Online security in the age of spammers and hackers

Not that Sparkjoy clients need to worry about website security – we’ve got you covered there – but what about the other sites you visit; especially the ones that require passwords?

If you use the Internet everyday, chances are you have places you go to habitually: email, Facebook, Twitter, news sites, RSS feed readers, online banking, and even online gaming. All of these sites require you to sign in; your login name and password are essentially a secret knock that proves you’re you before the site lets you in.

However this security method, among others, is only as good as your password and your understanding of how the seedy parts of the Internet operate when they try to get this information from you.

What are the bad guys up to?

Spam: unsolicited bulk messages, usually in the form of advertisements. This is most commonly sent as emails (junk mail), but also as pop-up ads, splash pages, instant messaging via texts or online chatting (in-game chats, forums, social media sites, etc.).

Hacking: A hacker is “someone who seeks and exploits weaknesses in a computer system or computer network”. There are many types of hackers, but it’s the “black hat” hackers that most people worry about: these are the people cracking the password to your email account, banking website, or government sites and sharing out personal and sensitive information.

Brute-force attacks: this entails attacking encrypted data to check all possible keys or passwords until the correct one is found. These attacks can slow a website down to a crawl as the attack hits the login repeatedly looking for a way in. Think of it as the electronic version of a battering ram at the castle keep doors.

Phishing: an attempt to acquire sensitive information by posing as a trustworthy entity (company, person etc.) via email or phone. These are the people who send emails claiming your bank account is compromised and if you just email them your banking information they’ll fix the problem and save you from being charged a huge fee. Another common ploy is the phone call that begins, ‘Congratulations! You’ve won a trip to [exotic location]!’ followed by a request for your credit card information to hold the seat, room on the plane, or place on the cruise boat.

419 Scams: These are the ‘Nigerian money scams’ that claim thousands, or even millions of dollars are being held in trust, and all you have to do is let them use your bank account as a transfer spot – money in and money out – and they’ll give you a huge payout as a thank you. These are also presented as lottery, rental, romance, pet, and employment scams (among others) all in an attempt to get you to send bank drafts (cashiers cheques), cash, or your personal banking information.

There are almost certainly other nefarious things going on, but these are the most common – and all of them can be reasonably guarded against by a little common sense and good practises.

What can you do?

One of the most important things you can do to protect yourself is to choose a secure password for the sites you visit.

Here are some common examples of bad passwords:

  • -“abc123” and other short and easily guessable letter/number combinations
  • -birthday or anniversary dates
  • -names of spouse, children, pets, or self
  • -using the name of the site the password is for (e.g., “ilovepizzapizza”)
  • -names of hobbies (e.g., “xboxisawesome”)
  • -holiday dates (e.g., “1031” for Halloween, or “1225” for Christmas)
  • -passwords shorter than the allowable length (i.e., if you have the option of creating an eight character long password, don’t only use four of the available characters)

These types of bad password choices can be cracked in under two minutes using a computer program designed for the purpose.

How do you choose a good password?

There are several ways to choose a good password:

  • -Use a combination of numbers, letters, and symbols up to a minimum of eight characters (e.g., *SfHk90*).
  • -Use a “passphrase” that includes letters, numbers, and symbols (e.g., ^I<3P1E^).
  • -Use a password manager program like Dashlane to choose – and remember! – a secure password for you.
  • -Create the longest password allowed – the longer it is, the harder it is to crack.

 Good password practices

  • -Use a different password for each site.
  • -Change your passwords every month or two.
  • -Do not leave passwords written down and lying around.
  • -Do not share your passwords with others.
  • -Use multi-factor authentication where available (i.e., a second code or password is sent via text or phone before you can login, or this can also be used to recover a lost/forgotten password).

It’s important to be aware, and even a little wary.  Most sites and people are legitimate, and that can make it difficult to know which ones aren’t, but it’s important to get into the habit of asking yourself the following questions before giving your personal information to anyone: ‘Who I am really sharing my personal information with? Why do they want it? What will they do with it once they have it?’