This isn’t the column I planned to write this month. Then the other morning I saw this post on Facebook from a very dear friend. “Click on the link,” the print read, “and get a $300 coupon from Staples.”
I regularly receive $5 coupons from Bed Bath & Beyond in the mail. My husband gets $10 coupons from Uno’s Pizza every now and then. But $300 coupons? No.
So I picked up the phone to tell Peggy that if she herself had clicked on that link, which of course she did because that’s how the oh-so-enticing-bit-of-spam appeared in my newsfeed, she had better change her Facebook password pronto.
Then I gave her a lecture on Internet safety, which I felt kind of obnoxious doing, and it’s not fun feeling obnoxious. So I decided to write this column and be obnoxious to hundreds of people all at once and then we can get over it. OK?
While I’m a big fan of the Internet, danger lurks there. Not only can creepy guys with fleeting fame lure children into sexual liaisons; your credit card information may get stolen, or even your entire identity. Right now, at this very moment, there are robot computers (in China and Russia mostly) trying their best to hack you.
So if you want to stay safe on the Internet (and social media) here are four simple tips.
1. Don’t click on “too good to be true” posts on social media. Like the $300 coupon to Staples — if I had clicked on that post, I’m quite sure that it would have posted itself to my Facebook timeline, making all my friends vulnerable. I assume that there was another link inside that post that would try to scrape possibly valuable information from my Facebook profile. For instance, if someone knows where you were born and the date you were born, it becomes easier for a computer to guess your social security number.
Fix: To quote Nancy Reagan, “Just say no.”
2. Never click on unknown links in an email or on social media. Have you ever received an email — maybe even from someone you know — with only a link? This kind of spam can be annoying without being dangerous: the spammer wants to send marketing information about some dumb product or other, and by clicking on the link, everyone in your address book will get the link to that product. Or it can be outright pernicious: a hacker is trying to use your email to hack into your account to get personal information, or take over your account so it becomes, basically, a spam robot.
Fix: If you do click on a bad link, and people tell you that they have received a weird email or message from you, change your password immediately.
3. Don’t ignore your social or email accounts even if you aren’t using them. The giant hacking computers in Russia often go after “abandoned” Twitter accounts, and I imagine they’re doing the same thing for other platforms people sign up for and then don’t use. Every now and then I get an @ mention from a Twitter account someone I know set up years ago and then never used. This account now tweets at me every now and then with a spam URL, which I don’t click on, but others might. Same thing goes for any “extra” email account you used once for a contest on a fashion site or whatever — you probably never check it, and in this case as well, because you don’t pay attention, the account could be a target.
Fix: If you are truly done with a social network, delete the account. (You may need to reset the password first, however.) Same thing with those “extra” email addresses. Check up on them every now. Send a test email to see what happens. If you need a temporary email, and I mean really temporary, try 10 Minute Mail.
4. Use good strong passwords. Realistically, there is no such thing as a completely un-hackable password. However, you can create complex passwords that will give hackers such a hard time they may give up. If your problem is remembering passwords, then you might want to use either 1 Password or LastPass, tools for which you need only one password, and they make up and manage really gibberish passwords for any site that needs one. LastPass was recently hacked — but people needed to change only their master password. The site passwords remained impenetrable to the hacker. I prefer to make my own passwords: I use a phrase, or a core, and then customize the password for the site so I can remember it. I also keep a list in an extremely safe space.
Fix: Change your passwords on a regular basis. Some employee emails make you do this every six weeks or so. That’s pretty frequent. But I’d recommend every two or three months. You don’t need a whole new password; you can just change a few characters.
Meanwhile, if any of you live in a universe where there are $300 coupons from Staples, please send me a map. I need a new printer. Even if you don’t, leave a comment and we’ll start a conversation.