Safety and Security: A Priority for Your Computer

We first posted articles about online safety in our blog in June 2019 and again in July 2020. This situation has continued to be of concern, and now, with the added focus on tax season and the crisis in Ukraine, online scamming is at a peak. So, it seems like a good time to reiterate some important information on keeping your computer and your personal information safe when you are online.

There are two ways you are likely to get caught. One is through online theft called phishing (pronounced fishing), where deceptive emails are used to steal sensitive information, and the other is to click on a link or open an attachment that introduces malware, viruses, and/or ransomware into your computer's operating system. In the past, these attempts to steal your identity, your credit card numbers, and/or your Social Security number were sometimes obvious. Now, criminals have gotten fairly sophisticated, and you may get emails from companies with which you have done business in the past that look very real, even though they conceal criminal activity.

If you haven’t taken online security very seriously or if you thought that no one really wants to take anything from you because you aren’t important enough, think again. A hacker who infiltrates your computer’s hard drive has access to not only your personal information, but that of all your contacts. He or she can potentially copy or delete your email, your photos, your genealogy files, virtually anything that you have saved. Within minutes, a hacker can erase the contents of your computer’s hard drive or lock your files and hold them until you pay a fee to get them back.

You may think you are “a small fish,” but you might inadvertently lead to much larger ones, and, in the process of trying to get to those things, a hacker may destroy your computer’s contents, causing you much unanticipated grief.

How to Protect Yourself

First, learn to be super critical of your email. There are some telltale signs you can look for as you are checking your email each day.

🔅 Don’t ever react to an email asking for money or gift cards, even if it’s purported to be from your grandchild or best friend. Real businesses don’t ever ask for payments in gift cards! If what appears to be a message for help is from someone you know, call or text the person first to be sure it’s a real request.

🔅 Learn how to carefully examine your emails. Real businesses are generally NOT going to notify you of a supposedly bad credit card or a sudden cancellation of your account via email. They are NOT going to ask you to open attachments, click links, and provide sensitive information that way because they are aware that too many hackers fool people by having them click on bad links.

Here’s what to look for in an email:

🔅 Watch for spelling and grammar errors. You almost never see them in valid business emails.

🔅 Learn to click on or hover your mouse pointer over the little arrow in the “From” link at the top to see the actual email address from which the message was sent. Even if the word “from” is invisible, there is still a link to an email address. A valid note from Target, for instance, is not going to have an email address of cutiepie254@tesco.uk.

Look carefully at the real examples below. Notice that in the supposed example from "Amazon," there are some obvious red flags, marked here with red arrows. 

1. If you look carefully at the "from" line, it looks like it really comes from Amazon, until you click to see the actual address from which it was sent. Notice that it is just nonsense from "googlegroups.com."
2. Look at the line below to see that "Account Locked" has several typos.
3. "Your credit card on file has been declined" is a link. Did you just use your card on Amazon? Did a purchase go through with no problem? Do you even have an Amazon account? Do NOT click on this.
4. Last, the bright gold box: "Update Payment Information." Just NO! If you think this might be an issue, open a new browser tab or window, go to Amazon, and log into your account to check things out for yourself. 

These next two examples are the real thing. Notice the "Reply-To" is not even functional, since this is an automatic mailing from Amazon to announce a legitimate delivery. Also notice that the actual address on the second example of a completed delivery is most likely to be really from Amazon.

Here is another example, this one from AT&T, supposedly notifying customers that their mailboxes will be shut down. See if you can spot the red flags here. (Answers at the end but a few hints in red.)

More Tips to Ensure the Safety of Your Data

• If you aren’t sure of an email’s validity, go to the website of the company and log into your account. You can then see if there is really a problem, or you can call their help line.
• Don’t use any part of an unsolicited email as a link to a real website. Don’t use any telephone numbers, addresses, or contact information on such a message. Even one click can irrevocably damage your computer by introducing malware.
• Change your passwords periodically and make sure they are complicated. Use the built-in password generating feature of your browser or operating system. If you create your own, be sure not to use the same password multiple times. If it’s stolen in one place, it can be reused to unlock multiple websites.
• Whenever you have the option, use two-step (two-factor) authentication. See our blogpost from 2018 for instructions on how to use this process and the easy steps to take to make it work for you.

Remember, if you aren’t sure if something is safe, the easiest things to do are Don’t Respond and Don’t Click!

🔵

Answers to the AT&T Red Flags:

1. Multiple people on the "To" line. Legitimate companies use blind copies, meaning the recipients do not see anyone else's email address.
2. Typos: "Your AT&T info" (too casual); "2022,customers" (no space after the comma)
3. Last line: "Mail sent to cannot be answered." (word omitted)

Again, if you aren't sure, clicking on the invisible "from" clearly reveals a phony sender.