How to avoid cyber attacks, viruses, scams and phishing

Every day we hear about another victim.

Viruses are a part of modern life and anybody can be hacked if somebody is determined enough.

The most common concern for beginners is internet (online) banking. Is it safe? Will somebody empty my account?

Viruses, hacking and cyber attacks might seem like synonymous terms but they are different. 

If you receive a virus, then yes, you’ve been hacked. But you can be hacked without ever getting a virus or even knowing about it, at least straight away. Both of these scenarios could be classified as a cyber attack. 

Let’s break this down.

A VIRUS, also known as malicious software (‘malware’ for short) is designed to do harm, irritate, cause havoc, be a nuisance or cause an inconvenience of some kind.

Here are some examples:

Some viruses are more subtle.

For example, you may receive an email that appears to be from your bank, but it's actually from a scammer who has used the bank's logo and other bits of text to lure you into thinking its genuine. 

The email often informs you of a problem that needs your immediate attention and then provides a link for you to click.

When you click the link, a small piece of hidden software called a key logger is placed in your computer to record all of your keystrokes.

This means that any usernames, passwords, bank numbers and all kinds of other sensitive information that you type in can be seen - and used - by the scammer. It's like they are watching over your shoulder as you type them in.

You can imagine the potential consequences.

I’ve painted a pretty bleak picture!

But with a few simple precautions you can minimise your chances of becoming a victim:

As a bare minimum, get some form of internet security, also known as anti-virus software. This will pick up 99% of the problems mentioned above.

Internet security software builds a string protective wall around your castle.

It checks websites you visit, incoming emails and files and attachments you download for anything suspicious.

These are the main mechanisms by which viruses are transferred.

Many new computers come with a 30 day trial of Norton Internet Security. After 30 days you pay to continue using it.

Norton will do the job but they will also bombard you constantly with unnecessary notifications and upsells.

Most professionals remove Norton immediately and replace it with an alternative.

Same for McAfee, Trend Micro and Kaspersky.

Here are some suggestions:

I’m not an affiliate for any particular brand. Do your own research but make sure you have something installed. Ask a friend to help if you're not sure.

Phishing is a way of obtaining your personal information using deceptive techniques.

Don't click on a link if you have any doubt.

Websites and emails commonly use links as a way to direct you to a specific place, normally a webpage. You can easily identify a link because it is blue and underlined. When you hover over a link the mouse pointer changes to a white hand with a pointy finger.

Some links will say what they are linking to, like this …

          https://officemastery.com/computers-for-the terrified/

… but some will hide the link behind some innocent looking text, like this…

          Click here or Fix Now

Always hover over a link BEFORE you click it and check the website name that appears in the bottom left corner of your screen.

An email scam that is often used to trick people is to make the email look like it has come from your bank. They will use the bank's logo and will often use the same small-print but it's just a front.

The topic of the email might even convince you to take urgent action, such as asking you to change your password because of a potential security breach.

A financial institution will NEVER send an email with a link for you to login or change a password.

A genuine email from your bank will tell you to visit your bank's website (manually, not with a link), log in, then change your password once you are inside.

Always hover over the sender's name. If the sender's address is clearly NOT from the bank, hit the JUNK/SPAM button or delete it immediately.

Scammers use every sneaky trick in the book.

For example, if your bank's website is bestbank.com, they might use mybestbank.com or bestbanksite.com or best-bank.com. These differences are sometime so subtle, you may be lured into clicking the link.

If you do click a rogue link, you will end up on a page that looks like your bank's website, but of course any details that you enter are going straight to the bad guys! And that's where the trouble starts.

If you look at the address bar for any website it will start with ‘http’ or ‘https’. That little ‘s’ makes all the difference, and on some browsers like Chrome will be accompanied by a padlock symbol.

The ‘s’ stands for SECURE and it means that any data transferred from the web page to anywhere else on the internet is first jumbled and then un-jumbled at the other end using a secret key. This is called encryption. Even if data is somehow intercepted it will look like a jumbled mess and cannot be used.

Any website that sells you something and has a payment page will use a secure page.

Any login page will be a secure page.

Generally, any form you fill out will be a secure page

Always look for https or the padlock symbol on the website address before entering any sensitive information such as your credit card details, user name or password. 

If that’s’ is not there, run the other way!

If you still have any doubts, keep a credit card with a low balance that you use solely for online purchases. That way you limit any downside.

Paypal is a way to transfer money and make online purchases using a third party. They act as an intermediary. If you require a refund or are charged for something you didn’t buy, Paypal will reverse the charges and handle that for you.

When you first sign up for a Paypal account, you need to enter and then confirm your bank account or credit cards details.

Paypal then deposit two small amounts into your account (it may take 2-3 days). You then sign back into Paypal, type the amounts deposited and you're set to go.

Did you know ...

Elon Musk (you may have heard of him) was one of the pioneers of Paypal before moving onto bigger projects like Spacex, Tesla, the solar recharge grid that spans America, the Boring company and the LA Hyperloop.

The original idea of Paypal was to enable one person to pay another with just an email address.

Passwords are a necessary nuisance.

Many website have their own rules for passwords. At least one uppercase letter, one lowercase letter, number and special symbol. The rules differ. There is no consistency, yet.

That said you should take sensible precautions with your passwords:

Last time I looked, I had 285 different accounts for sites I need to sign into. I really should do some housekeeping/culling.

But here’s a useful tip for you: Use a password keeper

A password keeper stores all your passwords securely. It has one master password that you need to remember.

You can get the keeper to generate strong passwords for you. No need for you to ever know what they are, just get it whenever you need to.

If you want, you can get the keeper to populate usernames and passwords on sites so that you are logged in automatically.

You can also do the same for credit card information. Rather than typing in your credit card details every time, call on the keeper to do it for you.

I use a password keeper and it simplified my life immensely.

Some browsers like Google Chrome, Safari and Edge have their own password keepers built in, but if you want a more comprehensive tool, look at Dashlane, LastPass or 1Password. A few suggestions amongst many. The cost is around $25 per year.