Upload
jonathan-bacon
View
309
Download
2
Embed Size (px)
Citation preview
Friendly Advice on Privacy, Phishing, Scams and SPAM
Presented for the JCCCRA TechTalk: March 31, 2016, by Jonathan Bacon, Retired Educational Technologist
How do I avoid being the subject of identity theft? Use strong passwords Use a random generator for secure passwords Don’t reuse passwords Use two-step verification Don’t use security question answers that can
be Googled (fib about your first pet’s name or the elementary school you attended)
Delete registration emails that list passwords Install and keep virus protection up-to-date
What should I know about using passwords? Never use easy to guess passwords (e.g.,
password, 12345678, important dates, information about you that can be Googled, or old passwords)
Change your passwords at least every 6 months. If you suspect you’ve been hacked, change all
passwords now! Store all passwords safely (use a password vault
such as mSecure, Dashlane, LastPass, KeyChain) Use 2-Step verification, if available
Bad, Better and Best PasswordsBad Better Best12345 35jOnathan% r.295&^gHTpassword bpj1977@jc VJ(!0gk4%^12345678 sf2ut2bUadminjonathanjonathanbacon
The BEST passwords are random letters, numbers and special characters.
The BETTER passwords are based on personal information (that cannot be Googled) that has meaning for you (can be remembered) or based on an abbreviated sentence or phrase you’ll remember.
Many password vaults have the ability to generate random passwords and store for you so you do not need to memorize your passwords.
What can I do to protect myself from credit card fraud? Carry cards safely and only what you need When traveling, notify card company Possibly use one card for local and
another for online purchases Remove USPS mail from mailbox in timely
fashion Stop mail* when traveling or have
neighbor pickup Store, dispose of, shred statements
securely Review your account activity frequently Check for unexpected or inflated charges
and test charges When shopping online, use only encrypted
websites
How do I know if a site is secure and encrypted? Web address in browser starts with
https:// Closed padlock appears in your web
browser
Can’t a fake website just paste a padlock on the site? Click on padlock to
see additional detail Name of company Indication that “The
connection to the server is encrypted”
Indication that your connection is “private”
Important to Remember
Do not log into a site if it is not secure Do not log into a site if you feel it is a
fake, instead call the company directly Log out of any secure site when you are
finished
Note: Different web browsers have the padlock at different locations on the screen
What can I do to protect myself from credit card fraud? More…
When shopping online, try to use only trusted retailers (Amazon, big name retailers)
Even with trusted retailers, check that the web address is not spoofed (phishing sites, more later)
Conduct highly sensitive online activities (banking, purchasing) only at home using your personal computer or mobile device , if possible
Avoid making purchases on a public Wi-Fi connection or on a public computer
How can I be secure on a public WiFi network? Turn off sharing (i.e., network discovery or
stealth mode, file and printer sharing) Enable your firewall
Windows: Control Panel > System and Security > Windows Firewall
Mac: System Preferences > Security & Privacy > Firewall
Use HTTPS and SSL whenever possible Turn off WiFi when not using it Consider using a VPN (Virtual Private
Network) Create a Public WiFi profile if you routinely
use public WiFi (see http://goo.gl/E6AJqk)
What is phishing? Fraud where scammer pretends to be
legitimate person and trick you into revealing personal information Credit card information Social security numbers Passwords, PINs
Examples: Sends email pretending to be from your bank, a
vendor you know, a company you know Hosts a fake (spoofed) website Calls you on the phone, urgent message or warning
Curiosity killed your credit and privacy! What SPAM looks like “Don’t Miss Out!” “We_have_found_yOu_amazing_credit!” “
Should I answer when caller ID says “Unavailable” or “Unknown”?
May be telemarketer, spammer, phisher, scammer, wrong number Don’t answer Use voicemail as filter Google the number or
use reverse lookup app
Block the number, if necessary
Long lost friend, emergency call from someone you know (unknown number), doctor or bank that turns off caller ID Answer but be
prepared to hang-up without comment
What are the warning signs of phishing or a fake website? Uses incorrect URL
Fake: www.chase.com.jpb.com Real: www.chase.com
Asks for banking information Uses a public Internet account (i.e., from an
email account that is not from the institution)
Misspelled words Not a secure site Images on website are low resolution (fuzzy)
Bad habits that can hurt your privacy and credit! Opening email from strangers Failure to use strong passwords and change
them frequently (every 6 months) Clicking on strange-looking links (or links in
messages from friends with no other text) Accepting Facebook Friend requests from:
People you don’t know People who you’ve already friended
Failure to back up your data regularly Failure to educate all family members
(spouse, partner, children, grandchildren)
Good habits that protect against phishing and scamming
Use strong passwords (include upper and lowercase letters, numbers and special characters)
Use two-factor authentication when possible Do not click on links in messages from
unknown senders Use security software and keep it up to
date Norton/Symantec Kaspersky McAfee
What should I do if I suspect fraud? Concerning Income Tax Filing? Contact the
IRS at (800) 829-1040or (800) 829-4059 if hearing disabled
Notify all financial institutions Banks Credit Card Companies Lenders
Visit https://www.identitytheft.gov/
• I want to report identity theft• Someone else filed a tax return using my
information• My information was exposed to a data breach• Someone got my personal information or my
wallet, and I’m worried about identity theft• Something else
And if there’s time…
Questions?
Sources/Resources “Talk: Credit Card Safety Tips,” newsletter from
Mainstreet Credit Union, Johnson County Kansas.
“How to Avoid Having Your Google Account Hacked” http://goo.gl/3zCg9v
“The Best Password Managers for 2016,” PC Magazine, February 9, 2016, http://goo.gl/uBwhw
“How to Spot a Fake Website” http://goo.gl/fEh6PJ
“How to Stay Safe on Public Wi-Fi Networks” http://goo.gl/E6AJqk
Sources/Resources (more…) “Should you answer unknown phone
calls?” https://www.quora.com/Should-you-answer-unknown-phone-calls-Why-or-why-not
“PSA: Missed call from a mystery number?” http://techcrunch.com/2014/02/02/missed-call-scam/
“How to Spot a Fake Website and Not Get Phished” http://goo.gl/ZWXaKr
“5 Ways You Can Help Protect Yourself and Stay Secure Online” from the Norton Protection Blog https://goo.gl/iBK8B9
Sources/Resources (still more…) “What amateurs can learn from security
pros about staying safe online” http://goo.gl/FRWRZX
“Ransomware 101: What, How and Why” http://goo.gl/jrxgLR
Common sense and the shared experience of friends