Eight simple tricks to keep hackers away
On the first day of Christmas, a hacker said to me … I stole your i-den-ti-tee.
I know you’re thinking — really, tech guy? But there’s a real Grinch prowling your phone and computer this holiday season: cyberthieves after your money, your passwords and your personal data.
I’ve got some advice to keep hackers from ruining your Christmas.
Hackers mostly want money, so the shopping season is big business. Security firm Carbon Black says there was a 58 percent increase in attempted cyberattacks on its corporate clients during the 2017 holiday shopping season compared to the rest of the year.
So what should you do? Here are eight pretty simple rules I learned from security pros that are especially useful now, but work all year.
The No. 1 way hackers get to you and your family is through phishing scams. These are emails or messages that pretend to be from someone legitimate, but actually are trying to trick you into handing over information like a password.
But what if that email has a deal you want, or a bank alert you need to check out? You still don’t need to click on the email. Pull up your web browser and type in the related website directly. Or open your bank or the retailer’s trusted app on your phone.
Paying with one of these newer services keeps your credit card number out of the hands of merchants. So when a merchant eventually gets hacked, it can’t leak your 16-digit account number.
How does this work? PayPal and Apple Pay use an extra layer of security called tokenization that makes sure the bill gets paid, but generates a one-time-only code to do so. You’re still paying through a credit card that you’ve enrolled with PayPal or Apple, but your information stays more private.
If you’re shopping on a site you don’t frequent, use “guest” checkout instead of setting up an account. The less information you share, the better.
But if you have no choice, don’t use a password you’ve used elsewhere. When a site gets hacked, the bad guys scoop up names, emails and passwords. So if you’re using the same password for an unimportant website as, say, your bank — you could get in big trouble.
Your password may already be floating around out there and up for grabs. The website haveibeenpwned.com lists the ones we know about. (Go and check yours: It is a real nightmare before Christmas.)
Okay, but how are you supposed to keep track of different passwords for all these different sites? You can’t, which is why I recommend using a password manager program. (Here are my favorite ones.) It’s a little annoying at first, but eventually you’ll wonder how you ever managed without one. Amazon isn’t the only company that sells stuff on Amazon. Half of the merchandise sold there these days is from third-party sellers, who are supposed to run everything through Amazon. So if a merchant ever asks you to email them directly, pay through some other channel or use gift cards, just say no and contact Amazon customer service.
They’re no guarantees of quality. Some merchants pay for fake reviews that boost their rankings in Amazon’s search listings. Others may beg customers to take down bad reviews — it happened to a colleague last week. (Both violate Amazon’s rules.)
Amazon polices its store for fraud, but merchants set their own return policies. Even when they’re legitimate, online ratings don’t necessarily communicate what you think. What’s “average” isn’t three stars — it’s usually closer to 4.3 stars. The most important information is the total number of reviews, and the honesty of what you read in the good and the bad reviews.
That way, you’ll know every time a purchase goes through — and you can leap into action if it wasn’t your charge.
Every bank does this slightly differently so check with yours to see how it handles it.
Public WiFi is just that: public. Hackers who want to snoop on your laptop or phone can do so with relative ease if you join one of those networks. You’re more protected if you use a virtual private network, or VPN, which encrypts all the data coming in and out of your device.
The lock icon that appears in your browser’s address bar means that a site is encrypted, so prying eyes on the open Internet can’t easily see the data going back and forth. Using encryption is a best practice for all sorts of sites, but it’s critical on any site that has your sensitive personal information.
Unfortunately, the lock isn’t a guarantee that a retailer is legitimate. Lately, fraudulent sites have also started using encryption in the hopes of duping us into trusting them.