A couple of days back a good friend of mine was lured into an online scam. The perpetrator assumed a Hotmail support staff and email her to send information (such as her password) as a respond back to a "security measure" taken by Hotmail for it's users. Anyway, i've helped her done some initial "first aid" but more importantly, here are some top 10 online tips
Top 10 Online Tips
- No credible online company will ask for your password! Period. If they do, just trash it.
- No credible application developer will email you an executable (They may put a link up but look at tip no 3)
- If there's a link to download and apply a certain fix/patch, do a search and see if its legitimate first before applying. Most credible sources such as the principle's website would be on the first few hits in your search. Go to that link, read what's it all about. Consult someone credible (yes you can ask me, i would be happy to help)
- You have the right to ask and question anything you receive from a source seemingly legitimate if they are asking for personal information (and it's your right not to disclose)
- If you're in doubt, ask!, search!, be sure!. There's no stupid question, just stupid assumptions
- When transacting anything with money online, DO NOT DO IT OVER A PUBLIC WiFi. There's too many reasons why but i wont.state them here. Search that if you are interested. You might end up reading some stuff on this blog :P
- Passwords are the weakest form of security. Use long passwords (complex short ones are easier to guess than long non-complex ones). I am not a big fan of changing passwords too frequently cause the flipside of that is that you will start to forget those new passwords you created and start using post-it-notes as reminders and start pasting up on your walls/monitors
- HTTPS (secure HTTP) does not necessary mean its secure. You should still verify the certificate (which are used to make that HTTP > HTTPs) and URL. Most browsers will complain if the basic criteria is not met like related URL (friendly name), validity etc... Again, if in doubt, see item 5
- Read stuff. There's a lot of credible website that give users basic and clear information on what's the latest in the world of security. I recommend reading stuff from CNET, Microsoft's Security Website, and the one i like most is http://www.us-cert.gov/current/
- Use basic PC level protection like Antivirus (I use kaspersky and love it), enable a firewall (Windows Firewall is a good start) and keep your machine up to date (using Microsoft OS, just go to http://update.microsoft.com).
Ok, lets say you do get scammed into something and there's risk of potential sensitive information leak. Do the following;
- Ask for help from an IT expert in house or write to me if i can help, i will (real world experts, not the ones from Lowyat forum etc)
- Lodge a police report (state the seriousness of the case)
- Write an email to the corresponding company stating your case. Give them as much information as possible
- Inform any friends that may be affected, of possible fraud attempts (e.g. if your email is hijacked/stolen password, someone may impersonate you and ask for money because you're apparently stranded in the Bahamas, "they" stole your baggage and you need money to travel home and will pay back once you reached back home)
- Learn from the lesson! Read the tips above!