How to protect yourself from phishing, from experts who deal with it every day.
True
Mozilla

Ever wonder what it's like to be hacked? Sarah Jeong did. So naturally, she decided to ask someone to hack her.

Jeong isn't just a random thrill-seeker — she's a respected technology journalist and lawyer, and she knew exactly what she was getting into when she recruited her friend Cooper Quintin of the Electronic Frontier Foundation to help her out. She wrote about her experience in GQ.

All it took was a couple of hours and some readily available tools, and Jeong joined the approximately 12% of the population who have fallen for a hack.


But even before she was successfully hacked — and don't worry, we'll get to that! — both Jeong and Quintin discovered some important truths about the world of online safety and what it takes to infiltrate it.

Here are just a few lessons from experts that we can all benefit from:

Photo by Blogtrepreneur/Flickr.

1. Most hacking isn't done by master "Matrix" coders.

For most people, "hacking" tends to evoke one of two images: a stereotypically out-of-shape nerd in their parents' basement or a sleek, leather-clad cyberpunk in a Guy Fawkes mask who moonlights as an extra on a Wachowski movie.

But in reality, most of what we call "hacking" is actually "phishing."  In fact, last year, then-Secretary of Homeland Security Jeh Johnson said that phishing is the threat his department fears most.

THIS IS NOT WHAT HACKERS LOOK LIKE. Except when they do, which is sometimes. Photo by Vincent Diamonte/Flickr.

2. Phishing is a type of scam that disguises itself as something trustworthy.

It can be an email, phone call, or text message, and it then tricks you into giving up your passwords, credit card numbers, and more. All it takes are some clever social skills plus some free online tools used by information security professionals that, technically, anyone can use. (A little coding knowledge doesn't hurt, though.)

3. Many hackers are savvier than you might think.

It doesn't matter if you have the best anti-virus software installed on your computer and run daily checks for malware along with Ghostery and ad block to keep your online browsing extra-safe. Don't get me wrong — viruses and malware are still dangerous. But phishing isn't about computers. It's about people. And that's a lot harder to protect against.

"Phishing isn’t (just) about finding a person who is technically naive," Cory Doctorow, a sci-fi author, journalist, and technology activist told Locus magazine.  As savvy as he is, even he fell for a phishing hack back in 2010. "It’s about attacking the seemingly impregnable defenses of the technically sophisticated until you find a single, incredibly unlikely, short-lived crack in the wall."

"It’s a matter of being caught out in a moment of distraction and of unlikely circumstance." In other words, it can happen to anyone.

Smile! I'm stealing your identity! Image via Pixnio.

4. The terrible typos and grammar in some phishing schemes are intentional.

You're probably familiar with the classic "Nigerian prince" phishing scheme, where some kind of foreign dignitary emails you and offers you a ton of money to help facilitate the transfer of their new bajillion-dollar inheritance. You also probably know that these emails are famously riddled with grammatical errors and totally implausible premises.

What you might not know, however, is that these "mistakes" are done on purpose in order to target the most gullible people. That way, reports Business Insider, the scammers don't have to waste their time trying to persuade rational skeptics to give up their bank account information.

Photo by Nate Grigg/Flickr.

5. To hack a specific person, all a hacker needs is social media.

You know those silly memes where you find your "porn star name" (or whatever) by using the name of your first pet and the street you grew up on?

Now think about those security questions you had to answer for your online bank account — things like, oh, the name of your first pet, the street you grew up on, or your mom's maiden name.

Yeah. See the connection there? If a hacker wants to social-engineer their way into your bank account, all they need to do is poke around your public accounts to find those little bits of information. These targeted attacks are called "spearphishing," and they're why Doctorow recommends that people "only use Facebook to convince your friends to communicate with you somewhere other than Facebook."

Image from Pixabay.

6. Be careful what you open — even when it's sent by someone you know.

Jeong was hacked after she clicked on a malicious link made to look like it was sent from someone she knew.

