Read more on our CenturyLink security blog.
Online security can be an intimidating subject for many. However, there are some basic, easy steps you can take to increase your level of online security. CenturyLink has combed the Internet in order to bring you the most helpful online security tips, tricks and practices. In addition to these helpful articles, we will blog about Internet security topics, the latest threats and what you can do to increase your Internet security. Be sure to check back often.The Internet has become an integral part of our daily lives. On any given day, we tweet, friend, email, search, share, watch YouTube or post updates. The Internet offers great opportunities to learn, explore and to expand our horizons. However, just as it isn’t wise to drive without a seatbelt, skateboard without a helmet or play football without pads, it is not wise to go online without protecting yourself in some way.The Internet has become an integral part of our daily lives. On any given day, we tweet, friend, email, search, share, watch YouTube or post updates. The Internet offers great opportunities to learn, explore and to expand our horizons. However, just as it isn’t wise to drive without a seatbelt, skateboard without a helmet or play football without pads, it is not wise to go online without protecting yourself in some way.
Good online security starts offline
Don’t give out your personal information over the phone unless you initiated the call. Gathering personal information using leading questions is a favorite technique of identity thieves.Identity theft has become so prevalent that entire industries and services have emerged to detect, prevent, and resolve its consequences. Identity theft can cause denial of credit, loss of jobs, and arrest for crimes committed by others. The process of cleaning up after identity theft is often frustrating, time consuming, and costly. We offer a few tips to help you prevent identity theft:
- Never carry your Social Security card. Once someone has your Social Security number, they have a crucial piece of your personal information needed to steal your identity.
- Keep track of your credit or debit card receipts as they often contain partial account numbers and other identifying information.
- Shred sensitive documents rather than simply throwing them away. Dumpster diving is a low-tech technique that can yield enough information to open fraudulent accounts.
- Know when you typically receive credit, debit, or store charge card billing statements as thieves will try to intercept them from your mailbox. Once they have access, they can begin to aggregate enough information to open other lines of credit.
- Take advantage of free annual credit reports. Monitoring your credit report may be the only way you can see evidence of a new line of credit, loan, or credit card that has been opened in your name. When thieves take over your identity, they often redirect statements to their addresses to avoid detection. By law, you have access to one free credit report each year from Equifax, Experian, and TransUnion at www.annualcreditreport.com.
- The three credit bureaus have marketing lists for credit cards and other offers. You can request to be removed from those lists, which limits the number of offers you receive and the volume of offers that could be stolen from your mail or trash.
Going phishing – hook, line and sinker
Banking informationPhishing is one of the fastest growing forms of Internet fraud. It is a criminal activity that uses e-mail or instant messaging to acquire personal information, including your:
- Social Security number
- User IDs
The concept behind phishing involves leveraging a trusted relationship between you and a familiar business in order to lure you into revealing sensitive information. An e-mail message may include text urgently asking you to "verify your account" or "confirm billing information," but actually contains malicious links to another website. Once you have clicked on the link or supplied personal information, the phisher has access to your accounts. Once the phisher has access to this information, your chances of becoming a victim of identity theft triple.
We have included a link to a quiz to help you identify future phishing attempts: Take a phishing quiz (Dell SonicWALL Phishing IQ Test Copyright 2012 Dell SonicWALL, Inc.)
Tips to avoid phishing scams
- Avoid responding to spam asking for personal information.
- Be wary of e-mails that contain links to websites.
- Never fill out a form in an e-mail asking for personal information.
- Only use secure online websites for online transactions. Secure websites include a picture of a lock near the url (insert image here).
- Promptly review bank statements and credit card statements for accuracy of charges.
- Make sure you review your credit report on a yearly basis – if not more often.
Spam – not just meat in a can
Some spam does make it through our protective measures. You can help prevent further spread by reporting all spam. Forward the suspicious e-mail to firstname.lastname@example.org, which enables us to see the source (i.e., IP address) of the e-mail. With this information, we can work with Internet service providers to block the mail and take additional security precautions.
Password…is not a good password
We live in a password-driven world. Passwords protect our finances, e-mail, computers, and even mobile devices. However, in the name of simplicity, we often choose either weak passwords or use the same passwords for every site we visit. This may be convenient, but it also opens us up to being hacked. Once a hacker has a single password, they have access to every site you visit. Above and beyond using different passwords for each site, there are a few simple rules to follow for creating a strong password:
- Passwords should be at least 10-12 characters in length and should not contain words found in the dictionary. A common password mistake is to replace letters in common words with numbers, such as substituting a zero for an “o” or the number three for an “e.”
- A good way to create strong passwords is to use the first letter in each word of a phrase you can easily remember. For example: I love to have my mother watch the kids for the weekend! The password could be: 1lthmmwtkftW!
This is a very strong password that someone can remember by repeating the phrase. It is important to have both upper and lower case letters along with numbers and symbols for a strong password.
Social engineering – they know what you’re thinking
Social engineering is the practice of manipulating people to obtain confidential information to commit fraud. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information. They will collect basic pieces of information and then use these seemingly insignificant pieces of data to appear "credible." This allows them to gather increasingly substantial information.
Recognizing the characteristics
Be aware of the methods used for social engineering:
- Phone solicitation: caller fakes a survey to collect information.
- Phishing: e-mails seeking information or validation of e-mail address.
- Spam: e-mails that contain malicious software, such as worms or viruses.
- Dumpster diving: thieves looking for sensitive information in the trash.
Recognizing the signs
Here are some signs that you may have a social engineer on the phone. The caller:
- Refuses to give their contact information.
- Rushes you for quicker responses.
- Intimidates you.
- Speaks in a muffled or difficult-to-understand voice.
What do I do?
If you suspect that you have a social engineer on the phone, hang up without offering personal information. Call the company’s corporate headquarters and ask to speak to a supervisor to try and verify that the person who called you is, in fact, a representative of the company.
Suspicious and malicious - what is malware?
Malware, the term for "malicious software," is a collective term used to describe a program or file that can harm a computer, mobile device, or network. Malware can take on several forms, including viruses, worms, Trojan horses, and spyware.
Malware attacks are becoming more and more sophisticated. Malware originally appeared within e-mails, but has since morphed into other forms such as popping up within images, video clips, and even media players. Identity thieves continue to evolve and change their tactics as quickly as the public is educated by security companies and Internet providers.
What does malware do?
A malware infection can damage computers, facilitate identity theft, and cause the loss of important files and information. Here are a few examples of malware’s impact:
- Spreads infections to your friends or coworkers.
- Embeds keystroke trackers to allow your passwords, user ID, credit card, and other financial information to be captured.
- Tracks information about the Web pages you visit, your favorite shopping sites, and more.
- Creates a digital trail to you for crimes someone else commits.
- Uses your computer to store or distribute illegal, stolen, pirated, or illicit files.
- Copies files from your computer in order to file false tax returns, or to apply for loans or credit cards.
How do I defend against malware?
Protecting your system against malicious software requires a layered approach to security. There is no single tool that will reliably block all malware attacks. Here are some basic security practices that you can use to minimize malware attacks:
- Obtain antivirus software and keep it running and updated at least weekly. Many software programs can be set to automatically update.
- Make sure to apply system patches offered by your operating system manufacturer as soon as they are released.
- Never reveal your user ID and password - keep them confidential.
- Do not open e-mail attachments from an unknown source.
- Do not download or install unfamiliar software.
- Learn to recognize signs of a virus infection, such as slow computer performance, system crashes, bounced e-mail, and anti-virus warnings.
- Do not forward virus warnings to your friends and coworkers.
Protecting your laptop, smart phone or iPad
The popularity of laptops, smart phones, iPads, or other mobile devices make them desired targets for criminals. Mobile device theft occurs every day and the impact goes beyond the physical loss of the device. People often forget about the personal and financial data stored on the device, or the passwords that automatically log into shopping and banking sites. Here are a few tips to help you keep track of your mobile device:
- Never leave mobile devices in plain view inside vehicles. If a device must be left in a vehicle, place it in the trunk or in a locked storage compartment.
