Viewing entries in
InfoSec

#TechTip #3: Didn't Request It? Don't Click It!

#TechTip #3: Didn't Request It? Don't Click It!

Even From Friends, Check Before You Click

It's an awful feeling, a sinking feeling in your gut — realizing that a bunch of your friends just got an email message 'from you' that, if they click the link or attachment in it, will very likely attack their email account and spam their contacts, as well. It's happening to the best and smartest of us...

There appears to be a growing number impostor email hack attacks. We're all getting them, and recently, they're coming from people we know well, and trust. Or, that's what they're made to look like.

Part 1: Don't Know? Don't Click

  • If the email you receive is not part of an ongoing exchange you have with the 'sender,' or a near-immediate response to an online request you issued (such as a password reset), just don't click the link, no matter how legit it looks. If it's important enough, and the sender is legit, you can ask them.
'Oh no! Click here before all is lost!' 😱

'Oh no! Click here before all is lost!' 😱

Part 2: Check with the Sender, in a Different Channel

  • If it looks important, check with the person who supposedly sent it to you. But don't just click Reply; if it's an attack email, the sender can redirect your replies. If at all possible, check with the 'sender' in a different channel, one that you typically use with them. If the the link or attachment arrived in email, check with them in a text message or Facebook Messenger, WhatsApp, wherever you already hang out with them. (If you don't have another channel, at least forward the email to another email address for the 'sender.' They'll often tell you right away whether it came from them or not.)

Stay safe, but with some basic caution, keep having fun in your digital playground!

#techtip #email #hack #attack #infosec

> Find more tips and news in our News section!

 

#TechTip #1: Assume You're Exposed, Act Accordingly

#TechTip #1: Assume You're Exposed, Act Accordingly

If you tell someone, 'Ok, Imma tell you something but you have to swear you won't tell anyone else,' you can assume that it will travel to at least 2 more people (if not 20) in less than a day (if not an hour).

This is a notion I've been teaching my kid for a few years now. It's too bad more grownups don't understand this as well as she does. Sure, we all have to believe with some confidence that the basic security of our personal information is sound when we enter it on websites where we do our email, banking, and a host of other activities that involve information that could be used to rob or smear us. But at the end of the day, if you've given someone, anyone, your info, there is never 100% certainty that that person or company will never use it maliciously, or won't be hacked by someone else, or simply commandeered by a government.

The only safe assumption you can make about information security is that you have none.
Steph Marr

Our advice: Do your best to be safe with sensitive information, but more than that: avoid doing things, even in secret, that are morally, legally, or personally perilous. That way, in the event something is exposed, you'll be mildly embarrassed, at worst. 

Padlocks on Pont Neuf, Paris

Padlocks on Pont Neuf, Paris

Bonus Tip

Don't share passwords and phone lock codes to prove your love and trust among friends. All you're doing is adding unneeded liability to their lives; when something goes wrong in your life 6 months from now, you don't want to wonder about your closest friends.

Friends don't let friends share passwords.

#techtip #web #infosec