Unsure How To Stay Safe Online? Help Is Available!

Given today’s online climate, cybersecurity is more important than ever. Our recent technology survey revealed that this was one of the top concerns among our library users, prompting us to plan more events and education on that topic. Even if you’ve had security training in the past, security recommendations are changing all the time. As the person in charge of technology security at the library, I can tell you it’s no small feat to secure a network and online services from intruders. Even if you put all of the proper measures in place, all it takes is one user to click the wrong link or open an unknown attachment and the worst-case scenario could happen.

As such, the best line of defense is to make sure individual users know how to recognize and avoid traps and how to practice good technology hygiene (like keeping your computer and its software up-to-date). Once upon a time, it was easy to spot a scam. You knew no Nigerian prince would contact you looking for help, and those weird characters in the middle of the word to trick spam filters were a dead giveaway. These days, criminals are getting a lot better at spoofing emails and other communications to make them look legitimate.

Even if you think you know everything about cybersecurity, you still have more to learn. Fortunately, there is a reliable online resource that can teach you general concepts and help you with your cybersecurity questions, presented by the National Cybersecurity Alliance. There is a lot of information there, so I would suggest starting with these two sections of the website:

One of my favorite things about this resource is that the topics are broken down into short, easy-to-understand parts with practical advice. As an example, one of the longer articles is an 8-minute read called How To Tell If Your Computer Has a Virus and What To Do About It. Dating scams, travel tips, hacked accounts, smartphone security, and many other topics are represented in articles all estimated to take less than 10 minutes to read.

One drawback to this resource is the fact that almost all of their education resources are written. If you prefer your education in video format, try this Tech-Talk collection or GCFLearnFree.org.

What are your biggest cybersecurity concerns? Let us know in the comments. Until then, stay safe!

Is It a Social Media Game or a Clever Hack?

If you’ve been on social media sites such as Facebook and Twitter, chances are you’ve seen them. Posts that appear to be innocuous enough, asking for a combination of personal info to find out things like what your Bridgerton name would be by asking you to name your grandmother’s name combined with the street you grew up on.

The problem with these types of posts is that they are not innocuous – far from it. These attempts by various entities to gather personal information are a type of social engineering.

What is Social Engineering?

According to this helpful article on Imperva, social engineering is “the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.”

The types of posts you may see on social media sites will ask all sorts of questions related to personal information that is often the same type of information used in security questions used to retrieve a forgotten password. A single question may appear innocent enough, but the way these scammers often operate is to gather information through multiple questions. For example, to gain access to someone’s account by answering security questions, you will often need to enter your birth date. These social engineering posts will be clever in the way they ask for information. Instead of, “post your birthday!” they will instead ask things that combine your birth month or number combined with other information. If you were to comment that you were born in January, they would have one piece of information. Another post may ask when you graduated high school, or what age you were in a certain year. When pieced together, the perpetrators have your birth date.

Type "Halloween" and the year you were born in the GIF bar. That's your costume this year.
Example of a social engineering meme

Answering security questions can be used to retrieve a forgotten password or as an extra security measure to log in to some websites. Some common security questions ask about the street you grew up on, your favorite pet’s name, or the name of your firstborn child. To get this information, the perpetrators will word it in a different way such as, “what’s the name of the child who made you a mom?” A question that sounds innocent, but has malicious intent.

What Do They Do With the Information?

There are several ways the perpetrators can use your information. The easiest way is security questions. Once they have your information, they can visit your various accounts, be it Google, Yahoo, or even your bank account, and use the information to reset your password. What about the example question mentioned above about the name of the child that made you a mom? A common security question asks the name of your firstborn child. Your favorite subject in high school is another common question asked in Facebook posts that people answer without hesitation.

Besides answers to security questions, this information gives a heads up to those attempting to guess passwords. If hackers have a starting point, for instance, if your password contains the name of your childhood pet or your first born, it makes it easier to guess the rest of the password, especially if they are using hacking programs that can automate the process.

Men laughing with text "we posted a Facebook quiz with password security questions and they not only answered the questions, they shared it with their friends.

An Easy Solution

An easy way to combat this problem is to not share personal information on social media. While you may think only your friends will see the answers, once you comment on a public post, anyone on the internet can see the information you provided. Another way to avoid this problem is to not use security questions when given the choice. Instead, opt for a backup email address or a text message as a way to verify your account in the case of a forgotten password.

While the attempts to find out personal information on social media are plentiful, with due diligence, you can keep your information away from these information harvesting attempts by scrolling right past them.

Have you noticed these types of posts on social media? Let us know in the comments.

Have Your Passwords Been Compromised?

These days, security breaches are in the news so often you may think there is no way to avoid having your information stolen. While no credentials are fully safe from hacking, using good password hygiene (not reusing passwords, using complex passwords, etc.) and staying on top of which of your accounts has been hacked can go a long way in keeping you safe.

Even if you watch or read news 24/7, it is impossible to keep up with all of the account breaches yourself. Luckily, https://haveibeenpwned.com/ exists to keep track of this for you.

The process is simple and free. Point your internet browser to https://haveibeenpwned.com/ and enter your email address.

When I put my personal email in, I got this message:

If I scroll down a bit, I can see the individual instances in which my information was compromised, along with more information about each particular hack:

What Do I Do with This Information?

Just because you have an account with a service that was breached doesn’t mean someone is actively using your account. It just means your information may be in the wrong hands. Knowing which accounts have been compromised can help you in the following ways:

  • Quickly change passwords and/or associated email addresses to prevent someone taking over your account. Also change credentials for any other account that uses the same email/password combination.
  • Get a heads up to check and make sure no unauthorized activity has happened on your compromised account.
  • Evaluate whether this is a service/account you really need. If not, delete your account, if possible.
  • Discover services you forgot you had signed up for!

Try It Out

Now it’s your turn to see if any of your email addresses have been pwned. If they have, there is no need to panic. Just follow the steps above to re-secure your accounts.

Detecting Email Scams

Have you ever received an email you thought might be dodgy, but couldn’t tell for sure? Given the prevalence of email scams, your instinct is likely correct. But what if that email from your bank is real and requires a response?

The folks at Tech-Talk have written a great article to teach you how to scan the email for clues that it might be a scam. Even if an email passes scrutiny, you may still want to avoid clicking links in the email. If it is from an entity with which you have an account, try typing the site’s known login address into your browser rather than clicking a link.

Keeping Your Facebook Account Secure

Thief with laptop

In today’s world, bad actors are constantly trying to hack all of our accounts, and Facebook is no exception. In case you missed it, check Tech-Talk.com’s article suggesting ways to keep your account secure.

Would you like to get tips like this delivered straight to your inbox? Head to https://bit.ly/egtechtalk and sign up to receive the weekly Tech-Talk newsletter.