Our readers are a savvy bunch who aren't likely to be taken in by an online scam—but we've all got those friends and relatives we worry about. Here's our definitive guide to helping them stay safe online.
Photo from Futurama.
When training your loved ones how to keep themselves safe online, you should remind them of the rule your parents probably taught you: If it sounds too good to be true, it probably is. Using a little common sense goes a long way to realizing that you aren't going to suddenly win the Spanish National Lottery when you didn't even know you had a ticket. That said, here's a few tips that you should share with your less-than-savvy friends and family to help them avoid falling victim to an online scam.
Never, Ever Click a Link to Your Bank or Financial Institution From an Email
Legitimate banks or financial institutions like Paypal will never email you asking you to click a link to verify your information, reset your password, or login to view anything. You should simply create a browser bookmark to your bank, and when you receive an email, use the bookmark or type in the bank name manually into the address bar.
Combined with training your parents to look for the special lock icon in the address bar, this should prevent them from giving away their bank login.
Never Give Out Your Email Password
It's become a trend in "web 2.0" sites to ask people to invite your friends to join by entering your email address and password into their web site—but this is something you should always avoid. Not only will you most likely end up spamming all of your friends with invite requests, but some sites will keep that information and continue to spam your friends forever. Of course, that is secondary to the fact that all your password reset requests will go to your email address—so if the wrong people get your password, they can access your entire online life. You should simply never give that information out to anybody for any reason.
Use Strong Passwords (and Secret Questions)
If your password is as simple as your spouse's name, it won't even matter if you give your email password out, since it can be guessed easily by scammers or hackers trying to get in. You'll want to make sure to read our guide on how to choose and remember a strong password—but your security lesson doesn't stop there. The weak link in your email security is those secret questions and answers that most sites ask you to enter to help you reset your password. Even if your password is tough, often your secret question isn't—so you should make sure to protect your email account with strong secret questions.
Do Not Buy Anything from an Email You Didn't Ask For
The easiest way scammers get you is by dumping spam in your inbox for everything from cheap watches to fake male-enhancement products—which is not only going to be bogus but probably redundant. The easiest and simplest rule is to never buy anything from an email. Sure, you could probably make an exception for email newsletters from sites you trust, like Amazon, but remember—it's relatively easy for scammers to pretend they're Amazon, just like it's easy for them to pretend they're your bank. Just make sure that you aren't buying, or even clicking on, anything from an unsolicited email. (You can always go straight to Amazon and search for the product they're advertising.)
Watch Out for Job Postings That Look Too Good
If you're out of work or just looking for a way to make some extra cash on the side, you should be very careful about the jobs posted on online sites like Craigslist, because there are scammers lurking there as well. It's not that Craigslist isn't a great place to look for jobs, but you have to be careful. Those jobs that say you can "Make $25+ / hour working from home!" or "Mystery Shopper Needed!" and promise tons of money for almost no work—yeah, they are completely fake.
The biggest thing to avoid is anything involving Western Union, Moneygram, wire transfers, money orders, or dealings with any financial transaction. The scammers will ask you to deposit a check or money order and wire transfer the money back to them—and it's not until later that you find out it was a forgery. I personally know somebody who was scammed out of $12,000 this way.
Do Not Give Out Your Personal Info or Social Security Number
This should go without saying, but no legitimate site is going to ask you to enter your Social Security number unless you are applying for credit. You should be very careful not to divulge your personal information to anybody online. The same thing goes for sites that ask you to re-enter your personal information, even though in some cases, like your bank, they should already have that information.
Learn to Use a Modern Browser's Security Features
The latest versions of Firefox and Internet Explorer have enhanced support for checking certificates from trusted web sites—you can click on the lock icon to see all the information about the certificate.
In addition, the latest browser versions maintain a list of phishing and malware sites, and will warn you any time you try and access a known bad site. Internet Explorer makes checking the URL even easier by highlighting the root domain name so you can more easily detect a new phishing site.
Ignore Web Site Popups Saying You Have a Virus
Last Friday half of my day was wasted removing a malware called Advanced Virus Remover from somebody's PC because they clicked an ad that said they had a virus, and then installed the "recommended" software, which proceeded to hold their computer hostage. These "scareware" viruses are becoming commonplace, and there are so many different names that it's impossible to keep track of all of them.
The simple solution is to pick a single antivirus app for your loved ones and train them to know exactly which one they have installed. My mom's PC came pre-installed with Norton Antivirus, and I've trained her to ignore any other messages unless they come from Norton—and that if she isn't sure, she should click the X in the upper right-hand corner of the screen, or even just turn the PC off entirely and restart it. It's not a perfect solution, and I'd rather have her using Microsoft Security Essentials, but she's used to it now and it's a whole lot better than spending a day removing a scareware virus from her computer.
Aren't sure which antivirus to choose? You've chosen your five favorites, and we've explained the virtues of the free Microsoft Security Essentials, so the choice is up to you.
Now that you know how to help protect your parents from scammers, you should sit down and cover these points with them—or at the very least share this article with them. Was there something we forgot to include? Let us know in the comments.
The How-To Geek is tired of dealing with scammers and wishes the government would crack down on them more. His geeky articles can be found daily here on Lifehacker, How-To Geek, and Twitter.
Send an email to How-To Geek, the author of this post, at ybjryy@yvsrunpxre.pbzlowell@lifehacker.com
moc.rekcahefil@llewol.
Barnaby Jack showed a live demonstration of how he hacked two different Windows CE-based ATMs on stage during a talk this afternoon at the Black Hat security conference in Las Vegas. Jack was scheduled to give the talk a year ago, but it was canceled after an ATM vendor objected to his then-employer, Juniper Networks. This year, Jack switched jobs to IOActive. The ease with which he hacked the machines should be a wake-up call for banks.
Big enterprises that force their workers to change their access passwords on a regular basis, and adhere to complex rules when they do, might be their own worst enemy. At least 