To hack her, Quintin just had to scour Jeong's online presence until he found an acquaintance who could plausibly email her. He made a fake email address — using that person's real-life profile picture and everything — and that was all it took to get Jeong to give up her information.

Fake Google Docs scams, like the one she fell for, are increasingly common. In these cases, the target receives a phishing email that looks like a standard invitation to Google Docs sent from a trustworthy source — except that both the sender and the link are actually malicious frauds. This link will bring you to a landing page that resembles the standard Google password screen or bank login page you thought you were clicking on, and the hacker can use that to capture whatever password or personal information you enter into the false form.

7. Double-check your URLs.

Always make sure you're really on the website that you think you are before you enter any sensitive information.

How do you tell the difference? Generally speaking, the domain name should look like "[blank].google.com" or "bankofamerica.com/[blank]." If it's something hyphenated like "accounts-drive-google.com" or "boa-accounts-login.com," well, you should probably think twice about it.

(Another helpful tip is to look for SSL certificates, which usually appear as a lock or green text in your browser bar — but even that's not totally reliable.)

What is real? What is fake? Image from Pixabay.

8. You should definitely use two-step authentication.

I hate to break it to you, but your p@$$w0rd probably isn't very safe. The least you can do, according to CNET, is turn on two-step authentication. That way, every time you log in to an unfamiliar device, you'll get a text message with a secret code just to make sure it's you — because even if someone gets your password, they probably don't have your phone, too.

Unless they, um, literally walked into the AT&T store and charmed a sales rep into changing your phone number over to their phone. Which happens.

9. And use a password manager.

If you want to be extra extra safe, use a password manager such as LastPass, then set up a DiceWare password like "correct horse battery staple" (or some of these other great ones recommended by the Intercept) that are incredibly easy to remember but next-to-impossible for hackers or computers to crack.

Image from Pixabay.

10. Remember the greatest flaw in your internet security is the trusting nature of other people.

A trusting customer service rep can easily compromise you without realizing it. Your friend who mentions you on Facebook can do the same.

Heck, my wife has a fairly gender-ambiguous name, and I can tell you from personal experience how easy it is to call up the bank and pretend I'm her — even when I have to charm my way around a security question about her high school mascot. Which, yes, I've done.

As Jeong wrote, "Successful social engineers are not just perfectly capable of interacting with human beings — they are talented manipulators who take advantage of our willingness to trust our colleagues, friends, and family."

"You can turn your digital life into Fort Knox and still be undone by an overly trusting salesperson behind a desk."

Basic rule: Always look over your shoulder. Photo by Arthur Harry Chaudary/Wikimedia Commons.

There's no way to protect yourself from every possible online vulnerability. But that doesn't mean you shouldn't try!

As we've seen, the power of the internet can used for good or evil. All it takes is one trusting click, and even the savviest security professionals can find themselves compromised.

The best you can do is be smart and pay attention. A tiny bit of paranoid skepticism will save you a lot of time, stress, and energy in the long run, and that'll free you up to enjoy all the wonderful things that the internet has to offer. Trust me.

Photo by Mike Marrah on Unsplash

The "Big 5" is an old term from the colonial era, denoting the five wild animals in Africa that were the most sought-after kills for trophy hunters. Killing those five—lion, leopard, rhinoceros, elephant, and Cape buffalo—meant ultimate success in the big-game hunting world.

Now there's a "New Big 5," but instead of a barbaric goal for trophy hunters, it's a beautiful goal for wildlife photographers.

The initiative was created by British wildlife photographer Graeme Green with the goal of raising awareness about threats to the world's animals including habitat loss, poaching, illegal animal trade, and climate change. In a global call for votes, 50,000 wildlife lovers shared which animals they most wanted to photograph or see in photos. And the winners are:

Keep Reading Show less
Photo by Mike Marrah on Unsplash

The "Big 5" is an old term from the colonial era, denoting the five wild animals in Africa that were the most sought-after kills for trophy hunters. Killing those five—lion, leopard, rhinoceros, elephant, and Cape buffalo—meant ultimate success in the big-game hunting world.

