Thank you for opening this article on staying safe online. The following digest is intended to provide basic guidance to a mixed audience of computer users. There are many other articles available online should you require a more in-depth study of this complex subject.
If you have any questions, comments or suggestions please direct them to firstname.lastname@example.org
Think before you click
Rogue emails can come from a number sources:
- From people you don’t know or vaguely know
- Purporting to come from someone you do know, whose email address has been hacked. There are means of sending emails from someone without requiring their password or access to their computer. A number of our U3A members have experience of this.
- From fake institutions like banks and building societies. Such emails can look very convincing with company logos but have giveaway clues such as beginning ‘Dear Valued Customer’, contain spelling mistakes or have a web address similar to the name of the institution they are hoping to fake.
- A fake invoice, claiming you have just made a purchase, and instructing you how to correct matters
Common to these phishing emails are links that lead to websites that can lure you into giving personal information or download malware to your computer.
If in doubt, delete suspected emails without opening them.
Sometimes a link looks legitimate but behind it lurks a fraudulent site ready to ask for your bank details – what you see on your screen is just a label.
Be aware of attachments
Attachments you weren’t expecting might contain viruses.
Word documents can contain macros. These normally automate tasks (e.g. formatting a document) but can also be used to write viruses.
These sites may have an address that’s very similar to a legitimate site, but the page can have misspellings, bad grammar or low resolution images. However, scammers are getting better at replicating sites so make sure, if a site asks for personal information, that you double check the URL and make sure it’s not asking for information it shouldn’t.
Listeners to Radio 4’s “You and Yours” on 16th May will be shocked to hear of a listener, a professor, who was seeking support for his HP Printer. A Google search brought up a choice of “HP” sites. He picked one at random and was soon chatting to a very helpful man who telephoned him back. After taking control of his PC, locking it and encrypting his files he was asked to pay $50 to recover his system. The listener hung up and switched off his computer. The following day he received a further call requesting him to pay $200 to which he hung-up again. After six calls the criminals gave up. The caller changed his passwords and was able to restore his system (exact details weren’t given on air).
Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online—a credit card company is more likely to reimburse you for fraudulent charges.
Beware of ‘pop-up’ windows that randomly appear and never click ‘yes’, ‘confirm’ or even ‘cancel’ unless you are 100% of the resulting action. Also be aware that although a pop-up window may show an ‘X’ (close) in the top right-hand corner of the pop-up box, this may also act as a hyper-link. To check if the ‘X’ is a legitimate ‘close’ button, when you hover the cursor over it a ‘hint box’ with the word ‘close’ should appear. If you don’t see this and you are in any doubt, play safe and simply close the browser window or exit the browser altogether. Most pop-ups are legitimate advertising tools and can be annoying but they can easily be suppressed by using your browser settings or add-ons depending on your preferred browser.
Malicious pop-ups are capable of delivering malware, Trojan software or an alternative hyperlink.
Where possible, if you are sending emails to lots of people use the BCC (Blind copy) so that you don’t reveal those email addresses to everybody! The exception is where a small group of trusted friends wish to exchange emails and replies (e.g. an interest group wishing to organise an event).
If forwarding an email consider removing details of the original sender and anyone else on the CC list.
Backup Your Data
Invest in a memory stick, flash drive or similar to back-up your photos and documents. Programs and Operating Systems can be retrieved but precious family photographs may be lost forever. Backup on a regular basis and don’t leave your device plugged in – it is accessible to any malware that has landed on your computer!
Use Internet security software that automatically scans email attachments for viruses and other malicious software (filtering the type of rogue emails listed above). Always keep your software up to-date.
The WannaCry virus that hit the NHS and other institutions recently was thwarted on PC’s and Servers (even those running the deprecated Windows XP) that had been updated in the last month with Microsoft security patches.
- Never pick obvious passwords like your user name, real name, date of birth, names of family members or pets
- Use a mixture of unusual characters. For example take a word or phrase and substitute letters for numbers and special characters
- Use different passwords for different websites
Consider using a Password Manager to store your passwords (e.g. Smartphone App). You will only have to memorise a single password to open the Password Manager. Most are also able to generate a secure password for you.
How safe is my iPad?
The iPad is designed and built to only accept and install software approved by Apple and accessed via the App Store. Although malware will never get onto your device you still need to be wary of sites you visit that ask for personal information.