Riveters! Red here, It’s been awhile since I’ve graced you all with an infoSec post. Recently in our circle we’ve noticed an uptick in people getting their social media accounts hijacked through malicious videos and other nefarious means.  With that in mind I thought I’d share a short list of tips and tricks anyone can use to enhance their security online.

5. You don’t need any more plugins

Plugins are dying a rapid death.  Those of us that have been surfing the internet for much of the last 2 decades remember when you needed a laundry list of browser plugins to do anything fun on the internet, Flash, Java, Shockwave, Quicktime, RealPlayer, the list goes on.  Those are all dying or dead now, why? They ended up being obnoxious security holes and web coding and browsers evolved past the need for them.  If you’re trying to view this cool link your friend sent you that you absolutely *HAVE TO SEE* and it’s insisting you download something in order to view it, it’s probably a scam.

Example of a fake plugin

4. Beware of cryptic messages or urgent messages, these are your friends, you know how they communicate

A common sleazy tactic that’s been used in cons *cough* I mean sales, since the beginning of time is the creation of a false sense of urgency.  This motivates your mark, *cough* I mean customer to make a knee jerk choice without thinking.  Online scammers are great at this, and if they’ve compromised one of your friends already they’re even better.  If someone’s pitching this link as the greatest thing since sliced bread, it probably isn’t.  If the conversation seems to imply that you’ll miss out or bad things will happen if you don’t check this link out its probably a scam.  Do you talk to this person often? Then why do they suddenly sound like English is their second language?  Do you never talk to that old friend from high school?  Then why are they sending you of all people the secret to independent wealth at 5am on a Tuesday?

 3.  Use a strong password whenever possible, use a variety of passwords across your different apps

People always make this out to be harder than it is.  A strong password does not have to be a randomly generating string that you painstakingly memorize.  What I tell people to do is come up with a system for constructing passwords, focus on remembering the system more than the password.  Come up with a couple of words that you can associate together, but a random person of the street wouldn’t, toss in a 2-4 digit number that’s significant to you, and pick a symbol or 2 that you can remember.  Again, focus more on remembering your method than remembering individual passwords.  Have a burner password/high risk password.  While considered horrible practice from a security standpoint, reality says there are some passwords we share, like our Netflix password with our roommate.  In this case, don’t give them a password you use for other, more important stuff, pick one specifically to share.  Also make sure your recover options are up to date.

2. Use 2-factor/2FA/Multi-Factor authentication

Many online services such as Facebook, gmail, Discord, WordPress, Steam, Dropbox, Blizzard, and more have the option to enable 2-factor authentication.  What this does is link your account to your phone, or your phone number.  When you try to login after you get your username and password right, you’re prompted for a second randomly generated code.  You get that code either texted/emailed to you, from an app on your phone,  or a popup notification on your phone.  This means that if someone manages to jack your password they’re probably not going to be able to login to your account, and if they try you’ll know.  Did you accidentally click that link? Did you login to a convincingly fake login page inadvertently giving your username and password to scammers?  Not to fear, unless they’re over your shoulder, or they hacked your phone too, you have a safety net.  Change your password immediately, learn from your mistake, move on with life.

Google Authenticator

1. Be vigilant, stay informed, learn, and adapt

Ultimately your online security is on you.  You chose what services you use, what security measures you put in place, and who you trust with your information.  Security technology has evolved to the point where the most easily exploitable part of any system is the people that use it, not the system itself.  Educate yourself, keep your systems up to date, rectify your mistakes, help others do the same.

Leave a Reply