Now there's a "New Big 5," but instead of a barbaric goal for trophy hunters, it's a beautiful goal for wildlife photographers.

The initiative was created by British wildlife photographer Graeme Green with the goal of raising awareness about threats to the world's animals including habitat loss, poaching, illegal animal trade, and climate change. In a global call for votes, 50,000 wildlife lovers shared which animals they most wanted to photograph or see in photos. And the winners are:

Keep Reading Show less
True

Each year, an estimated 1.8 million people in the United States are affected by cancer — most commonly cancers of the breast, lung, prostate, and blood cancers such as leukemia. While not everyone overcomes the disease, thanks to science, more people are surviving — and for longer — than ever before in history.

We asked three people whose lives have been impacted by cancer to share their stories – how their lives were changed by the disease, and how they're using that experience to change the future of cancer treatments with the hope that ultimately, in the fight against cancer, science will win. Here's what they had to say.

Celine Ryan, 55, engineer database programmer and mother of five from Detroit, MI

Photo courtesy of Celine Ryan

In September 2013, Celine Ryan woke up from a colonoscopy to some traumatic news. Her gastroenterologist showed her a picture of the cancerous mass they found during the procedure.

Ryan and her husband, Patrick, had scheduled a colonoscopy after discovering some unusual bleeding, so the suspicion she could have cancer was already there. Neither of them, however, were quite prepared for the results to be positive -- or for the treatment to begin so soon. Just two days after learning the news, Ryan had surgery to remove the tumor, part of her bladder, and 17 cancerous lymph nodes. Chemotherapy and radiation soon followed.

Ryan's treatment was rigorous – but in December 2014, she got the devastating news that the cancer, once confined to her colon, had spread to her lungs. Her prognosis, they said, was likely terminal.

But rather than give up hope, Ryan sought support from online research, fellow cancer patients and survivors, and her medical team. When she brought up immunotherapy to her oncologist, he quickly agreed it was the best course of action. Ryan's cancer, like a majority of colon and pancreatic cancers, had been caused by a defect on the gene KRAS, which can result in a very aggressive cancer that is virtually "undruggable." According to the medical literature, the relatively smooth protein structure of the KRAS gene meant that designing inhibitors to bind to surface grooves and treat the cancer has been historically difficult. Through her support systems, Ryan discovered an experimental immunotherapy trial at the National Institutes of Health (NIH) in Bethesda, MD., and called them immediately to see if she was eligible. After months of trying to determine whether she was a suitable candidate for the experimental treatment, Ryan was finally accepted.

The treatment, known as tumor-infiltrating lymphocyte therapy, or TIL, is a testament to how far modern science has evolved. With this therapy, doctors remove a tumor and harvest special immune cells that are found naturally in the tumor. Doctors then grow the cells in a lab over the next several weeks with a protein that promotes rapid TIL growth – and once the cells number into the billions, they are infused back into the patient's body to fight the cancer. On April 1, 2015, Ryan had her tumor removed at the NIH. Two months later, she went inpatient for four weeks to have the team "wash out" her immune system with chemotherapy and infuse the cells – all 148 billion of them – back into her body.

Six weeks after the infusion, Ryan and Patrick went back for a follow-up appointment – and the news they got was stunning: Not only had no new tumors developed, but the six existing tumors in her lungs had shrunk significantly. Less than a year after her cell infusion, in April 2016, the doctors told Ryan news that would have been impossible just a decade earlier: Thanks to the cell infusion, Ryan was now considered NED – no evaluable disease. Her body was cancer-free.

Ryan is still NED today and continuing annual follow-up appointments at the NIH, experiencing things she never dreamed she'd be able to live to see, such as her children's high school and college graduations. She's also donating her blood and cells to the NIH to help them research other potential cancer treatments. "It was an honor to do so," Ryan said of her experience. "I'm just thrilled, and I hope my experience can help a lot more people."

