Security & Safety Resource Center

It’s been obsolete for years, but make sure you are not still securing any Wi-Fi networks with the legacy WEP standard. WPA2 is ideal as of early 2018 and supported by any legitimate modern router or wireless-enabled device. Be on the lookout for WPA3-certified products in the coming years, as they will have additional features.

If you use two-factor authentication (2FA) to protect your logins, there’s still some risk if the 2FA code is sent via SMS. YubiKey (a hardware authentication device) offers a safer alternative to text messages, in the form of a USB stick that must be physically plugged into your Mac/PC during login. It’s already compatible with many services, including Gmail and Facebook.

If you want to give someone on a message board or social network you email address, it’s best to send it to them via a private message. Alternatively, you can type out the address, substituting actual words for the “@” and “.” symbols. These techniques protect you from having your email captured by automatic scanners used for assembling spam email lists.

Unsubscribe buttons are useful for removing your email address from high-volume mailing lists, like those from political campaigns or big box stores. However, they can also be used against you by spammers: Clicking one of these buttons confirms your account is in active use and in some cases redirects to you a compromised webpage. Flagging the message as spam might be safer.

End-to-end encryption (E2EE) protects your communications during their entire journeys from sender to recipient. Apps like Signal and WhatsApp, as well as the iMessage and FaceTime services on Apple platforms, deploy E2EE to keep your messages private. Defer to E2EE-protected services whenever possible.

Google is a unique resource, albeit one with some significant drawbacks in terms of how extensively it catalogs your activities, from your search history to your geolocation. The privacy-focused search engine DuckDuckGo offers similar results with no tracking, reducing the risk of sensitive data falling into the wrong hands.

June 15, 2004: Caribe or Cabir is a computer worm that is designed to infect mobile phones that run Symbian OS. It is the first computer worm that can infect mobile phones. When a phone is infected with Cabir, the message “Caribe” is displayed on the phone’s display, and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.

An old trick goes as follows: You get a call from someone telling you there’s a virus on your device but that it can be fixed if just grant him/her access to your system and submit payment. It’s all fake. Instead, look for official notifications from your operating system or antivirus software to know whether something needs attention.

If you’re expecting a delivery via mail or private courier (e.g., FedEx, UPS, etc.), you probably track the package online or via text message to see if it’s on time. Check for unexpected emails or SMS updates, especially if they ask you to make additional arrangements by supplying personally identifiable information – they’re probably scams.

Everything from your Wi-Fi router to a new baby monitor might ship with a default username and password, such as “admin” for both credentials. You should change them right away to prevent exposure to botnets designed to take over devices with easily guessed logins.

Typosquatting is the practice of hosting a website at an address that is similar to a popular URL yet off by a character or two, turning it into a trap for anyone making a common typo. Look carefully at what you type or, better yet, just save frequently visited sites as bookmarks and navigate to them from there to ensure you reach the legitimate destination.

A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.

Flash is a holdover from a previous era of the web, when most traffic was from PCs. Mobile devices don’t even support it and there are now safer desktop alternatives, such as HTML5, for running certain browser apps. Consider uninstalling it to shield yourself from the many threats that exploit it.

Although it wasn’t designed as such, Facebook is a powerful caller ID service – it’s easy for anyone to paste a phone number into the search field and find the profile associated with it. The same can be done with email addresses. Change your privacy settings to prevent strangers from easily digging into your personal details.

Staying logged in to a website or app is convenient, but it creates some security risks. Attackers may be able to impersonate your session ID and hijack your account. Log out when you’re finished and use a password manager so it’s easy to log back in.

Never respond to email spam, as this will confirm to the sender that it is a “live” address. Have a primary and secondary email address – one for people you know and one for all other purposes. Avoid giving out your email address unless you know how it will be used. Never purchase anything advertised through an unsolicited email.

Before supplying any information online, consider the answers to the following questions: Do you trust the business? Is it an established organization with a credible reputation? Does the information on the site suggest that there is a concern for the privacy of user information? Is legitimate contact information provided? If you answered “No” to any of these questions, avoid doing business online with these companies.

Make sure your child knows the boundaries of what they are allowed to do on the computer. These boundaries should be appropriate for the child’s age, knowledge, and maturity, but they may include rules about how long they are allowed to be on the computer, what sites they are allowed to visit, what software programs they can use, and what tasks or activities they are allowed to do.

Criminals may pose as cryptocurrency (virtual currency) tech support. Individuals in need of tech support may use online search engines to find technical support companies. Criminals pay to have their fraudulent tech support company’s link show higher in search results hoping victims will choose one of the top links in search results. The fraudulent support asks for access to the victim’s cryptocurrency wallet and transfers the victim’s cryptocurrency to another wallet for temporary holding during maintenance. The cryptocurrency is never returned to the victim, and the criminal ceases all communication. So be very cautious of tech support numbers obtained via online search engines.

Many social media platforms allow you to check in and broadcast your location, or automatically add your location to photos and posts. Geolocation or geo-tagging features on social networks is not the safest feature to activate. You could be telling a stalker exactly where to find you or telling a thief that you’re not home.

Don’t over share on social networking websites. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans.