While every day is a good day to take stock of what you’re doing to protect yourself, your family and your business online, Safer Internet Day is a good opportunity to stop and really think about some of the threats we all face and what to do about them. Here are a few tips:
Combat hard-to-detect spear phishing attacks
Cybercriminals are getting better at creating individually targeted emails or text and message app messages that pretend to be legitimate, often spoofing your friends and co-workers or businesses and organizations (like banks, retailers, government agencies) that you trust. Their goal is often to get you to visit fake websites that will harvest your log-in credentials and other personal information, transfer money, and/or deliver malware. Malicious messages might include attachments with documents that contain malware as well. And stolen data is often sold and used for things like identity theft and fraud. These attacks have gotten better and more personalized with the use of automated phishing tools and programs that cull social media networks and other places on the web where people post personal information. And with more people signing up for services like online shopping and banking during the pandemic, the opportunities for cybercriminals to take advantage of unsuspecting consumers are even greater.
Stopping spear phishing starts with being vigilant. Keep an eye out for warning signs like requests from managers or co-workers that seem out of the ordinary. Check for any details that just don’t add up. Always check the full email address to ensure a message is from a legitimate source, and delete it if it doesn’t look right; but also keep in mind that attackers can spoof email addresses if your domain doesn’t have the right protections (like DNS filtering). Check the domain on anything you click to ensure it really goes to the right place, and simply avoid clicking domains in correspondence. Sometimes it’s just better to type them in manually. Never download files from unfamiliar senders, skip the link in favor of manually typing in your intended destination, and when in doubt, forward the email to your IT or security department for closer inspection.
Use legitimate software and keep it up to date (even games)
Attackers are continuously looking for vulnerabilities in software to find ways into your devices and networks, so it’s important to regularly update your software with the latest patches and security updates – including games. In fact, one popular online game was recently shown to have a vulnerability that could allow an attacker to take over a gamer’s PC.
While the price tag of some games might make it tempting to download pirated versions for free, the risks are high. Attackers often try to lure victims with pirated software that contains embedded malware or a back door into their computers. Key crackers (which can be used to get around software license keys) can contain dangerous trojans. So, it’s not only ethical not to pirate software, but better to stick with software purchased from legitimate sources for security reasons too.
Adopt a password manager and implement MFA
Good password management is crucial to a safer Internet experience. Simple-to-guess and reused passwords make you more vulnerable to attackers. And it’s easy for cybercriminals to find troves of stolen usernames and passwords on the dark web and underground forums; there are now billions of usernames and passwords from various breaches, widely available, with millions added every day.
Using strong and unique passwords for each of your individual accounts will ensure that attackers can’t use one compromised credential to access multiple accounts. Use a password manager and multi-factor authentication (MFA) wherever possible (even with games). Password managers can help create strong, unique passwords for each and every one of your online accounts. MFA is now available for all kinds of online services, including on many large gaming platforms, with some even offering in-game rewards for players who choose to use it. Combining a good password manager with MFA across all your online accounts is the most effective way to prevent unauthorized access.