Online security is a lot like real world security; consumers, businesses and even governments are exploited due to misplaced trust. Commonly, attackers use one of two approaches exploiting a false belief or employ emotion and confusion to short circuit our rational selves.
One classic scam is for an attacker to look through a phone book where phone numbers were grouped by family name then call the number of the oldest member of the family and claim that a young member of the family was in trouble and would they just wire some money to such and such a place. While phone books are antiquated this scam has become easier than ever due to Facebook.
Defense: You should limit what information you share publicly.
A related scam was using information in the public record like tax records to impersonate a target to a bank. Again technology only makes this scam easier. How many bank passwords are a pet’s name on their collar or recorded in county vaccination records?
Defense: You should use good passwords which is to say long passwords. 14 character passwords can be guessed in a matter of hours using computer hardware available to the common criminal. Never use a password for more than one service. Instead use a keychain utility like 1password or the Mac OS X Keychain app to store them. See also: XKCD
It is not just passwords that we need to be concerned about though. The Security Questions which banks and websites now ask us to supply so they can verify us in case of a problem are almost always based on publicly available information. Like your pet’s name, first car and mother’s maiden name.
Defense: Choose to create your own security question if possible. And if a company forces you to pick from their questions, feel free to lie to create off the wall answers to security questions. For Example my mother’s maiden name is Fred Flintstone. Just remember to store or write the questions and answers down with your passwords.
Of course technology bring a few new, old challenges. Exploiting a by door lock requires a thief to go from door to door looking for weak locks which takes time. In our internet connected world though that thief can let a computer search for weak locks from his easy chair while playing the latest video game.
Defense: Update Adobe Flash Player, Oracle Java, Adobe Acrobat Reader, your AntiVirus of choice and your web browser of choice so that your computer has the best locks possible. Better yet you probably don’t need all of this software. Java needed less and less today while Adobe Acrobat Reader and antivirus are not needed on Apple’s Mac computers or PC’s running the Linux operating system. Therefore you should uninstall unneeded software. Fewer locks means fewer locks a thief can pick.
Setting up a fake bank is now much easier too. In fact most attackers just copy a real bank’s website then entice or scare you into visiting their fake bank.
Defense: Type in or use a bookmark to access banking and other secure websites not links in emails.
Bottom Line: Keep calm and keep your head about you whether on the street or online.