We’ve all heard the horror stories about someone who got that email and opened it, or clicked on the provided link. Then either their credit card is maxed by some stranger in Brazil or their computer crashes in a painful death of viruses, Trojans and worms. But the terror doesn’t end there, sometimes those emails appear to have come from someone you know and trust, either your favorite writer’s group or even your Aunt Betty. You clicked the link because Betty is always sending you funny pictures or the writer’s group posts gems of advice that could make you the next bestselling writer. Sure, a message wasn’t included with the link, but that’s not unusual with some of your family and friends. So, why would this be different?
Did Aunt Betty or someone on your group send the message? No. Someone essentially “hacked” into the person’s Yahoo, G-Mail or Hotmail account because the hacker was able to guess his/her password. Who would have thought using PASSWORD as your password would have been that easy to guess?
I’m not an IT specialist. I don’t even consider myself highly computer savvy; however, I’ve held jobs in which computer security is a must. I’m going to pass on some of tips that I’ve learned along the way.
First of all, let’s talk about the terms and the type of scams out there. I got the definitions from Wikipedia, simply because they are easy to understand and anyone, who’d like to further their knowledge, can read more about them there by simply searching for them.
*Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately. If you ever fill out one of those surveys that say they need your info (email/physical address) so that you can win a $1000 gift card to some store, you will open yourself to this. Some of those emails could be malicious in nature, meaning they could be phishing, pharming, spyware, worms, viruses or Trojans.
*Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
*Pharming is a hacker’s attack aiming to redirect a website’s traffic to another, bogus website.
*Spoofing is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. This is what happens when you receive a email that looks like it came from a trusted individual. In other words, you are being spoofed into believing the email containing the link came from your writer’s group or .Aunt Betty.
*Social engineering is the art of manipulating people into performing actions or divulging confidential information.
*Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge.
*Malware, short for malicious software, consists of programming designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation
*Computer virus is a computer program that can copy itself and infect a computer.
*Computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other computers on the network and it may do so without any user intervention.
*Trojan horse, or Trojan, is a destructive program that masquerades as an application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but (perhaps in addition to the expected function) steals information or harms the system. Unlike viruses or worms, Trojan horses do not replicate themselves, but they can be just as destructive.
The sad and scary thing is that many of these scams can be used in combination. How do you protect yourself from any or all of these, when we, as writers, are expected to network, socialize and exchange information via the Internet? Here are three of the most basic things we can do to protect ourselves.
ONE: Never click on an email with an odd-looking address, subject line or from someone you honestly don’t know. I know, I know—we do this all the time. With thousands of people on Yahoo Groups or in your writer’s group, how can we possibly know everyone? We can’t, but the subject line always has the group that the message is coming from. Also, never open a message without a subject line—even if you know the person! (See spoofing) So, conversely if you are sending emails, always use a subject (or your intended recipient may not open it…*g*).
TWO: Never click on a link or an attachment that you are not sure about! NEVER, EVER even if the message tells you aliens will abduct your first-born child if you don’t open the link! Most malware, spyware, viruses, worms and Trojans are introduced this way. You click on the link or an attachment and sometimes nothing even happens. The site may never open up or the attachment doesn’t have anything in it. So, you close the browser and think nothing more of it—until you see that someone has been making purchases with your Visa Card in Brazil. How did this happen? Well, when you opened the link, it actually downloaded malware (usually spyware) that gathers information on you. So, the next time you log into Amazon to buy that next great book. The spyware gathers your account information and the person on the other end of the spyware program can access it.
Of course, other things could happen by clicking on the link. The link could download a virus that causes your computer to crash and burn in a fiery sputter of hisses and crackles. And if your next bestselling novel is on that hard drive when the last death rattle happens, you could lose it. Depending on whether you’ve backed it up, this could be as devastating as getting the $20,000 bill for someone else’s Brazilian vacation. I won’t get into the importance of backing up your work. That’s a blog for another day.
Three: NEVER, EVER give your personal information out unless asked by a legitimate source. But MAKE sure it is a legitimate source. This is how most phishing and pharming scams work. You get an email from some business (the most common are Paypal, banks, credit card companies and Ebay) that LOOKS legitimate. In the email, the business asks for your personal info to include your social security number, bank or credit card numbers, and/or account passwords for some bogus reason. Don’t ever fall prey to these types of emails. If your bank wants information from you, they will never email you for it, even if you do all your business with them online. If Paypal needs this info, log into your account on the Paypal site, but don’t ever link to it from the email. Go to your browser to get to the site by logging into it. If they want the requested information in the email, there should be a message in your account that they need the info. If you ever get an email like this, call the customer service for the business to alert them of what’s going on.
I could go on; after all, there are entire books written about computer and information security. The most important thing you can do to protect yourself is to make sure your computer is protected with an up-to-date antivirus, such as Norton or McAfee or even one of the free programs. The other thing is to use common sense. If it doesn’t look right or feel right, delete it. If the email came from a friend or family member, email her (in a separate message—never reply to the questionable email) and ask her if she’d emailed you. Chances are your friend hadn’t. Her email account was “hacked.”
How do you prevent this from happening? That’s easy. Make sure you change your email passwords often. Don’t stay signed in to the account (make sure the “Remember me” box is unchecked). And make sure your password is something that is unique (not your name or even your dog’s). I personally use the same type of criteria for my personal emails as I use at work:
Upper and lower case letters combined with numbers and symbols and at least six characters long. The longer the password and the more creative it is, the less likely it will be hacked.
No one wants to live the horror of a stolen identity or crashed computer.
Happy and safe writing!