Security & Safety Resource Center

Clicking on links in emails is often how cybercriminals get access to personal information. If an email looks weird, even if you know the person who sent it, it’s best to delete or, if appropriate, mark it as “junk email.” You could try to contact the company directly (via phone) to be sure the email is legitimate.

Chats and direct messages are essential features of platforms like social networks and online gaming service. Their popularity makes them common conduits for social engineering scams, though. Never click suspicious links or give out sensitive information in these exchanges, especially not to people you’ve just met.

Many PC video games require activation, via unique product keys that come with official copies. There’s an entire cottage industry of downloadable “cracks” purporting to enable access even if you didn’t purchase a legitimate copy. However, many of these programs are malware. In general, video game piracy is high-risk/low-reward and should be avoided.

There’s no undoing an email (with limited exceptions if you’re in an Microsoft Exchange environment). Plus, email security is not as strong as you might expect, especially if you aren’t using email encryption. For these reasons, never give out your sensitive data in an email.

If you use an external HDD for backup, be aware that it won’t last forever. HDD failure rates rise sharply in the fourth year and beyond, so if you’re wary of losing a key backup, make sure to have other drives in the mix and/or use a cloud-based backup solution.

In 1987 appearance of Lehigh virus (discovered at its namesake university), boot sector viruses such as Yale from USA, Stoned from New Zealand, Ping Pong from Italy, and appearance of first self-encrypting file virus, Cascade. Lehigh was stopped on campus before it spread to the wild, and has never been found elsewhere as a result. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.

Email attachments are ubiquitous, but risky – you never know what they might include. It’s usually safer to share content via links to cloud services, since you’re not actually downloading anything onto your system.

A type of malware that replicates itself over and over within a computer.

Most cybercrime starts with malware. Cybercriminals use it to access your computer or mobile device to steal your personal information like your Social Security number, passwords, credit card information, or bank account information, to commit fraud.

Once cybercriminals have your personal information, they use the data for illegal purposes, such as identity theft, credit card fraud, spamming, and spreading malware to other machines.

BitTorrent is a popular way to download content from the internet. It comes with many risks, though, including bandwidth throttling by your ISP and possible malware infection. Use alternatives or, at the very least, guard your activity with a VPN.

Some websites features aggressive advertising and tracking mechanisms. It’s common to see ads for free antivirus software and system scans, as well as warnings that your device has been compromised and requires immediate action, like calling a certain number. These schemes are invariably scams and should be ignored.

Many malware variants are stored in RAM, meaning that once you reset the device in question, they disappear. This was the case for the VPN Filter malware that affected many routers. Reboot regularly to stay safe.

You lock the front door to your house, and you should do the same with your devices. Use strong passwords to lock your tablet and phone. Securing your devices keeps prying eyes out and can help protect your information in case your devices are lost or stolen.

All major consumer email services offer filtering options, with which you can choose what happens to any message that’s from a specific sender and/or contains a particular subject line or words. For example, you can immediately archive any email with “deal” or “unsubscribe” in its body. This can help you weed out risky messages without ever having to engage with them.

Understand as much as possible about how the auction works, what your obligations are as a buyer, and what the seller’s obligations are before you bid. Learn as much as possible about the seller, especially if the only information you have is an e-mail address. If it is a business, check the Better Business Bureau where the seller/business is located. Purchase items online using your credit card, you can often dispute the charges if something goes wrong.

The computers available at libraries, college campuses and other public locations are convenient resources for low-risk activities like browsing the web or collaborating on documents. They’re less great for conducting activities like online banking or shopping, since you can’t be sure they’re 100 percent secure. Stick to your own devices and networks for these transactions.

If you’re in an airport or cafe, you might be tempted to plug your device into an open USB port to charge it. This can be risky, since you don’t know if the port is compromised. Charge via a wall outlet or bring your own battery pack instead.

