Social engineering is the use of deception to manipulate individuals into revealing personal information that may be used for fraudulent purposes. Hackers are generally not exploiting technical flaws in your operating system or software - they are targeting you.
Video: What is Social Engineering?
Your digital footprint is all the information about you that appears online.
The kinds of information that are probably available about you online include your email address, home address, phone number(s), employer, age, race, sex, income, marital status, religion, political affiliation, personal interests, photos and videos of you with family or friends, which social media you use and your “likes” and comments, criminal records and local real estate tax records.
A common misconception is that your digital footprint includes only information you place online. In fact, your digital footprint includes all the information about you that is available online, whether you put it there or not. Your digital footprint is permanent.
To reduce your digital footprint consider using privacy-protecting browser extensions or browsers like Brave that have privacy features built in. You can also use search engines like DuckDuckGo, Yahoo!Search or Startpage that do not track your activity as extensively as Google.
Use a password manager. Most good password managers allow you to securely store your passwords, generate strong passwords and save related information such as answers to security questions.
Never reuse passwords. If a hacker obtains credentials for one of your accounts they will try to use those same credentials on your other accounts.
Make passwords as long as you can - 20 characters or more. The longer the password the more difficult it is to defeat.
Don’t use personal information in passwords. Names of family members or pets, birthdays, anniversaries, favorite sports teams, etc., should never be used to create passwords. Don’t substitute symbols like @ for the letter A. It doesn’t fool anyone and it’s a pattern hackers already know about. If your passwords are strong there isn’t any need to change them regularly. If you think one of your passwords has been compromised change it immediately.
Video: What is a Password Manager?
If you can't use a password manager read these articles on creating strong passwords:
When you are required to answer security questions while creating a new account, always use made-up answers. If you are asked to provide your mother’s maiden name as the answer to a security question, make up a name and record it in your password manager so you can access it the next time you log in.
Never reuse answers to security questions, even if they are made up. If you used Throckmorton as a fictional maiden name for your bank account don’t use it for your retirement account.
Two-Factor Authentication (Two-Step Authentication, Multi-Factor Authentication, or 2FA)
Two-factor authentication is an extra layer of security for your accounts. Most of the time, two-factor authentication requires you to verify your identity when logging into an account by sending a code to your mobile phone.This protects you if someone obtains your password and tries to access your account. Since the hacker doesn’t have the code, they can’t get into your account even with the correct username and password.
Enable two-factor authentication for all accounts that offer it.
Always configure your computers, mobile phones and tablets to lock themselves when not in use. Don’t leave your devices unattended in places where others can access them.
Avoid sharing personal information online whenever possible. Things to avoid sharing include usernames, passwords, home address, phone numbers, date of birth, anniversaries, Social Security numbers, where you work, work schedules and when you will be out of town.
Use privacy settings in your social media accounts to protect as much of your personal information as possible.
Virtual Private Networks
A Virtual Private Network is software you can install on your personal computer or mobile device that provides security and anonymity by creating a private connection across a public network. Always use a VPN on personal devices when connecting to public WiFi networks in places like coffee shops, airports, public libraries or hotels.
Video: What is a VPN?
Email and Texting Attacks
Attacks are usually designed to look like messages from your friends, relatives, your employer, a social media company, your bank or credit union, the IRS, etc. The subject lines frequently include urgent or threatening language. Examples include Service Cancellation, Confirm your delivery, Late Payment, or Attention Required.
Email and texting attacks often include grammatical errors, odd capitalization or misspelled words. Malicious messages usually offer something too good to be true and ask you to provide usernames, passwords, bank account information or credit card numbers. Be cautious about all electronic communications you receive.
If you receive a phishing email in your RPS account forward it to email@example.com and let them know you think it is suspicious. If you think you have received a phishing or smishing attempt in a personal account do not open it, delete it. If you open a message and realize it is suspicious do not click any links or download any attachments.
Use antivirus software on personal devices that will scan email for suspicious attachments.
Scrutinize sender email addresses to make sure they match the person, company or organization they claim to represent.
Malware (including viruses) is software designed to disrupt, damage, or gain unauthorized access to a computer or other electronic device. Malware can infect your computer, mobile phone or tablet when you download a malicious app or file from an unknown source, visit a malicious website, or click a link in a malicious email.
Protect yourself from malware by:
- using antivirus and malware removal and protection software on personal devices
- keeping your devices' operating systems up to date
- being careful about the websites you visit
- using tools like Google Transparency Report or Virus Total to check the safety of specific sites and URLs
- visiting secure websites with https at the beginning of the URL and a locked padlock icon
Be aware of warning signs that your computer is infected:
- it's slowing down
- it crashes frequently
- you see popup messages you've never seen before
- you see unfamiliar icons on your desktop
- you can't access system settings
If you think an RPS device is infected contact the Service Desk at firstname.lastname@example.org or 804-780-7880.
If you think a personal device is infected take it someone qualified to remove the malware.
Back up important files to an external drive or cloud storage service on a regular basis.
If you become the victim of ransomware do not pay the ransom.
Video: What is malware?
Well-known companies and organizations have an incentive to protect their data and the private information belonging to customers, but no security is 100 percent reliable. Data breaches can occur when a single employee clicks on the wrong link in a phishing email. When transacting business online try to stick to familiar and reputable companies and organizations. Be selective about the information you provide to companies you do business with.
Phone Scams (vishing)
There are hundreds, maybe thousands, of different phone scams. One that is widespread in 2021 features calls from people claiming to be technicians from well-known companies such as Microsoft or Apple. They say they’ve found a problem with your computer and ask you to install software giving them remote access. They ask you to pay for a problem that doesn’t exist and/or they will install software that allows them to gather personal information or disable your computer until you pay a ransom. Scammers may also call and claim to be from your bank or credit union, a social media company, your electric utility, etc.
Protect yourself from phone scams by:
- setting your mobile phone to block unfamiliar numbers
- not answering calls from unknown numbers
- hanging up on robocalls
- not following instructions like Press 1 to speak to the operator
- never divulging personal information over the phone