Beware of phishingA classic line in the movie Spaceballs reveals a secret password is 12345. Dark Helmet (Rick Moranis) says, “That’s the stupidest combination I’ve ever heard in my life! That’s the kinda thing an idiot would have on his luggage!” Of course, it is exactly what President Skroob (Mel Brooks) uses.

As Ryan Duquette of Hexigent Consulting recently told members of IABC/Toronto’s Professional Independent Communicators, strong passwords are one of the best ways to protect your digital data. Forget 12345 and password, two of the worst passwords you could possibly use:

  • Make your password at least 15 characters long.
  • Use a word you’ll remember, but substitute special characters or numbers in place of letters, as in W@terMelon.
  • Check how strong your password is at https://howsecureismypassword.net.
  • Use different passwords for different accounts. Then if someone hacks into your Facebook account, they won’t also be able to access Twitter, email, LinkedIn or other accounts.
  • Change your passwords every three months.

Another way to protect your data is to be wary of free public Wi-Fi, which can be used by hackers to get into your accounts, track your computer activity, take over your devices and steal your information. If you do use free Wi-Fi:

  • Turn off auto connect, which might connect to a location you’ve used in the past without you realizing it. Only use auto connect at home or in your office.
  • Turn off sharing of files, folders, printers.
  • Turn on your firewall (Lifehacker has a post describing how).
  • This may seem obvious, but don’t use free Wi-Fi to pay bills, access your bank account or enter other sensitive information.

Ryan also spent time talking about the creative ways the bad guys try to steal your information:

  • phishing emails, where they try to get you to click on a link, enter a password or download a file. (Don’t do it!) About 97% of phishing attacks are now some form of ransomware, where you must pay to get control of your computer again.
  • spear phishing, which are more personalized and therefore more successful
  • whaling, which is a form of spear fishing where emails to finance employees that appear to be from the CEO result in stealing billions of dollars.

Our group was quick to notice all the spelling mistakes in the examples Ryan showed (as in the “reservered” that came in my email above), but phishing is becoming big business. Scammers are getting more sophisticated all the time and we won’t be able to rely on our spelling radar much longer. Ryan suggested that with any invitation to click or download:

  • Stop and think.
  • Be suspicious.
  • Take a closer look and hover your mouse over any link to reveal the REAL link.
  • Pick up the phone and call the person supposedly sending the email.

Ryan also suggested regularly backing up your computer, having security settings update automatically so you have the most current bug patches, keeping apps and operating systems updated and using anti-virus programs.

The session was helpful, but alarming. If only the bad guys would use their talents for good, not evil…

Were you there? What tips stood out for you?