/ 17 January 2017

Gone phishing: 5 ways you can protect yourself online in light of latest Gmail hack

Password management systems have become more popular as hackers have become smarter.
Password management systems have become more popular as hackers have become smarter.

Privacy is a right you haven’t always had but that you’re fully entitled to. Article 12 of the Universal Declaration of Human Rights states: “No one must be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation.”

It’s a human right, one you are born with regardless of your race, sex, religion, nationality, sexual orientation or political affiliation. Just because you have it doesn’t mean anyone will help you protect or realise it. 

Here are five tips to help you guard against digital attacks on your virtual life.

1. Distrust is king
A few simple practices can vastly reduce your risk of being hacked or having your information stolen or leaked. Antivirus programs have their limitations but they are still good to have on your devices. But no antivirus program can save you if you’re not diligent about your own security. 

Never ever trust anyone who approaches you directly. No reputable service will ever email you and ask you for a password or any other identifying data.

Companies such as Facebook and Google allow you to upload unlimited data to their servers for free, but then sell your info on to advertising companies. Never respond to requests for personal or account information online, especially in emails. If a government or banking institution calls you to ask for personal information, make an appointment to hand it over in person. If an email from a company tries to solicit information from you, check whether there is a verifiable phone number in the email and call to confirm the request.

READ MORE: Hacker collects 272m email addresses and passwords, some from Gmail

2. Two-phase authentication is an annoying but crucial step
Think of your emails as a skeleton key to your life. Once that’s compromised, it’s easy to access other areas of your life.

There’s a new phishing scam targeting Gmail users. Security analysts say it’s extremely sophisticated and that even experienced, tech-savvy users are being duped. The scam tricks potential victims into giving up their Google credentials, before going through their sent messages folder for new victims to pass the malicious email on to.

The attack uses image attachments that masquerade as PDF files. Once clicked on, users are directed to phishing pages masquerading as the Google sign-in page. As soon as a password is entered the account is compromised. Using familiar subject lines and attachments from information gathered from previous correspondence, the attacker makes the phishing emails look ever more convincing to recipients and allows the scam to propagate quickly. The phishing pages do not appear to set off Google’s SafeBrowsing system warnings, which are designed to alert users when they land on an unsafe web page.

Not all is lost, thankfully. You can avoid being targeted by enabling a two-factor authentication and by looking out for the prefix “data:text/html” in the browser location bar, which indicates that you are being directed to an illegitimate web page. Basically, two-factor authentication is a second layer of security when signing in, which usually involves receiving a text message with a special code whenever you sign into your account.

Look at the browser address bar and verify the protocol and hostname. Make sure that there’s nothing before accounts.google.com other than https://. It ought to look like the below image.

3. Don’t reuse your P4$$w@rd
There’s no point in having a long, convoluted password if you’re going to reuse it across multiple platforms. Instead of trying to memorise multiple passwords you can use software like RoboForm or LastPass, which generate strong passwords for sites and then remember them for you. Always use a password manager that’s independent of your browser. Third-party managers allow you more options, such as mobile device support and they work on both Windows and Mac and have smartphone support. If like me, your brain freezes on occasion, this is a handy tool. That goes for you too, Mark Zuckerberg.

4. Shush!
Social media has a insidious way of making one feel safe and comfortable in the notion that people on the internet are our friends and close acquaintances. It’s tempting to tell everyone online that it’s your baby’s first day at school or where you work but it would be prudent to keep certain aspects of your life private. Please don’t confuse secrecy and privacy. When you visit the loo we all know what you’re doing but you still close the door.

Sharing everything is great for advertisers, but it can be a dangerous endeavour. What happens if someone culls information from your Facebook account to steal your identity? Do you really want strangers taking note of your check-ins and tags to know where you are at all times?

Being safe on social media means guarding your personal details jealously. Regularly review your Facebook privacy settings to make sure you’re not sharing anything you’d rather keep private. You should also check these Google privacy settings. Even if you don’t use Google+ social network, it might still be leaking your private email address to the world.

Don’t divulge your full birth date, your mother’s maiden name, pet’s name or any other identifying information that can be used for password recovery on social media websites.

READ MORE: Social networks are ‘playgrounds for hackers’

5. Websites are tracking you 
Did you know that websites keep track of how you’re using them, and even the sites that don’t require you to sign up with an account can keep a track of your preferences and behaviour using cookies? 

Google and Facebook keep tracking you even when you’re not signed in and follow you around the web to serve you with “relevant” advertising and content. And as most of us will have signed up for at least one of Google’s many popular services, that’s the company that has the most information. If the idea that these companies know so much about you makes you uncomfortable there are ways to stop it. 

Head to the advertising cookie opt-out page and click download to get the cookie opt-out plugin. This plugin is available for Chrome, Internet Explorer and Firefox. After downloading this plugin, Google will stop tracking your browsing activity.

If Google’s tentacles are too far-reaching for you, switch to DuckDuckGo, a search engine that respects your privacy. It doesn’t tailor search results based on your interests or the websites you frequent. 

Bonus tip: It doesn’t matter if you have nothing to hide
Watch this TED talk by Glenn Greenwald on why privacy matters. Greenwald was one of the first reporters to see – and write about – the Edward Snowden files, with their revelations about the United States’ extensive surveillance of private citizens. In this eye-opening talk, Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide.”