· Never leave mobile devices unattended in public locations, such as hotels, conference centers, airports, or restaurants.
· Carry your laptop in a non-descript case, rather than a purpose-made case. This way, your bag won't scream, "Hey, I'm a laptop, steal me!"
· Place identification on the device for easy visual identification. For example, affix a business card or create an ID label.
· At home, store mobile devices out of sight when not in use.
· Do not set your laptop, iPad, or other mobile device on the floor – it’s easy to forget your device when you walk away.
· Avoid taping your password to your device or tucking it into the case.
Wi-Fi: convenient, but at what cost?
Wi-Fi is popping up everywhere these days – coffee shops, fast food spots, and airports. Wi-Fi, sometimes referred to as a “hot spot,” allows almost constant access to the Internet without the use of cellular networks or tapping into monthly data allowances. Wi-Fi is convenient, but is it dangerous?
But it’s free. How could it be dangerous?
Connecting to a Wi-Fi hot spot can invite unauthorized access because the wireless network may utilize unencrypted, insecure connections. This could allow anyone nearby to snoop on everything you do online and steal your personal information. This could include your user ID, passwords, or personally sensitive information. In addition, connecting to Wi-Fi may be a trap to use your device to infect other devices or networks. Here are some tips for secure use of Wi-Fi:
- Do not automatically connect to Wi-Fi as this setting does not give you proper time to verify that the hotspot is legitimate.
- Use different passwords for different sites. In the event your password is stolen, this approach avoids compromising all of your accounts and logins for sites you visit.
- Disable the sharing features for printers, remote login options, and access to iTunes or other music services. Access to these functions can create an entry point for access to more sensitive information.
- Make sure your desktop or personal firewall is turned on to help catch basic attacks and attempts to infiltrate your device.
- Update your anti-virus software to help detect efforts to gain access to your device, accounts, or systems.
Oh, no, I’ve been hacked
Sooner or later, your device, e-mail, online account, or social media account is likely to be hacked. If you are a victim of hacking, what should you do next? Here are a few tips to consider taking after you learn that you have been hacked in order to protect yourself as much as possible:
- Make sure to change the password on the account that was hacked and change passwords on other accounts that use the same password. Changing usernames is an added security step.
- Consider signing up for a credit monitoring service to create an added layer of vigilance.
- Review credit card statements for any unusual or unauthorized charges, no matter how small. In addition, be sure to let your bank’s fraud department know that your information may have been compromised.
- Contact credit reporting agencies to freeze your credit. This will proactively stop new accounts from being opened in your name, as the credit worthiness of new accounts cannot be determined.
You’re virtually safe – online safety in the social media world
On any given day, most people “check in,” post status updates, tweet, or upload a picture on a social media platform. Most people use multiple social media sites to stay in touch with friends, family, and acquaintances. However, sharing too much information can create a real risk.
We have included a quick list of tips and tricks to increase your social media safety:
- Avoid sharing personal information. Posting your home address and pictures of where you live can open you up to real-world danger when you go on vacation. Sharing information, such as your birthday or phone number, can give people pieces of information used for identity theft.
- Don’t randomly accept a friend request just because it’s there. Identity theft often starts with collection of personal information. A popular tactic is to set up fake online profiles and “friend” people in order to gather personal information from potential victims.
- Consider limiting the frequency of checking in everywhere you go. Check-ins not only allow your friends to know where you are, but others as well. Frequent check-ins may expose you to being robbed, enable people to stalk you, or worse.
- Review apps carefully before you download them. It has become popular to create fake apps in order to gain personal information from users or to install malicious software on your device.
- Check your privacy settings to ensure you are not over-sharing personal information. Privacy settings help you better manage your online image.
Four ways to protect your data
Physically losing your smartphone, laptop, iPad, or other mobile device is never fun, but what about the information on those devices? What can you do to protect your information and to get back to “normal” again? Here are some tips that may help you protect your digital identity, data, and files.
- You are a target. Hacking, distributed denial-of-service (DDoS) attacks and other approaches are becoming part of the Internet. It seems as if a new type of attack or data breach is found every week. In order to help protect yourself, be sure to back up your data. There are a number of services that automatically back up your data. If you prefer a solution with a one-time cost, an external standalone hard drive may be the best option. Storage capacity of hard drives is increasing and the costs are decreasing.
- Entry points for malicious attacks are everywhere. Gaming systems, apps, and many games on mobile devices are utilizing “always on” Internet connections. This constant connection to the Internet creates a potential access point to your personal data. Anti-virus software, firewalls, passwords, and data encryption should be used whenever offered on any device.
- You get what you pay for. Make sure that the security software you purchase includes all applicable security options. Review the features and functions of your anti-virus software. Make sure it keeps you safe from viruses, worms, malware, Trojans, risky e-mails, and problematic websites.
- Encryption is the key. Many people encrypt their laptops and desktops but forget a key area of vulnerability – thumb drives. Thumb drives, often called USB sticks or flash drives, should be encrypted so that the data on them cannot be accessed if they are lost. These small devices are easily lost and easily stolen.
Danger, Will Robinson
Be leery about trying to get something for free. If it sounds too good to be true, then it probably is. Entering your information into online forms or sending information via e-mail is one of the oldest tricks in the book to gain access to your personal information.There are many lists of dangerous online activities on the Internet. We have included some of the best tips here from those lists to avoid the potential security pitfalls of online activity.
- Don’t disable automatic security tools to speed up online searches and page loads. These tools are in place for a reason – turning them off can lead to malware infections.
- Avoid using the “keep me logged on” option on web sites. This “convenience feature” is great if you are at home, but a potential security issue if you are logging on from a public computer.
- Don’t ignore automatic updates. These updates fix vulnerabilities that hackers use to access your system.
- Never open e-mails from people you don’t know, or click on attachments or URL links (a website address). This is a tried and true method for delivering malware.
- Avoid searching for celebrity gossip. Malware authors know that people naturally gravitate toward gossip and plan new attacks specifically targeting people looking for gossip.
- Avoid file-sharing sites dealing with copyrighted material. They can open you up to potential hacker targeting.
- Don’t do online gaming. Many of these sites sneak adware onto your PC, and some are fronts for identity theft rings.
- Set your Facebook privacy settings so they are not “open.” If you enter your birthdate, location or even your phone number without changing the privacy setting, your information could be seen by everyone.
- Never connect to unknown wireless networks. In public places like airports and hotels, be careful about logging in - people can eavesdrop.
- Do not use the “save my password” feature. Although it is a convenient feature, anyone using your computer can then access the site with your password.
- Never surf the Web using your “admin” account – create a normal user account. Admin accounts, by their very nature, approve the installation of new programs, which can include Malware.
Did I really win the lottery? How to spot fake e-mails.
Not every fake e-mail is as obvious as those telling you that you won the lottery in a foreign country and that they need a small fee upfront for currency exchange. Spotting the difference between legitimate and fake e-mails is getting more difficult as criminals become more sophisticated in their efforts. We have included a few signs below to help you determine if the e-mail you received may be spoofed:
- Don’t open e-mails with attachments or links from people you do not know. These types of e-mails are often vehicles for malicious software.
- Examine e-mail addresses closely. Fake e-mails often use e-mail addresses with similar-sounding titles but from fictitious e-mail boxes. Quite often, a fake e-mail address will include signs, symbols, or strings of letters.
- Don’t respond to e-mails with deadlines, or those marked “urgent,” as they are often fake e-mails. The need to respond to a “limited time” offer, or a request to respond to avoid penalties, are often signs that the e-mail is not legitimate.
- Watch out for poor grammar – it is often a telltale sign of a fake e-mail. Many e-mail scams originate in foreign countries, which means the author of the e-mail doesn’t speak or write fluent English.
- Watch out for official-looking e-mail addresses that end with free e-mail services, such as support@gmail, cardservices@hotmail, or technicalsupport@yahoo. A quick glance may make you think it is a real e-mail, but it is not. Scammers use this approach because they know people are used to being contacted with similar e-mail addresses from trusted companies.
Additional online safety resources