Cybersecurity For Dummies Cheat Sheet
Some scams that cyber-criminals use to target online shoppers seem to persist for many years—likely indicating that people are continuously falling prey to the scams, thereby encouraging criminals to keep using the same forms of trickery over and over. Learn about some such common scams, and learn some straightforward tips on how to keep yourself—and your loved ones—safe when using the Internet to shop.
In addition, people often make mistakes that provide great assistance to criminals seeking to commit cyber crimes—learn about some of the common ones, so that you do not make such errors and help criminals target you or your loved ones.
Cyber-Protect Yourself and Your Family on the Internet
To cyber-protect yourself and your family, make sure everyone in your family knows that he or she is a target. People who believe that hackers want to breach their computers and phones and that cyber criminals want to steal their data act differently than people who do not understand the true nature of the threat.
Folks who internalize this reality typically behave differently than those who do not — sometimes without even realizing that they’re acting as such.
The following tips help you protect your data and keep yourself and your family safe from Internet scams:
- Protect your devices. — At a minimum, run security software on every device that you use to access sensitive information. Configure your devices to auto-lock and require a strong password to unlock them. Don’t leave your devices in insecure locations, and install software only from reputable sources, such as official app stores and official vendor and reseller websites.
- Protect data. Encrypt all sensitive data and back up often. If you’re unsure as to whether something should be encrypted, it probably should be. If you’re unsure as to whether you back up frequently enough, — you, like most people, probably are not.
- Use safe connections. Never access sensitive information over free public Wi-Fi and consider avoiding using such Internet access altogether from any device on which you perform sensitive activities or access sensitive information. The connection provided by your cellular service is likely far more secure than any public Wi-Fi.
- Use proper authentication and passwords. Every person accessing an important system should have his or her own login credentials. Do not share passwords for online banking, email, social media, and so on with your children or significant other. Get everyone his or her own login. Make sure that you use strong, unique passwords for your most sensitive systems.
- Share wisely. Do not overshare information on social media or via other platforms. Crooks look on these platforms for such data and use it to social engineer people. Oversharing exposes yourself and your loved ones to increased risks of being targeted by scammers.
Avoid Common Cybersecurity Mistakes
Here are some of the common cybersecurity mistakes that people make. These mistakes make hacking easy and greatly help criminals commit cybercrimes.
- Thinking “it” cannot happen to you: Every person, business, organization, and government entity is a potential target for hackers. People who think that they do not have anything of value and “why would hackers want to attack me?” often act without proper diligence and learn quite quickly how wrong their perspective is.
- Using weak passwords: Despite ubiquitous warnings not to do so, a large number of people still use weak passwords such as “123456” or “password” — as evidenced by the lists of compromised passwords publicized on the Internet after various breaches. If you use a weak password or use the same password on a sensitive site that you used elsewhere, you dramatically increase the risk to yourself of an account being compromised.
- Not using multifactor authentication when it is available: All major social media platforms, Google, Amazon, and most major financial institutions offer some form of multifactor authentication capabilities. Multifactor authentication can, in the case of a password compromise, make all the difference between an account being breached and it remaining secure — yet, as of 2019, only a minority of users leverage such features.
- Not running proper security software: Modern security software dramatically increase the odds of a person fending off a whole slew of potential cybersecurity problems, including malware, breaches, spam overloads, and others. Yet, many people still do not run such software on each and every one of their computers (including laptops, tablets, and smartphones), while others run software but fail to keep it up-to-date, thereby undermining the potency of their product to protect against the latest (and, often, the most dangerous) threats.
- Not keeping software up-to-date: Many operating system and software updates contain fixes for security vulnerabilities discovered by researchers (or hackers) in prior releases. If you do not keep your software up-to-date, you’re likely to leave your devices vulnerable to attack. Worse, yet, once the vendor publicly describes the vulnerability that it has fixed, criminals may seek to create exploit scripts to search for, and target, unpatched machines.
- Failing to exercise good judgment: The weakest link in the cybersecurity chain is almost always a human being. Whether it be by clicking a link that should not have been clicked, sending money to a fraudster who sent a bogus email impersonating one’s boss, installing a rogue app, downloading a pirated copy of a movie, or through some other imprudent action, human error often opens a cybercan of worms and provides criminals with the ability to inflict far more harm that they would have been able to on their own.
- Not learning the basics: People who suffer from a medical condition, or whose loved ones do, typically learn about the condition to ensure that proper treatment is administered and that unnecessary danger does not result. When it comes to cybersecurity, however, many folks choose to remain ignorant, thinking that, somehow, if they pretend that there is no danger to them, such will be the reality.
- Not hiring a pro: When serious cybersecurity incidents occur, people (often individuals or small business owners) often try to address them on their own. Doing so is not much different than trying to treat a serious medical condition without going to the doctor or defending yourself in criminal court without a lawyer. Hackers, malware designers, and other cybercriminals have significant knowledge. If you’re locked in a de facto battle against them, you want a pro on your side, too.
Common Cyber Scams Targeting Online Shoppers
Cyber-criminals use some common scams to target online shoppers, but you can protect yourself from these Internet scams easily.
One simple technique can help protect you against all of these scams. If you ever receive any communication from a retailer, shipper, or any other party related to an online shopping order, an amazing deal, or other matter that you want to look into, do not click links in the message or open associated attachments. Open a web browser, go to the website of the relevant “sender,” locate its contact information, and contact it directly to ask about the message that you received.
- “There are problems with your order” emails (or text messages): Criminals often send mass emails that appear to come from an online retailer and that tell recipients that a problem is preventing the store from shipping the order and that the recipient must take action to receive the order. Such emails often contain a link to a bogus website that collects, at a minimum, login information, such as usernames and passwords, for the retailer’s website. Such scam emails aren’t normally targeted — they simply impersonate major retailers. Criminals rely on the fact that a large number of people who receive the email are likely to have placed an order with the impersonated retailer in the not-so-distant past.
- “There are problems with your payment method” emails (or text messages): Similar to the preceding scam, criminals send mass emails that appear to come from an online retailer and that tell recipients that a problem occurred with the payment method used to pay for an order — with instructions that the recipient submit new payment information via some web page. Recipients who had, in fact, recently placed orders, are likely to be caught off-guard, and some will likely click through. Of course, the page that collects that new payment information — sometimes along with login credentials to the retailer’s site — is simply a tool for stealing credit and debit card numbers, along with potentially other data as well.
- Delivery-service problem emails: Criminals send emails that appear to come from a major delivery service and that inform the recipients that there an issue occurred with a delivery and that the recipient must take action to have delivery reattempted. Of course, these messages either deliver malware via attachments or direct users to phishing or malware-spreading websites; They do not help people get any items delivered.
- Bogus deal emails, social media posts, or web links: Criminals frequently either send via email or post to social media or deal websites all sorts of “amazing” offers, which often seem too good to be true. A 55-inch Samsung smart television for $100?! A brand new 13-inch Mac for $200?! While some such deals may be legitimate — and, if they are advertised by a major reseller, you can check on the website of the relevant seller to determine that — the overwhelming majority are not. If the seller is a major reseller and the deal is not legit, the email may link to a bogus site or be spreading malware. If the seller is a firm that you have never heard about, the whole store may be a scam — collecting payments, for example, and never shipping the goods, shipping defective goods, or shipping stolen goods.
- Fake invoice emails: Criminals send what appear to be invoices from online stores for purchases costing significant amounts and note the sale amounts were charged to the recipients’ credit cards. These “invoices” scare people into thinking that they somehow unintentionally placed an order, were charged more than they expected for some item, or were somehow defrauded by someone using their credit card number — any of which lead the recipients to contact the seller by clicking links that the sender conveniently included within the invoice message . These links bring the user to a site that either captures information, installs malware, or both. Sometimes the invoices that are sent via email are included as attachments and, you guessed it, contain malware.