How to protect yourself from phishing, from experts who deal with it every day.
True
Mozilla

Ever wonder what it's like to be hacked? Sarah Jeong did. So naturally, she decided to ask someone to hack her.

Jeong isn't just a random thrill-seeker — she's a respected technology journalist and lawyer, and she knew exactly what she was getting into when she recruited her friend Cooper Quintin of the Electronic Frontier Foundation to help her out. She wrote about her experience in GQ.

All it took was a couple of hours and some readily available tools, and Jeong joined the approximately 12% of the population who have fallen for a hack.


But even before she was successfully hacked — and don't worry, we'll get to that! — both Jeong and Quintin discovered some important truths about the world of online safety and what it takes to infiltrate it.

Here are just a few lessons from experts that we can all benefit from:

Photo by Blogtrepreneur/Flickr.

1. Most hacking isn't done by master "Matrix" coders.

For most people, "hacking" tends to evoke one of two images: a stereotypically out-of-shape nerd in their parents' basement or a sleek, leather-clad cyberpunk in a Guy Fawkes mask who moonlights as an extra on a Wachowski movie.

But in reality, most of what we call "hacking" is actually "phishing."  In fact, last year, then-Secretary of Homeland Security Jeh Johnson said that phishing is the threat his department fears most.

THIS IS NOT WHAT HACKERS LOOK LIKE. Except when they do, which is sometimes. Photo by Vincent Diamonte/Flickr.

2. Phishing is a type of scam that disguises itself as something trustworthy.

It can be an email, phone call, or text message, and it then tricks you into giving up your passwords, credit card numbers, and more. All it takes are some clever social skills plus some free online tools used by information security professionals that, technically, anyone can use. (A little coding knowledge doesn't hurt, though.)

3. Many hackers are savvier than you might think.

It doesn't matter if you have the best anti-virus software installed on your computer and run daily checks for malware along with Ghostery and ad block to keep your online browsing extra-safe. Don't get me wrong — viruses and malware are still dangerous. But phishing isn't about computers. It's about people. And that's a lot harder to protect against.

"Phishing isn’t (just) about finding a person who is technically naive," Cory Doctorow, a sci-fi author, journalist, and technology activist told Locus magazine.  As savvy as he is, even he fell for a phishing hack back in 2010. "It’s about attacking the seemingly impregnable defenses of the technically sophisticated until you find a single, incredibly unlikely, short-lived crack in the wall."

"It’s a matter of being caught out in a moment of distraction and of unlikely circumstance." In other words, it can happen to anyone.

Smile! I'm stealing your identity! Image via Pixnio.

4. The terrible typos and grammar in some phishing schemes are intentional.

You're probably familiar with the classic "Nigerian prince" phishing scheme, where some kind of foreign dignitary emails you and offers you a ton of money to help facilitate the transfer of their new bajillion-dollar inheritance. You also probably know that these emails are famously riddled with grammatical errors and totally implausible premises.

What you might not know, however, is that these "mistakes" are done on purpose in order to target the most gullible people. That way, reports Business Insider, the scammers don't have to waste their time trying to persuade rational skeptics to give up their bank account information.

Photo by Nate Grigg/Flickr.

5. To hack a specific person, all a hacker needs is social media.

You know those silly memes where you find your "porn star name" (or whatever) by using the name of your first pet and the street you grew up on?

Now think about those security questions you had to answer for your online bank account — things like, oh, the name of your first pet, the street you grew up on, or your mom's maiden name.

Yeah. See the connection there? If a hacker wants to social-engineer their way into your bank account, all they need to do is poke around your public accounts to find those little bits of information. These targeted attacks are called "spearphishing," and they're why Doctorow recommends that people "only use Facebook to convince your friends to communicate with you somewhere other than Facebook."

Image from Pixabay.

6. Be careful what you open — even when it's sent by someone you know.

Jeong was hacked after she clicked on a malicious link made to look like it was sent from someone she knew.

To hack her, Quintin just had to scour Jeong's online presence until he found an acquaintance who could plausibly email her. He made a fake email address — using that person's real-life profile picture and everything — and that was all it took to get Jeong to give up her information.

Fake Google Docs scams, like the one she fell for, are increasingly common. In these cases, the target receives a phishing email that looks like a standard invitation to Google Docs sent from a trustworthy source — except that both the sender and the link are actually malicious frauds. This link will bring you to a landing page that resembles the standard Google password screen or bank login page you thought you were clicking on, and the hacker can use that to capture whatever password or personal information you enter into the false form.

7. Double-check your URLs.

Always make sure you're really on the website that you think you are before you enter any sensitive information.

How do you tell the difference? Generally speaking, the domain name should look like "[blank].google.com" or "bankofamerica.com/[blank]." If it's something hyphenated like "accounts-drive-google.com" or "boa-accounts-login.com," well, you should probably think twice about it.

(Another helpful tip is to look for SSL certificates, which usually appear as a lock or green text in your browser bar — but even that's not totally reliable.)

What is real? What is fake? Image from Pixabay.

8. You should definitely use two-step authentication.

I hate to break it to you, but your p@$$w0rd probably isn't very safe. The least you can do, according to CNET, is turn on two-step authentication. That way, every time you log in to an unfamiliar device, you'll get a text message with a secret code just to make sure it's you — because even if someone gets your password, they probably don't have your phone, too.

Unless they, um, literally walked into the AT&T store and charmed a sales rep into changing your phone number over to their phone. Which happens.

9. And use a password manager.

If you want to be extra extra safe, use a password manager such as LastPass, then set up a DiceWare password like "correct horse battery staple" (or some of these other great ones recommended by the Intercept) that are incredibly easy to remember but next-to-impossible for hackers or computers to crack.

Image from Pixabay.

