If you woke up from a ten-year long nap this morning, you might be surprised to hear the advice for securing your computer hasn’t changed much.
Sure, the devices are way better, the connections way faster and buffering is heading the way of the floppy disk. But you’ll still hear things like “don’t click on attachments” or “run updated security and system software” and “look out for phishing scams.”
Fake sites set up by crooks to trick you into offering your private data were born in America Online and took off about a decade ago. Mobile devices with the way URLs are inevitably obscured by smaller screens gave them new life. And a targeted phishing scam may have even altered the course of an election, and possibly human history.
It’s 2017 and you can still get phished online, unfortunately. But you can also easily avoid nearly all of these scams — says Sean Sullivan, F-Secure Security Advisor — by adopting and sticking to three simple habits.
1. Don’t click on any links in emails.
“The link in the email is the lure and website is the hook,” Sean told me. “If you can avoid the lure, you avoid the hook.”
Most if not all people who end up phished got there by clicking on something in their Inbox.
I suggested to Sean that people shouldn’t click on any link in an email they weren’t expecting — old advice for protecting yourself from malicious email attachments. He took that advice a step further.
“Don’t click on any links in any email,” he said.
Hijacked webmail accounts are often used to solicit all known contacts for phishing scams. You may think you’re saving time but the few seconds saved aren’t worth the risk of accounts being stolen — or worse.
Plus, there’s still a way to make getting to your favorite sites quick that you already know, even if you may just be waking up from a 20-year long nap today.
2. Bookmark for your favorite shopping, banking and financial sites.
“Setting up a bookmark so you go directly to the sites you trust with your personal financial every time will vastly reduce the chances you can end up on a spoofed site via a link or a typo as you’re typing the URL,” Sean said.
Likewise if you ever get an email insisting that you call one of the institutions you do business with, go directly to the site via the bookmark and find the contact information there.
Picking up these two habits will steer you clear of most phishing scams, but there’s an extra step you can take to catch you in case you slip up.
3. Using Internet Security with browsing protection.
One thing that has improved in the last decade is filtering based on reputation of websites. If you use a security solution F-Secure SAFE or F-Secure TOTAL, you will be protected from nearly all phishing scams by Browsing Protection, which uses a combination of blacklisting and whitelisting.
“Sites known to be hosting scams or other threats are blocked by the blacklisting,” Sean said. “And on the other hand, legitimate banking sites are whitelisted to engage our Banking Protection, which prevents your data being hijacked by third-parties.”
Looking for more ways to secure your data?
Sean also advises adding a layer of protection to your accounts by using second-factor authentication on all of your key accounts. This means that if a criminal manages to get into your accounts, the chances he’ll be able to kick you out by changing the passwords thus gaining access to all of your data and/or emails are greatly reduced. But if you are a high value target who can expect targeted attacks, he recommends you avoid using SMS text messages as your second factor as there is evidence SMS can be a “weak link” in securing your accounts. Use Google or Microsoft’s Authenticator apps instead.