Security & Safety Resource Center

Antivirus has been a cybersecurity fixture for decades and it remains essential even as threats like social engineering and ransomware take center stage. Make sure you’ve got AV software on all PCs, Macs, and Android devices you use.

Impersonating U.S. soldiers is a common scam tactic on Facebook. Someone will pretend to be a service member and then ask for escalating payments to help tend to an injury or other invented pretext. As a rule of thumb, don’t pay anyone on Facebook unless you know them.

Online dating apps are increasingly popular, which makes them havens for scams that can be costly or even life-threatening. Fake photos are often essential to these scams. Luckily, you can reverse image search photos to see where else, if anywhere, they appear online.

Cashier’s checks are supposed to be reliable. However, some scammers use fake cashier’s checks in e-commerce schemes. Watch out if someone offers to send a cashier’s check for more than the amount you asked for an item, and then directs you to pay the excess amount to a third party.

With every social media account you sign up for, every picture you post, and status you update, you are sharing information about yourself with the world. Share with care, because even if you delete a post or picture from your profile seconds after posting it, chances are someone still saw it.

Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. According to NIST guidance, you should consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then you can add in some punctuation and capitalization.

Your home’s wireless router is the primary entrance for cybercriminals to access all of your connected devices. More and more of our home devices— including thermostats, door locks, coffee machines, and smoke alarms—are now connected to the Internet. Secure your Wi-Fi network and your digital devices by changing the factory-set default password and username.

Phishing emails often purport to be from a familiar institution like your bank or Amazon. The sender’s name might be something meant to indicate this (e.g., “Amazon Orders”), but often it won’t match the actual return address, which might be something very long and garbled. That mismatch is a sign to stay away.

Not every link leads to where it says it does. Before clicking it, look to see if it seems weird. For example, if it contains a domain associated with another country or is unusually long and complex. You might also want to run it through an online link expander if it’s been shortened to something like bit.ly/*.

Web browsers are your principal connection to the rest of the Internet, and multiple applications rely on your browser to work. Numerous web applications try to enhance your browsing experience by enabling different types of functionality, but this could be unnecessary and may leave you vulnerable attack. A good approach is to set the highest level of security and only enable features when you require their functionality. If you determine that a site is trustworthy, you can choose to enable the functionality briefly and then disable it once you are finished visiting the site.

When Bluetooth is enabled, make sure it is “hidden,” not “discoverable.” The hidden mode blocks other Bluetooth devices from recognizing your device. This does not prevent you from using your Bluetooth devices together. You can “pair” devices so that they can find each other even if they are in hidden mode. Though the devices will need to be in discoverable mode to originally locate each other, once they are “paired” they will always acknowledge each other without needing to rediscover the connection.

Since pop-up windows are often a result of spyware, clicking on the window may install spyware software on your computer. Close the pop-up window, select on the “X” icon in the titlebar instead of a “close” link within the window.

Say someone emails you out of the blue. The best course of action is usually to do nothing. Don’t respond or click a link or attachment in their message, as doing so might be risky and make you vulnerable to phishing scams.

It’s prudent to review your social media accounts every now and then to see if you’ve left any photos, videos, or textual updates on them that might reveal sensitive details about your identity or location. Delete such posts or at least hide them from public viewing to minimize exposure.

From iPhones to office paper shredders, any device that can accept a security PIN should have one set up. These passcodes protect your data against theft and interception, such as in a situation in which a device were lost or stolen.

Virtual private networks (VPNs) can be confusing to configure. But Firefox makes it easy, at least for US desktop users. It has a VPN built right into the browser, which can be toggled to secure connection and keep your internet service provider from monitoring your activity.

Most websites collect a lot of information on a visitor, which is then used to track them across the web and target ads. If you’re uncomfortable with that, consider setting up an ad blocker or installing specialized extensions that limit what any site can see about your device and activity.