Security & Safety Resource Center

Keep a record of any online activity (emails, web pages, instant messages, etc.), including relevant dates and times. In addition to archiving an electronic version, consider printing a copy to have a record if you report the activity to local law enforcement.

There is such a thing as too much information. Oversharing is more than simply annoying. When a criminal decides to target someone for an identity theft scheme, they sometimes begin their attack by simply researching the person’s social media accounts. If the intended victim doesn’t have privacy settings set up, or if they do but simply accept any invitation that comes their way, they’re basically allowing the hacker an intense look into their entire life.

All other wireless encryption methods are outdated and more vulnerable to exploitation. In early 2018, the Wi-Fi Alliance announced WPA3 as a replacement to the longstanding WPA2 wireless encryption standard. As WPA3-certified devices become available, users should employ the new standard.

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an individual or organization computer system. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate a system. If an attacker is not able to gather enough information from one source, he or she may contact another source and rely on the information from the first source to add to his or her credibility.

Entering your card number into a website is both a hassle and a possible risk if someone is looking over your shoulder or monitoring the network. A better alternative is to just use something like PayPal or Apple Pay, which allows you to check out with a relatively streamlined process using pre-saved payment details. Many platforms also support auto-filling of credit card numbers.

On February 18, 2016, the Hollywood Presbyterian Medical Center paid a $17,000 ransom in the form of bitcoins for the decryption key for patient data. The Hospital was infected by ransomware Locky, it was the delivery of an email attachment disguised as a Microsoft Word invoice that contained malicious macros. This has led to increased fear and knowledge about ransomware in general and has brought ransomware into public spotlight once again.

Here are some tip-offs that can alert you to a phishing email: Misspellings; grammatical mistakes; including your email address in the subject line; no acknowledgement of your name; requests to verify your account; warnings that your account has been compromised. Spotting these can reduce the risk of being a phishing email victim. Total Defense is here to help with solutions for Internet security. Take a look at our products page to find out more.

Vanity link shorteners such as bit.ly and goo.gl were once popular as a space-saving techniques on platforms like Twitter. They carry risks, though, since you cannot immediately see where they lead. Truncated URLs have been used in several scams. For example, a goo.gl address was central to a phishing campaign that pointed victims to a malware-laced ZIP file. Be careful with these links; use a link expander like Where Does This Link Go? or take advantage of Force Touch/3D Touch on an Apple device to get an inline preview.

When shopping online, get the maximum possible security and privacy for your transactions. That means never buying anything while connected to public or open Wi-Fi networks, or even to the Wi-Fi of someone you don’t know well. Stick to your own Wi-Fi or to cellular service like LTE for the safest results.

Unless you trust a site, don’t give your address, password, or credit card information. Look for indications that the site uses SSL to encrypt your information. Although some sites require you to supply your social security number (e.g., sites associated with financial transactions such as loans or credit cards), be especially wary of providing this information online.

Networks without passwords do not encrypt your connection. Accordingly, it’s possible for other connected users to spy on your activity, including any password you type. Don’t view your bank balance or log into any accounts tied to a debit/credit card while on public Wi-Fi. Cellular is much safer in these cases.

You may be able to set some parental controls within your browser. For example, Internet Explorer allows you to restrict or allow certain websites to be viewed on your computer, and you can protect these settings with a password. There are other resources you can use to control and/or monitor your child’s online activity. Some ISPs offer services designed to protect children online. Contact your ISP to see if any of these services are available. There are also special software programs you can install on your computer with Parental Controls such as Total Defense Premium Internet Security.  

If your username for your online banking account is the same as your Xbox Live handle and your password is literally “password”, you’re opening yourself up to attack. What’s more, if you’re relying on the same password for multiple accounts, you’re creating multiple points of failure for a hacker to exploit. Thankfully, we’ve produced articles on this particular topic to help you avoid identity theft.

Like public Wi-Fi, public USB ports in cafes and airports can’t be trusted. Connecting your device to one of them could result in a virus infection. Bring your own external battery pack, or find a standard wall socket instead.

Alertness can go a long way in staving off phishing, even of the most sophisticated variety. At the same time, it’s recommended you have reliable security software in place to continuously protect your system against the latest threats. Try Ultimate Internet Security from Total Defense to get started.

Many smart TVs include automatic content recognition (ACR), which analyzes everything you watch on the device – whether it’s streamed over the internet, cable, or via broadcast television – and uploads this information to a server for use in a recommendations engine. To protect your privacy, turn off this setting; its name varies by model, so simply search for ACR [TV brand] for instructions to disable it.

Free trials are great ways to learn about an antivirus suite’s features before actually purchasing it. However, you shouldn’t bank on a trial version to keep you safe – it’s meant to be a purchase aide, not a comprehensive defense against malware. Upgrade to a full version to stay safe.

You might have tried viewing a video on Facebook or another social site, only to be prompted to download a special codec or plugin to actually watch it. These requests are almost always spurious, given the wide compatibility of video formats between browsers and operating systems. Basically, if you did not go looking for a piece of software, do not download it, especially from sites that are unfamiliar and that are likely choked with pop-ups and ads.

There’s a common technique of sending direct mail disguised as courts summons or other official documentation, to make a response more likely. Many phishing emails take basically the exact same approach, only in digital form. That is, they might use all-caps subject lines (e.g., “URGENT:”) to make it seem like action is required. It isn’t. Institutions like banks or government agencies often use conventional mail for some communications, or structure their emails carefully to avoid scare tactics, often with a level of personalization that’s missing from mass phishing emails. If in doubt, do not engage.

Virtual private networks (VPNs) are helpful security utilities that encrypt your internet connection, hiding it from prying eyes. This strong protection is beneficial if you ever need to use public Wi-Fi. Think of your connection as a car and the VPN as a secure parking garage. Continuing the metaphor, the latter protects you from having to park on a busy street where the vehicle could be dinged or even stolen.

Phishers often steer would-be victims toward domains they falsely claim are legitimate sites, such as a bank’s web app or an identity verification landing page, insisting you act quickly. You can actually preempt this line of attack by keeping all your most important sites saved as bookmarks in your web browsers. These bookmarks can provide a safe fallback in the unlikely scenario that you really do need to do something for your bank or to verify an address.

Most e-commerce web sites have pretty good security. But a good way to increase your safety is to pay with credit, or a prepaid gift and not use debit.  This can protect your identity from theft and can further protect your bank account from theft.

Links can’t always be trusted to go where they say they do. To avoid falling into a trap, hover your mouse over a link you’re not sure of to see where it actually leads. If you’re on a mobile device, you can usually do a light tap and hold on a link to preview where it goes. Try to notice the “root” domain. It refers to what’s in between the “http(s)://” and the first “/”. Phishing sites often have lengthy and/or suspicious roots, such as “system.confirm” or “web-paypal.com.”