Friendly Advice on Privacy, Phishing, Scams and SPAM

Presented for the JCCCRA TechTalk: March 31, 2016, by Jonathan Bacon, Retired Educational Technologist

How do I avoid being the subject of identity theft? Use strong passwords Use a random generator for secure passwords Don’t reuse passwords Use two-step verification Don’t use security question answers that can

be Googled (fib about your first pet’s name or the elementary school you attended)

Delete registration emails that list passwords Install and keep virus protection up-to-date

What should I know about using passwords? Never use easy to guess passwords (e.g.,

password, 12345678, important dates, information about you that can be Googled, or old passwords)

Change your passwords at least every 6 months. If you suspect you’ve been hacked, change all

passwords now! Store all passwords safely (use a password vault

such as mSecure, Dashlane, LastPass, KeyChain) Use 2-Step verification, if available

Bad, Better and Best PasswordsBad Better Best12345 35jOnathan% r.295&^gHTpassword bpj1977@jc VJ(!0gk4%^12345678 sf2ut2bUadminjonathanjonathanbacon

The BEST passwords are random letters, numbers and special characters.

The BETTER passwords are based on personal information (that cannot be Googled) that has meaning for you (can be remembered) or based on an abbreviated sentence or phrase you’ll remember.

Many password vaults have the ability to generate random passwords and store for you so you do not need to memorize your passwords.

What can I do to protect myself from credit card fraud? Carry cards safely and only what you need When traveling, notify card company Possibly use one card for local and

another for online purchases Remove USPS mail from mailbox in timely

fashion Stop mail* when traveling or have

neighbor pickup Store, dispose of, shred statements

securely Review your account activity frequently Check for unexpected or inflated charges

and test charges When shopping online, use only encrypted

websites

How do I know if a site is secure and encrypted? Web address in browser starts with

https:// Closed padlock appears in your web

browser

Can’t a fake website just paste a padlock on the site? Click on padlock to

see additional detail Name of company Indication that “The

connection to the server is encrypted”

Indication that your connection is “private”

Important to Remember

Do not log into a site if it is not secure Do not log into a site if you feel it is a

fake, instead call the company directly Log out of any secure site when you are

finished

Note: Different web browsers have the padlock at different locations on the screen

What can I do to protect myself from credit card fraud? More…

When shopping online, try to use only trusted retailers (Amazon, big name retailers)

Even with trusted retailers, check that the web address is not spoofed (phishing sites, more later)

Conduct highly sensitive online activities (banking, purchasing) only at home using your personal computer or mobile device , if possible

Avoid making purchases on a public Wi-Fi connection or on a public computer

How can I be secure on a public WiFi network? Turn off sharing (i.e., network discovery or

stealth mode, file and printer sharing) Enable your firewall

Windows: Control Panel > System and Security > Windows Firewall

Mac: System Preferences > Security & Privacy > Firewall

Use HTTPS and SSL whenever possible Turn off WiFi when not using it Consider using a VPN (Virtual Private

Network) Create a Public WiFi profile if you routinely

use public WiFi (see http://goo.gl/E6AJqk)

What is phishing? Fraud where scammer pretends to be

legitimate person and trick you into revealing personal information Credit card information Social security numbers Passwords, PINs

Examples: Sends email pretending to be from your bank, a

vendor you know, a company you know Hosts a fake (spoofed) website Calls you on the phone, urgent message or warning

Curiosity killed your credit and privacy! What SPAM looks like “Don’t Miss Out!” “We_have_found_yOu_amazing_credit!” “

Should I answer when caller ID says “Unavailable” or “Unknown”?

May be telemarketer, spammer, phisher, scammer, wrong number Don’t answer Use voicemail as filter Google the number or

use reverse lookup app

Block the number, if necessary

Long lost friend, emergency call from someone you know (unknown number), doctor or bank that turns off caller ID Answer but be

prepared to hang-up without comment

What are the warning signs of phishing or a fake website? Uses incorrect URL

Fake: www.chase.com.jpb.com Real: www.chase.com

Asks for banking information Uses a public Internet account (i.e., from an

email account that is not from the institution)

Misspelled words Not a secure site Images on website are low resolution (fuzzy)

Bad habits that can hurt your privacy and credit! Opening email from strangers Failure to use strong passwords and change

them frequently (every 6 months) Clicking on strange-looking links (or links in

messages from friends with no other text) Accepting Facebook Friend requests from:

People you don’t know People who you’ve already friended

Failure to back up your data regularly Failure to educate all family members

(spouse, partner, children, grandchildren)

Good habits that protect against phishing and scamming

Use strong passwords (include upper and lowercase letters, numbers and special characters)

Use two-factor authentication when possible Do not click on links in messages from

unknown senders Use security software and keep it up to

date Norton/Symantec Kaspersky McAfee

What should I do if I suspect fraud? Concerning Income Tax Filing? Contact the

IRS at (800) 829-1040or (800) 829-4059 if hearing disabled

Notify all financial institutions Banks Credit Card Companies Lenders

Visit https://www.identitytheft.gov/

• I want to report identity theft• Someone else filed a tax return using my

information• My information was exposed to a data breach• Someone got my personal information or my

wallet, and I’m worried about identity theft• Something else

And if there’s time…

Questions?

Sources/Resources “Talk: Credit Card Safety Tips,” newsletter from

Mainstreet Credit Union, Johnson County Kansas.

“How to Avoid Having Your Google Account Hacked” http://goo.gl/3zCg9v

“The Best Password Managers for 2016,” PC Magazine, February 9, 2016, http://goo.gl/uBwhw

“How to Spot a Fake Website” http://goo.gl/fEh6PJ

“How to Stay Safe on Public Wi-Fi Networks” http://goo.gl/E6AJqk

Sources/Resources (more…) “Should you answer unknown phone

calls?” https://www.quora.com/Should-you-answer-unknown-phone-calls-Why-or-why-not

“PSA: Missed call from a mystery number?” http://techcrunch.com/2014/02/02/missed-call-scam/

“How to Spot a Fake Website and Not Get Phished” http://goo.gl/ZWXaKr

“5 Ways You Can Help Protect Yourself and Stay Secure Online” from the Norton Protection Blog https://goo.gl/iBK8B9

Sources/Resources (still more…) “What amateurs can learn from security

pros about staying safe online” http://goo.gl/FRWRZX

“Ransomware 101: What, How and Why” http://goo.gl/jrxgLR

Common sense and the shared experience of friends