Are You in Danger? 25 Easy Steps to Stay Safe Online


Online Safety

Tired of your computer getting infected by malware, adware or ransomware? Not sure which email, pop-up, text or message to trust?

Protecting your credit card, banking and investment information, not to mention your identity are serious challenges. Frankly, if organizations like Target, Yahoo, Chase, Ebay, Home Depot, Sony, the US Military and even the NSA can get hacked, surely we peons don’t stand a chance, right?

While that might be true if you were the target of a sophisticated hacking ring, the goods news it there is actually quite a bit you can do to avoid the clutches of your everyday online schemers.

Here’s 25 strategies you can employ to increase your odds of staying safe online:

First Line of Defense: Password Protection

1. Use a different password for every site.

2. Use passwords with twelve or more characters, at least one symbol and upper and lower case letters.

3. Do not use your name, a close relatives name, birthdate, phone number or address as your password.

4. If it makes it easier for you to remember, use a standard prefix or suffix for all you passwords, then add a standard combination of characters from the site your on. For example, if you were on, your password might be YahXXXXXXXXX. If on Citi bank it might be CitXXXXXXXXX.

5. Do not share your password with anyone.

6. Use two step verification for all of your credit card, bank and investment accounts. Once you sign-in with your password, you will then receive an email which you will have to respond to before gaining access to your account.

7. Where possible, request to lock down your login after 3 attempts.

8. Change your passwords every once in a while.

Second Line of Defense: Avoid the Trap

9. Do not open attachments, click on links or respond to emails that seem suspicious or from unknown companies. If in doubt, call the company. Criminals have sent emails ostensibly from Paypal, Ebay, Apple and the IRS saying things like, “Your account has been stolen”, “You need to update your password”, “Your order has been cancelled”, or “Your account is in collections”. Assume it’s a scam until you’ve verified – don’t click on anything in the interim.

10. Avoid the following common scams:

  • Tech Support: These scams often appear as pop-ups on your computer posing as a security company, or telling you your computer isn’t working properly. Never click on the pop-ups or install any software from these companies.
  • Tax Scams: Criminals will often send an email claiming they’re from the IRS and that there is something wrong with your tax return and your accounts will be frozen if you do not make an immediate payment. The IRS will not initiate contact with you via email, text or social media if there is a problem with your return.
  • Ransomware: Blocks access to your computer until you pay a “ransom”. One of the most effective ways to avoid ransomware is to install an up to date anti-virus software program, and obviously avoid opening unknown email attachments or links.
  • False debt collectors: The scams try to scare or rush you into making a payment to clear an outstanding debt or the next step may be to take you to court. Again ignore the emails. Otherwise, call your creditors to verify.
  • Sweepstakes scams: General rule here is if it sounds too good to be true. In general, the scams require you to pay before you can receive your prize, or ask you for your personal information to receive the prize. Ignore them all.
  • Charity scams: Avoid giving to charities online whose name you do not recognize. Moreover, if you’re receiving an email, text or notification on social media from an organization you recognize, go to the website of the organization directly to give. Type in the name of the charity’s URL yourself to go to the website, do not click on the link.

11. Avoid emails with typos, poor English or a URL that is close to the company name but not quite. For example, here is one common email:

De&%&ar Paypal Customer,

W&%&e'v&%&e lo&%&ck&%&ed acc&%&es&%&s t&%&o yo&%&ur acc&%&oun&%&t, be&%&ca&%&us&%&e yo&%&u&%&r acc&%&ou&%&nt wa&%&s re&%&ce&%&nt&%&ly lo&%&gg&%&ed in&%&t&%&o fr&%&om a ne&%&w bro&%&ws&%&er or de&%&vi&%&c.

12. Never give money or private information on a website who’s URL does not start with https:// . If it only has http:// it is not secured for the transmission of private data.

Third Line of Defense: Avoid / Remove The Traps

13. Get the top antivirus software, anti-spyware and firewall programs and keep them regularly updated. Run these programs regularly.

14. Strengthen your browser safety settings. Whether you’re using Google Chrome, Firefox, Safari or Internet Explorer they all offer various levels of security settings.

15. Update your software programs regularly. Many programs from Microsoft and others continuously develop security patches that will only get updated on your computer if you authorize the update.

16. Log out at the end of your session or day. If you keep your internet browser open, stay on a website, or stay logged into a website, you leave yourself open to being attacked.

Fourth Line of Defense: Keep Information Away From Prying Eyes

17. Use a login password for all your devices, including phone, laptop, desktop and ipad. You don’t want your lost or stolen device to turn into a treasure trove in the wrong hands.

18. Use a Virtual Private Network (VPN), especially when using public WIFI, if you don’t want anyone to see what you’re doing. According to famed hacker Kevin Mitnick, “if you aren’t using a VPN, your internet traffic may be monitored, or worse, you may be hacked when using open wireless networks.” VPN’s encrypt your web activity so no one can see what you’re doing when on public WIFI.

19. When sending anything sensitive via text encrypt the message with Signal. According to hacker turned FBI informant Monsegur, Signal is a free messaging app with complete end-to-end encryption. "The cool thing is it also has an audio and a video feature, so you can have a fully end-to-end encrypted chat or encrypted messaging or video chat, and there's nobody in the world that's going to look at it." Conversations with lawyers, accountants, business partners remain confidential.

20. Clear your cache regularly. Your cache holds copies of your downloads (think bank statements), the sites you’ve visited (think list of the institutions you bank at) and in some cases auto-fill information (think usernames).

21. Shred credit card, bank, investment, insurance, IRS and all government statements before throwing them in the garbage. Those statements are paper gold for ID thieves, some with account numbers, names, addresses and social security numbers – garbage is the pot at the end of the rainbow!

22. Don’t access your banking, credit card, or financial statements from a public computer - this includes your library and public WiFi.

Fifth Line of Defense: Damage Control

23. Review your monthly credit card and bank statements for unusual charges.

24. Register for mobile alerts that will notify you when your credit or debit cards are being used, and will ask your permission for transactions over a certain size.

25. You may want to consider ID Theft protection services which can help you monitor the credit bureaus and tell you if someone has taken out a loan in your name.