Navigating the Internet can be a troublesome journey. Bad actors constantly hide behind emails, websites and social media invitations with the intention of exploiting uninformed users. Even your Wi-Fi router and the now-ubiquitous QR code are danger points. Add to that, the never-ending virus and malware threats.
Computer and mobile device users are often unaware of the danger zone. However, the Internet does not require a continuous journey through the Badlands. To stay safe online, it’s important to know what to avoid and how to protect yourself.
Here are five things you have under your control to help keep your digital activity safe.
1. QR Codes, Easy But Potentially Harmful
These postage-sized image links can be convenient for websites. Simply point your smartphone’s camera at it and instantly visit a website, tech support location, discount offer on purchases, or restaurant menu.
However, QR codes can also take you to a nefarious place where malware or worse is waiting. QR codes can be programmed to link to anything, putting your privacy and security at great risk.
Think before scanning the QR code. If the code is displayed on a website or printed document that you trust, it is probably a safe one. If not, or you’re unsure, check it out.
You can download reputed QR reader apps that will do security checks at the endpoint of destination of the QR code. One such security tool I use is the Trend Micro QR Scanner app, which is available for Android and iOS.
2. Avoid ‘Unsubscribe’ Email Scams
This is a popular ongoing scam that has a high success rate for hackers. Potential victims receive an email asking for a product offer or other business invitation. The opt-out action move is enticing, looks familiar, and feels appropriate. “Don’t want to receive our emails? Click here to unsubscribe,” it prompts.
Sometimes annoying repetitive emails asking if you want to unsubscribe from future emails. Some even provide a link for you to unsubscribe.
Do not select any option. Clicking on the link or replying confirms your active address.
Never enter your email address in the “Unsubscribe me” field. More senders will follow.
A better way to remove unwanted email, especially from an unknown sender, is to mark it as spam. This moves it to the spam folder. You can add that sender to your email program’s block list, or set a filter to automatically remove it before it reaches your inbox.
Finally, check out the free service Unroll.me. There you can unsubscribe from unwanted emails, keep others, or receive the rest in the Daily Digest.
3. Lockout Facebook Hackers
Other villains try to usurp Facebook accounts. Hackers can change your password, email address, phone number and even add a security code to lock you out of a pirated account. Before trouble strikes, be proactive to prevent these situations. Facebook provides the following security settings that you need to enable.
Enable two-factor authentication (2FA) to require your login approval on a different device.
To do so, log into your Facebook account on a desktop computer and navigate to Settings & Privacy. Next, select Security and login. Then scroll down and edit the Two-Factor Authentication option.
You will need to enter your Facebook password to complete this step.
Activate these two additional features to block Facebook hackers:
- Enable the code generator feature in the Facebook mobile app
- Set up login alerts in your email
First, open the Facebook mobile app and tap on the magnifying glass, enter the word “code generator” and tap the search icon. Tap on the Result Code Generator to navigate to the next screen, then tap the “Turn on Code Generator” button to receive a 6 digit code that changes every 30 seconds. You will need to enter this code within that short amount of time to login to your account on another device.
Next, set an alert about unfamiliar logins. You can do this from a computer or mobile device.
- Computer: Go to Settings & Privacy > Settings > Security & Login > Receive alerts about unrecognized logins (see screenshot above).
- mobile application: Tap Menu > Settings & privacy gear icon > Settings. Then tap Password & Security. Next, scroll down to Set up additional security > Receive alerts about unfamiliar logins > Tap to select your preferred notification methods.
If you’re having trouble logging in, visit facebook.com/login/identify to have the problem fixed. If you are unable to log in there, go to this Facebook help page instead and fill out the request form for Facebook to review your account. You will need to answer a few security questions to prove your identity. This may include providing proof of ID, like a picture of a driver’s license.
4. Secure Your Wi-Fi Router
The influx of people working remotely since Covid has put home Wi-Fi routers among the target sites of hackers. As a result, malware attacks on home Wi-Fi networks are on the rise because residential setups often lack the level of security and protection found on enterprise networks.
One nasty attack tool, called ZuoRAT, is a remote access Trojan designed to hack into small office/home office routers. It can affect macOS, Windows, and Linux computers.
With it, hackers can collect your data and hijack any site you visit on your network. One of the worst factors of ZuroRAT is that once your router is infected, it can infect other routers to spread the hackers’ reach.
Follow these steps to better secure your home/office Wi-Fi network:
- Be sure to enable WPA2 or WPA3 encryption on your router. The default factory setting is often the old WEP (Wired Equivalent Privacy) security protocol, or is set to none. See the user manual or the router manufacturer’s website for instructions.
- Change your router’s SSID (Service Set Identifier) and password. It is critical. Typically, the factory setting shows the make or model of the router and has a universal password such as 0000 or 1234. Change the name of the SSID to not identify you easily. Avoid names that include all or part of your name or address. Make sure the password is very strong.
- For added security, change the router’s password regularly. Yes, this is a major inconvenience as you will also have to update the password on all your devices that use that Wi-Fi network. But considering that it will keep hackers away, it is well worth the trouble.
- Keep the router’s firmware up to date. Refer to the user manual and/or the manufacturer’s website for steps on how to download the latest update.
How do I create a password that is hard to hack?
The strongest passwords have all these characteristics:
- Long – the more characters, the better
- mix of upper-case and lower-case letters, numbers, and special characters
- No jargon words or anything related to personal information
Pro Tip: When using a password generator, always replace at least a few characters from the random result to create your final credential.
5. Beware of the phony tech support plans
Some fraudsters call you on the phone to tell you they are a tech support department working for a well-known computer or software company. The caller claims to have detected a virus on your device or made a call in response to an alert from your computer of malware. The scammer offers to fix it if you only provide your credit card number.
Keep phone. Your computer is not infected.
A modified version of this tech support scam is a text or email claiming the same details. do not respond. Just delete the message and move on.
You can also browse the web when a pop-up message crashes on your screen. I have received too loud Audio alerts warn me that my computer is in danger and should not be turned off without responding for help.
In all these cases, scammers want to scare you into following their instructions. The action they seek to fix the alleged problem will damage your bank account and possibly let them transmit the actual infection.
Follow these best practices to protect yourself from tech support fraud:
- never Allow a scammer to trick you into visiting a website or clicking on a link.
- never Agree to a remote connection by the so called technical support agent who initiated contact with you.
- never Provide payment information for technical support you haven’t started. Legitimate tech companies will not call you and ask for payment to fix a problem detected on your device.
If you suspect that your computer has a virus or malware problem, contact a self-repair center. You probably already have a support plan or active warranty from where you bought the computer. If you have not contacted a technical support company, the call or message you have received is illegitimate.