Social Engineering II: A guide for newbies

February 20, 2007 at 8:54 am | Posted in Technical | Leave a comment

I don’t mean this article to be condescending. I’m sure the majority of people reading this blog already know their basic Internet safety; it’s been 10 years since you were called a “newbie”. What about your kids, or your grandma? Last month I spoke with a lady who works as a secretary for a large university, and was just assigned to begin using the Internet last year. As much as it may seem to us that everyone we know has been online forever, that is simply not the case.  So, in the interest of arming you to help them out, here are the basics of online safety.

1. Never give out digits to strangers. A stranger can be a guy in a chat room or a web site whose validity you can’t verify using offline methods. Digits include any number, of any kind. Your most closely guarded secrets should be your social security number and birth date, your drivers’ license, passport information, and account numbers. It is also a good idea to guard your telephone numbers to avoid nuisance callers. If your kids are online, they should never give out their telephone number, address, or school information, since that is one of the ways predatory adults can begin to manipulate them.

2. Avoid chat. If you must chat, try not to chat with strangers. If you must chat with strangers, never reveal truthful personal data. You can never know who you are talking to in a chat interface. That could be a 12-year-old girl, or it could be your mother, or it could be a professional thief in a non-extradition country.

3. Don’t create web content without carefully considering it first. Don’t post private information, or anything you wouldn’t be comfortable telling your boss or your first grade teacher. Web content must be considered permanent. Don’t assume you can take it offline and it will disappear. Once it’s out there, it’s out there. You have to assume that potential employers, your future spouse, your future grandchildren and their college application boards will see what you’ve posted.

4. Never share a password or PIN. There is not a single legitimate reason for a technical support person or account rep to ask for your password. This is rule #1 in online customer service. If your password has been compromised, report it and change it immediately.

5. Always use up-to-date antivirus software, an up-to-date operating system, and an up-to-date firewall. None of this stuff will protect you if you turn it off or allow it to become out of date. Even though it is a pain to wait for an update, it’s critical that you do so.

6. Never respond to online content or messages that make you feel uncomfortable or suspicious without talking to someone about it first. This applies if you are a kid, and someone has scared you, or if you are an adult wondering whether to click the link to update your account information with a strange-sounding bank site. If it’s creepy or odd, err on the side of caution. Kids, talk to your parents. End-users, talk to your tech support person. It’s not your fault you stumbled onto something fishy or dishonest, and you’ll get kudoes for not responding to it.

7. Never agree to meet someone in person that you have ‘met’ online without proper safeguards. Kids should get their parents help. Adults should make sure to meet in a public place, preferably a busy one, with two or three viable plans for disengagement. (IE: I am 12 feet from my car, and if I can’t get to my car I can go to the restaurant manager, and if I can’t get to him I can go to the police officer on the corner.)

8. Check with someone before you download anything. Kids, check with your parents. Adults, check with your IT staff at work. If you’re at home, and you’re wondering if you should download something, try googling “security review x”  to see if anyone has posted a review of “x” software from a security standpoint. If the software is legit, you will usually find something. If it’s a notorious hack, you’ll find that, too.

9. Obviously, don’t do anything illegal. Also, don’t be a bad net citizen. Putting someone’s email address on a spammer’s list is not going to win you points with that person. Engaging in illegal activity doesn’t just get you into trouble with other people; it can open you up to security problems, because sites where you do illegal things (like allowing people to download your copyrighted music files) will often open backdoors on your computer which hackers love to exploit.

10. Don’t open email attachments unless you are sure of their source. Even if it comes from someone you know, you should think about it and ask yourself whether it is ‘in character’ for that person to send you that type of attachment. For example, it’s a pretty safe bet your grandma did not intentionally send you an “exe” file. Many viruses use “spoof” addresses, and may appear to come from someone inside your company. If you have any doubt at all, send an email back and check with the sender. They will understand you are trying to maintain your security!

Advertisements

TrackBack URI

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: