out if you do, and hide it somewhere you can access it if you need to. A technique used by security experts is to hide in plain sight. So you write down your password in a book on a specific page. Out of context, no one knows what it means. The point is to remind you of the password in case you forget. Even when you know your account name and password, you want to ensure that you're entering it on the proper website.
Your goal is to avoid a phishing scam. Phishing, like the word fishing but with a PH instead of an F is a technique where the bad guys fool you into visiting a phony website where you willingly submit your account name and password, or even more secure information such as your social security number or a bank account info. It generally starts with an email or link on a bogus website. You're directed to the phony web page, which looks legitimate, but it isn't. In some cases, the web browser may alert you to known phishing sites.
If so, heed that warning. Do not proceed. Otherwise, the way to confirm that a website is legitimate is to check the web browser's address bar. The domain you see in the address bar must match the site you believe you're accessing. Further, if you're trying to log in to an account such as your bank, online shopping, or even LinkedIn, confirm that it's a secure website. You're looking for https, which is the Secure Hypertext Transfer Protocol. If you remain in doubt about the website, click the lock icon next to https to review the website's security.
The security certificate's summary confirms the website address. If so, you're good to proceed. If not, leave the site. Windows also offers a tool to help guard against phishing attacks. It's called SmartScreen. Press the Windows and x key combination to pop up the menu. Choose Control Panel. Below the System and Security heading, choose Review your computer's status. Expand the security area. Windows SmartScreen is on. It helps recognize bogus websites.
Choose Change settings. Ensure that the top item is chosen. Though this tool is active, you must remain diligent when you visit any website, especially if you arrive there by clicking a link in an email message. Finally, pay special attention when you download software from the internet. Be extra careful. First, ensure that you're on the proper website. You want the developer's own website if it's available. Second, when you download the software, carefully review all the options.
Specifically, you want to avoid any extra software such as web search helpers, shopping assistants, toolbars, and other items. These choices may be presented as optional checkboxes, some of which are pre-checked for you. While these options could present legitimate tools, all too often they're spyware. And once they're installed, they're impossible to remove. In fact, the courts have shown that installing such malware isn't illegal because you deliberately chose to download and install those items.
Therefore, don't be too quick to click the download button. First, review all the options. Uncheck boxes for items you don't want. And then make sure you click the right button. Some advertisers on these download websites use phony download buttons to trick you. Ensure that you're clicking on the right button, and that it isn't misleading and says something like download and install options. You might have to search for a skip button or check a box to confirm that you don't want the extra software.
Even then, you're not done. When you run the installation program, pay attention to the prompts. You may find more options to download online shopping helpers and toolbars and search engines. In fact, when I see such items presented by the installation program, I immediately close it and remove that file. I return to the internet to look for another copy of the program to download from another source. While these items are scary, the bottom line is to be smart. Read the screen and always be careful what you click.
- Fighting malware
- Using a firewall
- Backing up your PC
- Recovering files
- Restoring your system
- Configuring Windows Update
- Improving PC performance