Tuesday, July 9, 2013

The More Things Change...

   As the saying goes... the more they stay the same.  In our ever-changing world of technology and security, it always amazes me how things often don't change!

   Let me clarify... there's always a totally new technology, programming language or social network to learn. Of course, computing power has changed drastically.  Many of the techniques used by attackers to gain improper access to our information have changed.

   Though many have not.  And the advice we give to consumers and business users to protect themselves has not changed!   Consider...

   I recently read an article (slideshow) on CSOonline.com called 15 Social Media Scams.  It's a good list of scams of which everyone should be aware.  These have all been floating around social media sites and will continue to be a problem.

   However, most of these schemes predated social media!  Most were email phishing schemes before we had social media.  They were sent from forged "trusted" sources - accounts that look like a known company or friend - or even from hacked accounts.  And they would include links that one should not click!

   But even before we had the Web, or before it became popular, we still had email and phone phishing scams.  Instead of clicking on a link (because there were no links before the web!) the scammer would ask for information to be directly sent via email or provided over the phone.

   And, before email, some of these scams occurred via postal mail!  In fact, the 419 or "Advance Fee Fraud" scam has been around at least since the 1920s!

   The advice to avoid these, and most, online scams really hasn't changed.

   Here is my core advice for online safety of both home consumers and business users:
  1. Don't click! on a link sent to you in an {email, status, tweet, text, wall post, direct message, etc.}.  See my post here.
  2. Don't provide identifying information to an online or phone requester unless you initiated the conversation.  And even then, don't send it unencrypted (use https).
  3. No, you did not win whatever prize they want to you click to claim.  Nor are you getting exclusive insider stock trading information in an email.
  4. Practice good password hygiene.  I've written extensively about this here, here and here.
   You can also read my series on online self-defense beginning with this post.

   What additional advice do you have to help people steer clear of online or phone scams?  Have you come across any unique online or phone scams?

No comments:

Post a Comment