+
Family

How to protect yourself from phishing, from experts who deal with it every day.

True
Mozilla

Ever wonder what it's like to be hacked? Sarah Jeong did. So naturally, she decided to ask someone to hack her.

Jeong isn't just a random thrill-seeker — she's a respected technology journalist and lawyer, and she knew exactly what she was getting into when she recruited her friend Cooper Quintin of the Electronic Frontier Foundation to help her out. She wrote about her experience in GQ.

All it took was a couple of hours and some readily available tools, and Jeong joined the approximately 12% of the population who have fallen for a hack.


But even before she was successfully hacked — and don't worry, we'll get to that! — both Jeong and Quintin discovered some important truths about the world of online safety and what it takes to infiltrate it.

Here are just a few lessons from experts that we can all benefit from:

[rebelmouse-image 19531566 dam="1" original_size="2048x1536" caption="Photo by Blogtrepreneur/Flickr." expand=1]Photo by Blogtrepreneur/Flickr.

1. Most hacking isn't done by master "Matrix" coders.

For most people, "hacking" tends to evoke one of two images: a stereotypically out-of-shape nerd in their parents' basement or a sleek, leather-clad cyberpunk in a Guy Fawkes mask who moonlights as an extra on a Wachowski movie.

But in reality, most of what we call "hacking" is actually "phishing."  In fact, last year, then-Secretary of Homeland Security Jeh Johnson said that phishing is the threat his department fears most.

[rebelmouse-image 19531567 dam="1" original_size="1024x559" caption="THIS IS NOT WHAT HACKERS LOOK LIKE. Except when they do, which is sometimes. Photo by Vincent Diamonte/Flickr." expand=1]THIS IS NOT WHAT HACKERS LOOK LIKE. Except when they do, which is sometimes. Photo by Vincent Diamonte/Flickr.

2. Phishing is a type of scam that disguises itself as something trustworthy.

It can be an email, phone call, or text message, and it then tricks you into giving up your passwords, credit card numbers, and more. All it takes are some clever social skills plus some free online tools used by information security professionals that, technically, anyone can use. (A little coding knowledge doesn't hurt, though.)

3. Many hackers are savvier than you might think.

It doesn't matter if you have the best anti-virus software installed on your computer and run daily checks for malware along with Ghostery and ad block to keep your online browsing extra-safe. Don't get me wrong — viruses and malware are still dangerous. But phishing isn't about computers. It's about people. And that's a lot harder to protect against.

"Phishing isn’t (just) about finding a person who is technically naive," Cory Doctorow, a sci-fi author, journalist, and technology activist told Locus magazine.  As savvy as he is, even he fell for a phishing hack back in 2010. "It’s about attacking the seemingly impregnable defenses of the technically sophisticated until you find a single, incredibly unlikely, short-lived crack in the wall."

"It’s a matter of being caught out in a moment of distraction and of unlikely circumstance." In other words, it can happen to anyone.

[rebelmouse-image 19531568 dam="1" original_size="1200x624" caption="Smile! I'm stealing your identity! Image via Pixnio." expand=1]Smile! I'm stealing your identity! Image via Pixnio.

4. The terrible typos and grammar in some phishing schemes are intentional.

You're probably familiar with the classic "Nigerian prince" phishing scheme, where some kind of foreign dignitary emails you and offers you a ton of money to help facilitate the transfer of their new bajillion-dollar inheritance. You also probably know that these emails are famously riddled with grammatical errors and totally implausible premises.

What you might not know, however, is that these "mistakes" are done on purpose in order to target the most gullible people. That way, reports Business Insider, the scammers don't have to waste their time trying to persuade rational skeptics to give up their bank account information.

[rebelmouse-image 19531569 dam="1" original_size="1280x852" caption="Photo by Nate Grigg/Flickr." expand=1]Photo by Nate Grigg/Flickr.

5. To hack a specific person, all a hacker needs is social media.

You know those silly memes where you find your "porn star name" (or whatever) by using the name of your first pet and the street you grew up on?

Now think about those security questions you had to answer for your online bank account — things like, oh, the name of your first pet, the street you grew up on, or your mom's maiden name.

Yeah. See the connection there? If a hacker wants to social-engineer their way into your bank account, all they need to do is poke around your public accounts to find those little bits of information. These targeted attacks are called "spearphishing," and they're why Doctorow recommends that people "only use Facebook to convince your friends to communicate with you somewhere other than Facebook."

[rebelmouse-image 19531571 dam="1" original_size="1280x856" caption="Image from Pixabay." expand=1]Image from Pixabay.

6. Be careful what you open — even when it's sent by someone you know.

Jeong was hacked after she clicked on a malicious link made to look like it was sent from someone she knew.

To hack her, Quintin just had to scour Jeong's online presence until he found an acquaintance who could plausibly email her. He made a fake email address — using that person's real-life profile picture and everything — and that was all it took to get Jeong to give up her information.

Fake Google Docs scams, like the one she fell for, are increasingly common. In these cases, the target receives a phishing email that looks like a standard invitation to Google Docs sent from a trustworthy source — except that both the sender and the link are actually malicious frauds. This link will bring you to a landing page that resembles the standard Google password screen or bank login page you thought you were clicking on, and the hacker can use that to capture whatever password or personal information you enter into the false form.

7. Double-check your URLs.

Always make sure you're really on the website that you think you are before you enter any sensitive information.

How do you tell the difference? Generally speaking, the domain name should look like "[blank].google.com" or "bankofamerica.com/[blank]." If it's something hyphenated like "accounts-drive-google.com" or "boa-accounts-login.com," well, you should probably think twice about it.

(Another helpful tip is to look for SSL certificates, which usually appear as a lock or green text in your browser bar — but even that's not totally reliable.)

[rebelmouse-image 19531572 dam="1" original_size="1280x850" caption="What is real? What is fake? Image from Pixabay." expand=1]What is real? What is fake? Image from Pixabay.

8. You should definitely use two-step authentication.

I hate to break it to you, but your p@$$w0rd probably isn't very safe. The least you can do, according to CNET, is turn on two-step authentication. That way, every time you log in to an unfamiliar device, you'll get a text message with a secret code just to make sure it's you — because even if someone gets your password, they probably don't have your phone, too.

Unless they, um, literally walked into the AT&T store and charmed a sales rep into changing your phone number over to their phone. Which happens.

9. And use a password manager.

If you want to be extra extra safe, use a password manager such as LastPass, then set up a DiceWare password like "correct horse battery staple" (or some of these other great ones recommended by the Intercept) that are incredibly easy to remember but next-to-impossible for hackers or computers to crack.

[rebelmouse-image 19531573 dam="1" original_size="1280x959" caption="Image from Pixabay." expand=1]Image from Pixabay.

10. Remember the greatest flaw in your internet security is the trusting nature of other people.

A trusting customer service rep can easily compromise you without realizing it. Your friend who mentions you on Facebook can do the same.

Heck, my wife has a fairly gender-ambiguous name, and I can tell you from personal experience how easy it is to call up the bank and pretend I'm her — even when I have to charm my way around a security question about her high school mascot. Which, yes, I've done.

As Jeong wrote, "Successful social engineers are not just perfectly capable of interacting with human beings — they are talented manipulators who take advantage of our willingness to trust our colleagues, friends, and family."

"You can turn your digital life into Fort Knox and still be undone by an overly trusting salesperson behind a desk."

[rebelmouse-image 19531574 dam="1" original_size="1280x851" caption="Basic rule: Always look over your shoulder. Photo by Arthur Harry Chaudary/Wikimedia Commons." expand=1]Basic rule: Always look over your shoulder. Photo by Arthur Harry Chaudary/Wikimedia Commons.

There's no way to protect yourself from every possible online vulnerability. But that doesn't mean you shouldn't try!

As we've seen, the power of the internet can used for good or evil. All it takes is one trusting click, and even the savviest security professionals can find themselves compromised.

The best you can do is be smart and pay attention. A tiny bit of paranoid skepticism will save you a lot of time, stress, and energy in the long run, and that'll free you up to enjoy all the wonderful things that the internet has to offer. Trust me.

A size 21 Nike shoe made for Tacko Fall.

A local reporter at Hometown Life shared a unique and heartfelt story on March 16 about a mother struggling to find shoes that fit her 14-year-old son. The story resonated with parents everywhere; now, her son is getting the help he desperately needs. It's a wonderful example of people helping a family that thought they had nowhere to turn.

When Eric Kilburn Jr. was born, his mother, Rebecca’s OBGYN, told her that he had the “biggest feet I’ve ever seen in my life. Do not go out and buy baby shoes because they’re not gonna fit,’” Rebecca told Today.com. Fourteen years later, it’s almost impossible to find shoes that fit the 6’10” freshman—he needs a size 23.

Keep ReadingShow less

"What Do You Know About The Female Body?" from Jimmy Kimmel

When Jimmy Kimmel takes to the street, you know you’re in for a good laugh at just how little we actually know about, well, seemingly anything. That goes for anatomy too. In this case, female anatomy.

In a segment called “What Do You Know About The Female Body?” men try—and hilariously fail—to answer even the most basic questions, like “does a female have one uterus, or two?” much to the amazement of some of their female partners.

Here are some of the very best bits of nonwisdom:

Keep ReadingShow less
Photo by Igor Ferreira on Unsplash

Florida principal fired after showing statue of "David."

If you ask most teachers why they went into education, they'll share that it had nothing to do with the money and everything to do with their passion for teaching. Even with rapid changes in curriculum and policies, teachers who remain in the classroom are lovers of education and are doing their best to help kids learn.

Hope Carrasquilla, the former principal of Florida's Tallahassee Classical School, was one of those teachers who simply enjoyed teaching. As the principal, Carrasquilla was required to teach two classes. During her sixth grade lesson about Renaissance art, which is also a requirement of the school, Carrasquilla showed a picture of Michelangelo's "David" statue.

According to the Tallahassee Democrat, three parents complained about their children being shown the picture. Two of those parents were mostly upset that there wasn't sufficient notice given before the photo of the sculpture was shown. The third parent reportedly complained that the statue of the Biblical figure was pornographic.

Keep ReadingShow less
via Pexels

A teacher lists his class rules.

The world would be a much better place if humans weren’t so … human. We all fall short of perfection. Common sense is, sadly, not too common. And there’s one guy out there who always manages to screw things up when things start getting good.

Call it Murphy’s law. Call it the great “reason we can’t have nice things.” Call it entropy. It feels like a whole lot of pain could be avoided if we all had just a little bit more sense.

But what if there was one rule that we all agreed to follow to make everyone’s life better? What would this magical rule be?

A Reddit user who goes by the name P4insplatter came to this realization and asked the AskReddit subforum, “What simple rule would fix the world if everyone actually followed it?” They received dozens of simple rules that if everyone got behind would make the world drastically better.

Keep ReadingShow less
@thehalfdeaddad/TikTok

Dad on TikTok shared how he addressed his son's bullying.

What do you do when you find out your kid bullied someone? For many parents, the first step is forcing an apology. While this response is of course warranted, is it really effective? Some might argue that there are more constructive ways of handling the situation that teach a kid not only what they did wrong, but how to make things right again.

Single dadPatrick Forseth recently shared how he made a truly teachable moment out of his son, Lincoln, getting into trouble for bullying. Rather than forcing an apology, Forseth made sure his son was actively part of a solution.


The thought process behind his decision, which he explained in a now-viral TikTok video, is both simple and somewhat racial compared to how many parents have been encouraged to handle similar situations.
Keep ReadingShow less
Pop Culture

Heads up! That call from a panicky relative may be a scammer voice clone.

The FTC is warning people to look out for the latest scam trend.

via Pexels

A man makes a phone call from prison.

One of the oldest frauds in the book is the “your loved one is in trouble” scam. Scammers call posing as a grandchild or loved one in distress who claims they’ve been kidnapped or are in jail. The scammer may also impersonate a nurse, police officer, lawyer or other authority figure representing the loved one.

The scammer claims that the loved one needs money wired to the fraudster immediately to bring them to safety.

The scam is effective because the victim is under pressure to get them money quickly, so they don’t have time to consider the fact that it may be a scam. All the while, they imagine the torment the loved one is going through. The urgency of the scam makes it much more likely that the victim will hand over the money.

Keep ReadingShow less