What do Sony, Yahoo!, PBS.org, and the White House all have in common? They’ve all been victims of coordinated, sophisticated, and somewhat successful attacks by hackers and phishers intent on stealing your private information: think your home address, your birthday, your social security number, email addresses, and yes, your credit card info.
The bad news is that online hack attacks and phishing attemps are getting more and more sophisticated every day. The good news, however, is that you can foil most hackers—or at least keep the damage to a minimum—by following a few simple steps.
1. Never give your password(s) to anyone.
Just get an email from the likes of Citibank, Paypal, or Amazon asking you to verify your username and password? Beware. You may be the target of a phisher—that is, someone who’s trying to steal your login credentials through an official-looking email or website.
First of all, remember that no reputable customer service rep or IT staffer would ever ask for your account password via email or over the phone. Also, never log into one of your online accounts after clicking a (possibly bogus) link in an email message unless you’re convinced the email is legit; instead, type the URL of the account you need to access directly into your web browser.
2. Never open links or attachments in an email from a stranger.
Another favorite tactic of hackers is to trick unsuspecting victims into opening a malicious email attachment or click a link to a Trojan-infested website. Some phishing emails may look incredibly obvious, while others are far more devious—and indeed, in the most recent White House attack, the messages were written in flawless English and referenced projects that the recipients were actually working on, and even appeared to be sent by friends and colleagues. (Such personalized, highly targeting attacks have been dubbed “spear phishing,” according to the New York Times, and unfortunately they’re very tough to spot.) Sneaky, right? In any case, when in doubt, don’t click.
3. Don’t be fooled by anti-virus pop-ups.
You’ve seen ’em—those annoying pop-up ads that purport to have detected a virus in your PC or Mac and promising to clean your system if you just tap the big flashing button. Careful: there’s a good chance that by clicking that ever-tempting link, you’re opening up your computer to a trunk full of malware.
4. Don’t use the same password for all your accounts.
It’s great advice that’s tough to follow—after all, who wants to remember 20 different passwords? The reality, though, is that if you use a single password for all your online accounts and hackers manage to break into one of them, you’ve essentially given them the key to unlocking all the others. Not good.
5. Don’t use a debit card for your online transactions.
If the worst happens and a hacker does manage to snag your address, phone number, and credit card info, you can always dispute any suspicious—and potentially massive—charges with your (typically agreeable) credit card company without dealing with any cash-flow problems. But if the bad guys nab your debit card and manage to drain your checking and savings accounts, you may have to figure out how to cover your rent and groceries while dealing with the authorities. Better to spare yourself any headaches and keep your debit card stowed while shopping online.