If You’re Not Following These Rules, You’re an Easy Target for Scammers
We share a lot of personal information online, including credit card numbers and social security numbers—and scammers know how to take advantage of that. Outwit them with these tips for how to protect yourself from scams and hackers.
Stay ahead of the scammers
Unfortunately, Internet scams are rampant, and scammers use all sorts of tactics to wheedle information out of users who are just going about their business. Scammers are clever—but there are ways you can be even more clever. Outsmart scammers, boost your online security, and prevent them from targeting you with these steps and pieces of expert advice. Learn more about hackers with these cybersecurity secrets they don’t want you to know.
Beware of document files
You’ve probably heard this one before—it’s one of the most common tips for avoiding online scammers. Scammers often operate through emails, a tactic called phishing. They send emails that appear to be from legitimate senders but often contain links that open malware. And it’s not just links that they use; they’ll also attach files to their emails that likewise look legitimate but will install dangerous programs on your machine. “Once installed, these malicious programs can steal all your passwords and credit card numbers, send email to your contacts, spy through your webcam and microphone, or redirect online banking wire transfers to the criminal’s account,” says Randy Pargman, senior director of Binary Defense and former FBI senior computer scientist.
These files are most often Microsoft Word or Excel, and they contain macroinstructions (“macros”), patterns that input a certain sequence of information. They can be benign, but when scammers send them, they likely contain the malicious program. So to protect against them, “be sure your installation of Office is set to disable macros by default, and then be very wary of any document that asks you to click the ‘Enable Editing’ and ‘Enable Content’ button to allow macros to run,” Pargman advises. The IRS is warning that some scammers are using COVID-19 fears to entice people to click on dangerous files, labeling them things like “COVID-19.xls” or “Coronavirus alert.zip.”
Keep your home Internet router updated
Your router is the box from your Internet service provider that provides access to information from the Internet, and routers can be hacked just like computers or accounts can. “If [hackers] can control your router, the attackers can spy on or manipulate all of your unencrypted Internet traffic, including redirecting you to other websites, injecting advertisements into web pages, or using your home Internet connection to launch attacks against companies online, making it appear that the attack is coming from your house to disguise the attacker’s real location,” Pargman explains.
So how can you protect your router? Keep it updated. “Updating the router can be as simple as using your web browser to log on to the router’s web interface using the instructions printed on the side or bottom of the router, and clicking the ‘check for updates’ button,” Pargman says. He also says to make sure to change your new router’s administration password from the “default” password it comes with. Here’s how often you should be rebooting your router.
Check website addresses carefully
Unfortunately, a simple typo could make you a target for scammers. “For every popular website, there are dozens of misspellings of the website domain name that have been registered by scammers to catch anyone making a mistake while typing in the website address,” says Pargman. Known as “typo-squatting domains,” these fake sites will likely be filled with ads or even malware. Some might even disguise themselves as the real site to try to get you to type your password. “To be sure that you’re going to the right website, use browser bookmarks, search engine results, or double-check the address you typed in,” Pargman says. He says to beware of clicking on links you receive in emails, as just one altered letter could send you to a potentially dangerous site. Make sure you know these signs that shopping site is fake (and about to steal your money).
Use a virtual credit card
It’s incredibly easy—perhaps too easy—to just type your credit card information into the fields on websites. But Pargman warns that this can make it all too easy for your information to be stolen. “When shopping online…use a virtual credit card service to generate a one-time-use card number,” he suggests. “It charges to your main credit card and appears on your regular bill as normal, but if cyber-criminals steal that virtual card number, they can’t use it anywhere else to run up the bill on your charge account.” He says that you can get virtual credit cards from Citibank and Capital One if you’re a cardholder and that you can also get one from Privacy.com and Abine Blur (though you might have to pay).
Guard your personal information
Never respond to requests for personal or account information online (or over the phone). When your social security number is requested as an identifier, ask if you can provide alternate information. Watch out for convincing imitations of banks, card companies, charities, and government agencies. Use legitimate sources of contact information to verify requests for information, such as your financial institution’s official website or the telephone number listed on statements. Here’s more about why you should never give out your social security number over the phone.
If you fall prey to a scam, report it
If you’re a victim of online fraud, contact the authorities. You can file an online report with the Internet Crime Complaint Center (IC3)—a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance. Also, contact your local police to file a report. The more people who report such crimes, the more criminals are arrested. This is how to protect yourself online, but also know how to protect yourself over the phone. Don’t fall for these 10 common phone scams that could steal your money.
Stay up to date
Install anti-virus software on your computer and keep it updated. Use the latest version of your web browser. Install security patches and software updates as soon as they are ready to install. Here’s what can happen if you ignore those “update” warnings on your computer.
Don’t divulge your birth date, mother’s maiden name, pet’s name, or any other identifying information on social media websites such as Facebook, LinkedIn, or Twitter. This is how to protect yourself online in a very simple way: Go look through your profile now and delete any personal information that you find. That includes your phone number, which you shouldn’t share online, even in messages. “If criminals get a hold of your phone number, they can pull off a scam known as SIM jacking, in which they steal your number and intercept all of your communications,” warns Alex Hamerstone, GRC practice lead at TrustedSec. “And while it isn’t a new tip, make sure you aren’t sharing things online that would be useful when trying to figure out the answers to your password reset questions,” Hamerstone adds. You should also avoid these password mistakes that hackers hope you’ll make.
Beware of fake online sweepstakes and contests
All offers that require payment or private information before giving an award are bogus. Take the time to check out the validity of an offer. Ask for contact information from the sender and details about the company running the contest. Once you start asking a lot of questions and make it clear you won’t be pushed to make an immediate decision, most scammers will go away.
Make it difficult
Now that a vast number of people are working from home more than they used to, it’s opened up a whole new world of online vulnerability. “It is a pretty common tip to use a VPN when accessing your office resources from home, but everything from your xBox to your connected fridge can be a vulnerability for your network,” explains Hamerstone. He says that getting an inbound/outbound firewall will help protect your home computers from malware going in and your information from going out. “You should also avoid doing online banking over WiFi,” adds Hamerstone. “Use an ethernet connection, if possible.”
How to protect yourself online in another easy way? Your password. Use unique and hard-to-guess passwords. Don’t access secure websites using public Wi-Fi. You should also make sure you’re not making these common computer mistakes you should have stopped making.
Keep a close eye on your finances
Monitor your bank and credit card accounts weekly. Sign up for alerts to be sent to your mobile phone or e-mail. Monitor your credit and public information online to spot unauthorized activity. Free credit reports from each of the three major credit bureaus are available each year through annualcreditreport.com. Optional fee-based services offer more extensive monitoring of credit information, personal identity records, social security numbers, and online transactions. Next, get to the bottom of the most common online scams and how to avoid them.
Don’t believe the “work at home” hype
Thoroughly conduct a background check on the company offering the work-at-home position, making as many phone calls and Internet searches as you can. If in doubt, visit a local law enforcement office and ask their opinion. All offers to earn pay for re-shipping goods sent to your address are bogus. Tragically, some work-from-home scams not only enlist the individual to defraud others, but they also make an identity fraud victim out of the individual! Next, this is how long you should actually be keeping your credit card statements.