10. Remember the greatest flaw in your internet security is the trusting nature of other people.

A trusting customer service rep can easily compromise you without realizing it. Your friend who mentions you on Facebook can do the same.

Heck, my wife has a fairly gender-ambiguous name, and I can tell you from personal experience how easy it is to call up the bank and pretend I'm her — even when I have to charm my way around a security question about her high school mascot. Which, yes, I've done.

As Jeong wrote, "Successful social engineers are not just perfectly capable of interacting with human beings — they are talented manipulators who take advantage of our willingness to trust our colleagues, friends, and family."

"You can turn your digital life into Fort Knox and still be undone by an overly trusting salesperson behind a desk."

Basic rule: Always look over your shoulder. Photo by Arthur Harry Chaudary/Wikimedia Commons.

There's no way to protect yourself from every possible online vulnerability. But that doesn't mean you shouldn't try!

As we've seen, the power of the internet can used for good or evil. All it takes is one trusting click, and even the savviest security professionals can find themselves compromised.

The best you can do is be smart and pay attention. A tiny bit of paranoid skepticism will save you a lot of time, stress, and energy in the long run, and that'll free you up to enjoy all the wonderful things that the internet has to offer. Trust me.

There have been many iconic dance routines throughout film history, but how many have the honor being called "the greatest" by Fred Astaire himself?

Fayard and Harold Nicholas, known collectively as the Nicholas Brothers, were arguably the best at what they did during their heyday. Their coordinated tap routines are legendary, not only because they were great dancers, but because of their incredible ability to jump into the air and land in the splits. Repeatedly. From impressive heights.

Their most famous routine comes from the movie "Stormy Weather." As Cab Calloway sings "Jumpin' Jive," the Nicholas Brothers make the entire set their dance floor, hopping and tapping from podium to podium amongst the musicians, dancing up and down stairs and across the top of a piano.

But what makes this scene extra impressive is that they performed it without rehearsing it first and it was filmed in one take—no fancy editing room tricks to bring it all together. This fact was confirmed in a conversation with the brothers in a Chicago Tribune article in 1997, when they were both in their 70s:

"Would you believe that was one of the easiest things we ever did?" Harold told the paper.

"Did you know that we never even rehearsed that number?" added Fayard.

"When it came time to do that part, (choreographer) Nick Castle said: 'Just do it. Don`t rehearse it, just do it.' And so we did it—in one little take. And then he said: 'That's it—we can't do it any better than that.'"

Keep Reading Show less
True

We're redefining what normal means in these uncertain times, and although this is different for all of us, love continues to transform us for the better.

Love is what united Marie-Claire and David Archbold, who met while taking a photography class. "We went into the darkroom to see what developed," they joke—and after a decade of marriage, they know firsthand the deep commitment and connection romantic love requires.

All photos courtesy of Marie-Claire and David Archbold

However, their relationship became even sweeter when they adopted James: a little boy with a huge heart.

In the United States alone, there are roughly 122,000 children awaiting adoption according to the latest report from the U.S Department of Health and Human Services. While the goal is always for a child to be parented by and stay with their biological family, that is not always a possibility. This is where adoption offers hope—not only does it create new families, it gives birth parents an avenue through which to see their child flourish when they are not able to parent. For the right families, it's a beautiful thing.

The Archbolds knew early on that adoption was an option for them. David has three daughters from a previous marriage, but knowing their family was not yet complete, the couple embarked on a two-year journey to find their match. When the adoption agency called and told them about James, they were elated. From the moment they met him, the Archbolds knew he was meant to be part of their family. David locked eyes with the brown-eyed baby and they stared at each other in quiet wonder for such a long time that the whole room fell silent. "He still looks at me like that," said David.

The connection was mutual and instantaneous—love at first sight. The Archbolds knew that James was meant to be a part of their family. However, they faced significant challenges requiring an even deeper level of commitment due to James' medical condition.

James was born with congenital hyperinsulinism, a rare condition that causes his body to overproduce insulin, and within 2 months of his birth, he had to have surgery to remove 90% of his pancreas. There was a steep learning curve for the Archbolds, but they were already in love, and knew they were committed to the ongoing care that'd be required of bringing James into their lives. After lots of research and encouragement from James' medical team, they finally brought their son home.

Today, three-year-old James is thriving, filled with infectious joy that bubbles over and touches every person who comes in contact with him. "Part of love is when people recognize that they need to be with each other," said his adoptive grandfather. And because the Archbolds opted for an open adoption, there are even more people to love and support James as he grows.

This sweet story is brought to you by Sumo Citrus®. This oversized mandarin is celebrated for its incredible taste and distinct looks. Sumo Citrus is super-sweet, enormous, easy-to-peel, seedless, and juicy without the mess. Fans of the fruit are obsessive, stocking up from January to April when Sumo Citrus is in stores. To learn more, visit sumocitrus.com and @sumocitrus.

You know that feeling you get when you walk into a classroom and see someone else's stuff on your desk?

OK, sure, there are no assigned seats, but you've been sitting at the same desk since the first day and everyone knows it.

So why does the guy who sits next to you put his phone, his book, his charger, his lunch, and his laptop in the space that's rightfully yours? It's annoying!

Keep Reading Show less
via Seresto

A disturbing joint report by USA Today and the Midwest Center for Investigative Reporting found that tens of thousands of pets have been harmed by Seresto flea and tick collars. Seresto was developed by Bayer and is now sold by Elanco.

Since Seresto flea collars were introduced in 2012, the EPA has received incident reports of at least 1,698 pet deaths linked to the product. Through June 2020, the EPA has received over 75,000 incident reports relating to the collars with over 1,000 involving human harm.

The EPA has known the collars are harming humans and their pets but failed to tell the public about the dangers.

Keep Reading Show less