{"id":19242,"date":"2022-06-03T07:10:22","date_gmt":"2022-06-03T15:10:22","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/06\/03\/news-12975\/"},"modified":"2022-06-03T07:10:22","modified_gmt":"2022-06-03T15:10:22","slug":"news-12975","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/06\/03\/news-12975\/","title":{"rendered":"Internet Safety Month: Avoiding the consequences of unsafe Internet practices"},"content":{"rendered":"<p><strong>Credit to Author: David Ruiz| Date: Fri, 03 Jun 2022 14:22:33 +0000<\/strong><\/p>\n<p>Welcome to Internet Safety Month, a once-a-year event in which you, the public, are told that anywhere between three and 30 different best practices will simplify your approach to staying safe online.<\/p>\n<p>Unfortunately, much of the well-intentioned advice surrounding Internet Safety Month ignores one basic fact about how people change their habits: We typically only correct our behavior after first making a mistake.<\/p>\n<p>We buy rain boots after feeling the unique misery of drenched socks. We become sunscreen evangelists after getting burnt on the beach. We try on a different pair of jeans after a separate pair caused psychic damage to our egos.<\/p>\n<p>This year, then, for Internet Safety Month, we\u2019re packaging our advice a little differently.<\/p>\n<p>Today, we\u2019re going to share stories about the consequences of unsafe Internet practices. By focusing on this context, we hope that you&#8217;ll come away with a stronger understanding about, for instance, <em>why <\/em>you should use a password manager rather than <em>that<\/em> you should use a password manager. <\/p>\n<p>Here\u2019s what to avoid during Internet Safety Month, and every month after.<\/p>\n<h2><strong>Don\u2019t lose thousands upon thousands of dollars<\/strong><\/h2>\n<p>In the world of online scams, criminals care about one thing: Your money.<\/p>\n<p>That\u2019s true for the criminals who send you phishing emails that ask you to fill out personal information on bogus webpages that spoof the legitimate sites of Netflix, or Facebook, or your bank. It\u2019s also true of the criminals who prey on the elderly and the unassuming when pretending to develop a romantic relationship online, only to later ask for financial support and disappear.<\/p>\n<p>None of these situations are hypotheticals.<\/p>\n<p>Earlier this year, a woman in Tennessee was fooled in an online dating scam by a thief <a href=\"https:\/\/www.cbsnews.com\/news\/crypto-dating-scam\/?ftag=CNM-00-10aab7e&amp;linkId=153387491\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">who stole $390,000 of her money<\/a>. Just last month, after the Twitter account of a famous digital artist was hacked, cybercriminals abused the account to send promotions for a fraudulent collaboration between the artist and the luxury brand Lous Vuitton. By selling fake raffle tickets for the promotion, <a href=\"https:\/\/www.forbes.com\/sites\/carlieporterfield\/2022\/05\/23\/beeples-followers-lose-438000-to-phishing-scam-after-nft-artists-twitter-gets-hacked\/?sh=330654211332\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">the scammers raked in $438,000 worth of cryptocurrency<\/a>.<\/p>\n<p>Staying safe in all of these situations can be difficult because, often times, the scammers on the other end are practiced, experienced professionals. Still, there are a few things you can do to best protect yourself from falling for an online scam.<\/p>\n<ul>\n<li><strong>Do not click on links in emails or text messages from unknown senders<\/strong>. Even if a message <em>looks<\/em> like it came from a trustworthy source, like a store you often shop at, you should still be wary of any request to get you to hand over credit card or financial information online.<\/li>\n<li><strong>Do not send money to anyone you haven\u2019t met before<\/strong>. <a href=\"https:\/\/blog.malwarebytes.com\/podcast\/2022\/05\/recovering-from-romance-scams-with-cindy-liebes-lock-and-code-s03e10\/\">When we spoke with Cindy Liebes of the Cybercrime Support Network about romance scams<\/a>, she said many victims of romance scams often sent money to people they had never met in person.<\/li>\n<li><strong>Do not trust everything you see online<\/strong>. This may sound simple, but remember that even trusted sources of authority can have their online accounts hacked or spoofed\u2014after all, why else do you think we see so many cryptocurrency scams centering on bogus Twitter accounts for Elon Musk? Because, at first blush, they look legitimate.<\/li>\n<\/ul>\n<h2><strong>Don\u2019t ruin your device<\/strong><\/h2>\n<p>A true story from me, your author. In 2016, I bought a new smartphone that, as part of a promotion, came with an additional smart watch. Getting the smartwatch required sending a separate form and having the watch delivered to my home at a later date.<\/p>\n<p>About a week after I\u2019d sent the form, I received an email allegedly from the United States Postal Service. The email told me that an update on my package\u2014which I believed to be my new smartwatch\u2014could be read in the attached document, which I blindly downloaded and opened.<\/p>\n<p>Lo and behold, the attachment contained ransomware. After just a few minutes, I\u2019d ruined my work laptop. My files were encrypted and inaccessible and the only readable document remaining was a ransom note asking for money.<\/p>\n<p>The worst part about ruining your work laptop is that you don\u2019t even get to take the day off. Working as a reporter, I still had a story to file\u2014I was on deadline! I spent the day reporting and writing an entire article <em>on my phone<\/em>. It was a nightmare that I recommend to no one.<\/p>\n<p>Though my tale is just about ransomware, the truth is that much of today\u2019s malware gets delivered either through malicious attachments or malicious websites. Here are some simple steps you can take to prevent these attacks from happening.<\/p>\n<ul>\n<li><strong>Do not open email attachments from random senders<\/strong>. You never know if what you\u2019ve just received is actually malware in disguise.<\/li>\n<li><strong>Do scrutinize email attachments of all types<\/strong>. Even if you\u2019ve received an attachment from someone or some organization that looks legitimate, remember that, in my case, I was fooled by an email that spoofed the USPS. In fact, a few years ago, threat actors managed to insert malicious attachments into <a href=\"https:\/\/www.zdnet.com\/article\/emotet-hijacks-email-conversation-threads-to-insert-links-to-malware\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><em>ongoing<\/em> email threads between two trusted parties<\/a>.<\/li>\n<li><strong>Do run security updates<\/strong>. Many malware campaigns rely on known vulnerabilities that have yet to be patched by individuals and organizations. The best defense you have to these types of attacks is to stay up to date on your software\u2019s security patches.<\/li>\n<li><strong>Do consider using a browser plugin that flags unsafe websites<\/strong>. <a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2019\/09\/browser-guard-combats-privacy-abuse-tracking-clickbait-and-scammers\/\">Some browser plugins<\/a> can warn you if you\u2019re visiting a dangerous website or a website that has been associated with previous malware scams. Consider using one of these plugins if you\u2019re not sure who you can trust online.<\/li>\n<li><strong>Do use a cybersecurity app<\/strong>. A cybersecurity tool with real-time protection can stop malware before it has a chance to infect your device. This will provide you with the type of cover you need for when you aren\u2019t remembering every best practice, which is okay. Sometimes you click a link you weren\u2019t supposed to. Don\u2019t beat yourself up about it\u2014just get a cybersecurity app to back you up.<\/li>\n<\/ul>\n<h2><strong>Don\u2019t make it easy for criminals<\/strong><\/h2>\n<p>A video of Kanye West from 2018 purportedly <a href=\"https:\/\/www.youtube.com\/watch?v=def3eBH-vWI\" data-rel=\"lightbox-video-0\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">revealed that the rapper and producer\u2019s iPhone passcode was 000000<\/a>. Before you laugh, remember that every single year, a list of the top 10 or <a href=\"https:\/\/www.cnbc.com\/2022\/02\/27\/most-common-passwords-hackers-leak-on-the-dark-web-lookout-report.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">20 most-used passwords<\/a> (as determined through data breaches that revealed account credentials) typically includes \u201cpassword\u201d and \u201c123456\u201d near the top five placements. And, separately, though the reasons for the devastating SolarWinds breach are many, it\u2019s hard to forget that, according to the company\u2019s CEO, someone protected a critical, internal account <a href=\"https:\/\/www.cnn.com\/2021\/02\/26\/politics\/solarwinds123-password-intern\/index.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">with only the password \u201csolarwinds123.\u201d<\/a><\/p>\n<p>The lesson here is simple: Don\u2019t give cybercriminals a free pass.<\/p>\n<p>The truth is, that in most cases, cybercriminals will only succeed against the least-defended targets. If you have any basic defenses in place, cybercriminals often won\u2019t bother with a follow-up attempt to breach your device or steal your information\u2014it\u2019s simply too much trouble when they can move on to another potential victim.<\/p>\n<p>Implement these practices\u2014with the help of some tools\u2014to ruin a cyberthief\u2019s day.<\/p>\n<ul>\n<li><strong>Do use strong passwords<\/strong>. The longer the password the better in today\u2019s world, in which password-cracking is more a function of time than \u201ccomplexity.\u201d<\/li>\n<li><strong>Do use unique passwords for every account<\/strong>.Repeat passwords are a huge risk to you because if your data is breached in an attack on one of the services you use, cybercriminals absolutely will try that password and username combo to access other popular services.<\/li>\n<li><strong>Do use a password manager<\/strong> to help keep track of the dozens of unique passwords you have.<\/li>\n<li><strong>Do use two-factor (also called multi-factor) authentication<\/strong>. With 2FA or MFA, even if your username and password are leaked, your account will still trigger a notification to your phone if a website recognizes that you are logging in from a different device or place. This can stop cyberthieves in their tracks even if they have your account credentials.<\/li>\n<li><strong>Do use a VPN on public WiFi connections.<\/strong> A virtual private network, or VPN, will encrypt your traffic, which can be especially helpful when connecting to public WiFi networks which could be vulnerable to eavesdropping. To learn how to choose the best VPN for you, <a href=\"https:\/\/blog.malwarebytes.com\/privacy-2\/2021\/04\/how-to-choose-the-best-vpn-for-you\/\">read our advice here<\/a>.<\/li>\n<\/ul>\n<h2><strong>Learn from the experiences of others<\/strong><\/h2>\n<p>The Internet can be a risky place where you can legitimately lose thousands of dollars or entire days\u2019 worth of work. Don\u2019t wait until you\u2019ve made your own mistake to course-correct. Start changing your behavior today to enjoy a safer, better Internet experience.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/101\/2022\/06\/internet-safety-month-avoiding-the-consequences-of-unsafe-internet-practices\/\">Internet Safety Month: Avoiding the consequences of unsafe Internet practices<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/101\/2022\/06\/internet-safety-month-avoiding-the-consequences-of-unsafe-internet-practices\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: David Ruiz| Date: Fri, 03 Jun 2022 14:22:33 +0000<\/strong><\/p>\n<p>This Internet Safety Month, learn about the consequences of unsafe Internet practices, and how to avoid them. <\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/101\/2022\/06\/internet-safety-month-avoiding-the-consequences-of-unsafe-internet-practices\/\">Internet Safety Month: Avoiding the consequences of unsafe Internet practices<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10519,10598,18710,3764,10600,11347,3765,22873,26409,26410,11822,10863],"class_list":["post-19242","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-10519","tag-2fa","tag-internet-safety-month","tag-malware","tag-mfa","tag-password-manager","tag-ransomware","tag-romance-scam","tag-romance-scams","tag-strong-passwords","tag-virtual-private-network","tag-vpn"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19242"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19242\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19242"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}