If you forget the password to your local account on your PC, all might seem lost, since there’s no one to email for a reset link. However, you can hedge against this possibility by creating a password reset disk beforehand. “Disk” is a misnomer; all you’ll need is a USB stick or SD Card. Simply search for “password reset” in Windows and follow the instructions.

Android devices provide considerable flexibility in how you download software. In addition to official stores run by Google and OEMs like Samsung, there are third-party storefronts offering many apps that never underwent any security screening. Stick to the main options to avoid installing compromised apps.

Don’t’ over share personal information on social media. Sensitive information includes anything that can help a person steal your identity or find you, such as your full name, Social Security number, address, birthdate, phone number, or where you were born.

October 12, 2004: Bifrost is a backdoor trojan horse family of more than 10 variants which can infect Windows 95 through Windows 10 (although on modern Windows systems, after Windows XP, its functionality is limited). Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor).

Outdated internet router firmware is a major security risk. Unfortunately, many people aren’t aware of this issue because they don’t do much with their routers unless they have issues with their internet connections. Take a look at your router to find its IP address, which you can enter into your web browser. From there, you can check if there are any firmware updates available.

Ransomware is one of the most dangerous cybersecurity threats because its damage is so hard to roll back; you end up having to choose between paying a ransom that won’t even guarantee safe return of your data, or possibly losing that information forever. Local or cloud-based backup can help by giving you full, restorable copies to fall back on.

Most operating systems give you the option of creating a different user account for each user. If you’re worried that your child may accidentally access, modify, and/or delete your files, you can give them a separate account and decrease the amount of access and number of privileges they have. If you don’t have separate accounts, you need to be especially careful about your security settings. In addition to limiting functionality within your, avoid letting your browser remember passwords and other personal information. Also, it is always important to keep your virus definitions up to date.

The hit video game “Fortnite” recently began providing rewards to players who set up two-factor authentication on their accounts. You should take this step on any service that provides it. That way, you’ll be safe even if someone gains access to your password and username.

A virtual private network is a great way to protect your online activity by encrypting your connection. However, in many instances you get what you pay for. Free VPNs might still log your actions and keep those records or sell them to third-parties; the Facebook-owned Onavo VPN, recently removed from the iOS App Store, showed the reality of such risks. Consider paying for real protection.

Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection on the go.

Hyperlinks are tricky. When they’re included in text, you can’t immediately see where they lead, meaning a simple click could take you somewhere you don’t want to go, like an adware-infested page. Consider hovering over them with a mouse, or copying them with a press and hold contextual menu on a touchscreen and pasting them into a separate document, before following them.

As a general practice, before you publish something on the Internet, determine what value it provides and consider the implications of having the information available to the public. Identity theft is an increasing problem, and the more information an attacker can gather about you, the easier it is to pretend to be you. Behave online the way you would behave in your daily life, especially when it involves taking precautions to protect yourself.

Many services will allow you to keep the same password for years. That’s dangerous, since data breaches along the way might expose credentials that you use across multiple sites. Create strong passwords using a generator, and update them periodically, every six months or so, to ensure you’re not using anything that’s already been exposed in a breach.

If a company wants to have a secure web site that uses encryption, it needs to obtain a site, or host, certificate. There are two elements that indicate that a site uses: 1. a closed padlock, which, depending on your browser, may be located in the status bar at the bottom of your browser window or at the top of the browser window between the address and search fields; 2. a URL that begins with “https:” rather than “http:”. By making sure a web site encrypts your information and has a valid certificate, you can help protect yourself against attackers who create malicious sites to gather your information. You want to make sure you know where your information is going before you submit.

A man-in-the-middle attack involves someone interfering with your attempted communications with another party, typically a website or application. It might entail monitoring your traffic via a non-secure public Wi-Fi connection or sending you to a compromised website. To stay safe, make sure your URL bar always displays HTTPS when conducting sensitive transactions, and use a VPN to encrypt your traffic.