Welcome to Internet Safety Month, a once-a-year event in which you, the public, are told that anywhere between three and 30 different best practices will simplify your approach to staying safe online.
Unfortunately, much of the well-intentioned advice surrounding Internet Safety Month ignores one basic fact about how people change their habits: We typically only correct our behavior after first making a mistake.
We buy rain boots after feeling the unique misery of drenched socks. We become sunscreen evangelists after getting burnt on the beach. We try on a different pair of jeans after a separate pair caused psychic damage to our egos.
This year, then, for Internet Safety Month, we’re packaging our advice a little differently.
Today, we’re going to share stories about the consequences of unsafe Internet practices. By focusing on this context, we hope that you'll come away with a stronger understanding about, for instance, _why _you should use a password manager rather than that you should use a password manager.
Here’s what to avoid during Internet Safety Month, and every month after.
In the world of online scams, criminals care about one thing: Your money.
That’s true for the criminals who send you phishing emails that ask you to fill out personal information on bogus webpages that spoof the legitimate sites of Netflix, or Facebook, or your bank. It’s also true of the criminals who prey on the elderly and the unassuming when pretending to develop a romantic relationship online, only to later ask for financial support and disappear.
None of these situations are hypotheticals.
Earlier this year, a woman in Tennessee was fooled in an online dating scam by a thief who stole $390,000 of her money. Just last month, after the Twitter account of a famous digital artist was hacked, cybercriminals abused the account to send promotions for a fraudulent collaboration between the artist and the luxury brand Lous Vuitton. By selling fake raffle tickets for the promotion, the scammers raked in $438,000 worth of cryptocurrency.
Staying safe in all of these situations can be difficult because, often times, the scammers on the other end are practiced, experienced professionals. Still, there are a few things you can do to best protect yourself from falling for an online scam.
A true story from me, your author. In 2016, I bought a new smartphone that, as part of a promotion, came with an additional smart watch. Getting the smartwatch required sending a separate form and having the watch delivered to my home at a later date.
About a week after I’d sent the form, I received an email allegedly from the United States Postal Service. The email told me that an update on my package—which I believed to be my new smartwatch—could be read in the attached document, which I blindly downloaded and opened.
Lo and behold, the attachment contained ransomware. After just a few minutes, I’d ruined my work laptop. My files were encrypted and inaccessible and the only readable document remaining was a ransom note asking for money.
The worst part about ruining your work laptop is that you don’t even get to take the day off. Working as a reporter, I still had a story to file—I was on deadline! I spent the day reporting and writing an entire article on my phone. It was a nightmare that I recommend to no one.
Though my tale is just about ransomware, the truth is that much of today’s malware gets delivered either through malicious attachments or malicious websites. Here are some simple steps you can take to prevent these attacks from happening.
A video of Kanye West from 2018 purportedly revealed that the rapper and producer’s iPhone passcode was 000000. Before you laugh, remember that every single year, a list of the top 10 or 20 most-used passwords (as determined through data breaches that revealed account credentials) typically includes “password” and “123456” near the top five placements. And, separately, though the reasons for the devastating SolarWinds breach are many, it’s hard to forget that, according to the company’s CEO, someone protected a critical, internal account with only the password “solarwinds123.”
The lesson here is simple: Don’t give cybercriminals a free pass.
The truth is, that in most cases, cybercriminals will only succeed against the least-defended targets. If you have any basic defenses in place, cybercriminals often won’t bother with a follow-up attempt to breach your device or steal your information—it’s simply too much trouble when they can move on to another potential victim.
Implement these practices—with the help of some tools—to ruin a cyberthief’s day.
The Internet can be a risky place where you can legitimately lose thousands of dollars or entire days’ worth of work. Don’t wait until you’ve made your own mistake to course-correct. Start changing your behavior today to enjoy a safer, better Internet experience.
Learn more about our Malwarebytes Internet Safety Month promotions here.
The post Internet Safety Month: Avoiding the consequences of unsafe Internet practices appeared first on Malwarebytes Labs.