(Credit: Zain bin Awais/PCMag;insta_photos/via Getty Images)
This year, I discussed a range of cybersecurity topics with experts, from preparing college students for online life away from home to using a password manager to save a relationship, and helping seniors avoid AI-enhanced social engineering scams. At the end of each interview, I asked for online safety tips that don’t require an advanced degree or years of experience to understand. I’ve compiled that advice (along with a few tips of my own) as an early holiday gift to PCMag readers.
Verify Before You Venmo: Don’t Trust Any Request at Face Value
(Credit: Devid Espejo for Getty Images)Scammers pose the biggest online threat to most people who are using the internet at home. That’s because they tend to show up whenever you’re doing fairly mundane things, like checking your email or scrolling through text messages. It’s hard to even answer phone calls without encountering a scammer!
In October, I spoke with Ivory Gwin, a teacher at AT&T’s Connected Learning Center in Chicago. Many of his students are senior citizens, and they are frequent targets for phone scams. His advice is to always double-check before sending money to someone, even if the person on the phone claims to be someone you know. If the phone number calling or texting you isn’t in your contact list, stop talking to the person immediately and call them back using the number you saved in your phone. To combat these types of scams, meet face-to-face when giving money, whenever possible.
Voice clones and video deepfakes are effortless to produce using AI tools, so you can’t always trust what you see or hear. To combat this, Aanchal Gupta, Chief Security Officer at Adobe, recommends creating a code word or code phrase for your family members or close friends. Choose the code word in person or via encrypted video chat using a secure messaging platform. Do not refer to the code word in text messages or emails.
If you have doubts about someone’s identity when communicating online, follow your intuition. Find a way to wrap up the conversation, then verify the person’s identity using an established phone number (like the one in your contact list) or in person.
Crypto scammers are ruthless, especially around the holidays. I spoke with Megan Squire, a researcher at F-Secure, earlier this year about new scamming tactics, and she informed me that criminals employ romance baiting tactics to persuade people to engage with them via text or on social media. After a friendly conversation or two, the scammer invites the target to a fake investment group, or sends them a link to a phishing website where they’re encouraged to use real money to buy fraudulent cryptocurrency.
Pressure Is a Red Flag: Don’t Let Urgency Push You Into Mistakes
(Credit: Halfpoint Images via Moment for Getty Images)Earlier this year, I spoke with McAfee’s Chief Technology Officer about protecting small businesses from cybersecurity attacks. Amid his advice for business owners about improving browser security, using a password manager, and requiring employees to use MFA, Steve Grobman offered a tip that you can use at home, too.
Scammers use time-sensitive language to pressure people into acting without thinking online. Sometimes that means you’ll receive a threatening text message purporting to be from the IRS, but it’s really a scammer. Other times, it’s a limited-time, deeply discounted offer for a rare item you’ve been looking for on an auction site like eBay or Mercari.
Instead of acting quickly to resolve the problem, instead, take your time to figure out if the problem even exists by calling the business or institution that contacted you. If you conclude that you were contacted by a scammer, don’t message them again. No matter how satisfying a taunt may seem at the moment, scammers have more time and more resources to wear you down than you have to defend yourself.
Don’t Stay Silent: Reporting Scams Helps Everyone Stay Safer
(Credit: South_agency via E+ for Getty Images)As mentioned above, seniors are often portrayed as ideal targets for scams, but in reality, a scam can happen to anyone. After all, even data privacy experts can fall for phishing emails or scammy text messages. Scammers continually find innovative ways to trick people, and AI makes it very easy for them to do so.
I demonstrated earlier this year that you can use a chatbot to create fake settlement claim websites to scam people out of their personal data. That’s why it’s essential to normalize reporting scams when they occur, and not to shame yourself or others if they become victims of scams.
When I asked Jessica Johnston, a senior director at the National Council on Aging’s Center for Economic Well-Being, about assisting older relatives or loved ones with scam reporting, she suggested first listening carefully to the victim’s story and then offering assistance. She said that people often need a non-judgmental ear to vent about the scam before they can start piecing their lives back together. After listening, ask if your loved one wants help. If they do, report the scam to anti-fraud organizations or enroll the victim in identity theft protection services.
A Little Prep Today Saves a Major Headache Tomorrow
(Credit: Oscar Wong via Moment for Getty Images)I’m leaving to see my family for the holidays soon, and I know there will be a lot of questions about online safety waiting for me around the dinner table this year. I plan to advise everyone to be prepared for any scenario by ensuring their defenses are strong. A good first step is to enable multi-factor authentication for all of your online accounts. MFA adds an additional layer of protection to your account, making it harder for criminals to impersonate you and get your data, even if they have your passwords.
Speaking of passwords, never use the same password for all of your accounts. This is something Gary Orenstein, Chief Product Officer at Bitwarden, mentioned when we talked about preparing college-aged kids for online life away from home. If a criminal obtains your previously used password through a data breach or another method, they can use it to access all your accounts. That’s why you should use a password manager. It will generate, store, and fill in your passwords with minimal effort on your part. Of course, you can skip the MFA codes and passwords altogether by creating passkeys for your accounts and storing them on your devices.
When I spoke with Dr. Williams earlier this year about why everyone’s personal data ends up on the dark web, he told me that people put themselves at risk when they don’t update their devices. System updates are designed to patch holes that hackers can use to gain access to your computers or other devices.
With this in mind, I plan to ask my family to update their phones’ operating systems while we eat Christmas dinner. It’s an easy way to have a phone-free family meal, and it ensures that my relatives will have the latest security patches installed as we enter the new year.
Finally, remember to stay vigilant and be aware of potential threats whenever you use an internet-connected device. Bookmark our cybersecurity checklist to help you remember to lock down your accounts and keep your online life safe from scammers.