Patrice Lee, PhD, VP of Pharmacology, Toxicology and Exploratory Development at Pfizer

Photo courtesy of Patrice Lee

Patrice Lee got into scientific research in an unconventional way – through the late ocean explorer Jacques Cousteau.

Lee never met Cousteau but her dreams of working with him one day led her to pursue a career in science. Initially, Lee completed an undergraduate degree in marine biology; eventually, her interests changed and she decided to get a dual doctoral degree in physiology and toxicology at Duke University. She now works at Pfizer's R&D site in Boulder, CO (formerly Array BioPharma), leading a group of scientists who determine the safety and efficacy of new oncology drugs.

"Scientists focused on drug discovery and development in the pharmaceutical industry are deeply committed to inventing new therapies to meet unmet needs," Lee says, describing her field of work. "We're driven to achieve new medicines and vaccines as quickly as possible without sacrificing safety."

Among the drugs Lee has helped develop during her career, including cancer therapies, she says around a dozen are currently in development, while nine have received FDA approval — an incredible accomplishment as many scientists spend their careers without seeing their drug make it to market. Lee's team is particularly interested in therapies for brain metastases — something that Lee says is a largely unmet need in cancer research, and something her team is working on from a variety of angles. "Now that we've had rapid success with mRNA vaccine technology, we hope to explore what the future holds when applying this technology to cancers," Lee says.

But while evaluating potential cancer therapies is a professional passion of Lee's, it's also a mission that's deeply personal. "I'm also a breast cancer survivor," she says. "So I've been on the other side of things and have participated in a clinical trial."

However, seeing how melanoma therapies that she helped develop have affected other real-life cancer patients, she says, has been a highlight of her career. "We had one therapy that was approved for patients with BRAF-mutant metastatic melanoma," Lee recalls. "Our team in Boulder was graced by a visit from a patient that had benefited from these drugs that we developed. It was a very special moment for the entire team."

None of these therapies would be available, Lee says without rigorous science behind it: "Facts come from good science. Facts will drive the development of new drugs, and that's what will help patients."

Chiuying "Cynthia" Kuk (they/them) MS, 34, third-year medical student at Michigan State University College of Human Medicine

Photo courtesy of Cynthia Kuk

Cynthia Kuk was just 10 years old when they had a conversation that would change their life forever.

"My mother, who worked as a translator for the government at the time, had been diagnosed with breast cancer, and after her chemotherapy treatments she would get really sick," Kuk, who uses they/them pronouns, recalls. "When I asked my dad why mom was puking so much, he said it was because of the medicine she was taking that would help her get better."

Kuk's response was immediate: "That's so stupid! Why would a medicine make you feel worse instead of better? When I'm older, I want to create medicine that won't make people sick like that."

Nine years later, Kuk traveled from their native Hong Kong to the United States to do exactly that. Kuk enrolled in a small, liberal arts college for their Bachelor's degree, and then four years later started a PhD program in cancer research. Although Kuk's mother was in remission from her cancer at the time, Kuk's goal was the same as it had been as a 10-year-old watching her suffer through chemotherapy: to design a better cancer treatment, and change the landscape of cancer research forever.

Since then, Kuk's mission has changed slightly.

"My mom's cancer relapsed in 2008, and she ended up passing away about five years after that," Kuk says. "After my mom died, I started having this sense of urgency. Cancer research is such that you work for twenty years, and at the end of it you might have a fancy medication that could help people, but I wanted to help people now." With their mother still at the forefront of their mind, Kuk decided to quit their PhD program and enter medical school.

Now, Kuk plans to pursue a career in emergency medicine – not only because they are drawn to the excitement of the emergency room, but because the ER is a place where the most marginalized people tend to seek care.

"I have a special interest in the LGBTQ+ population, as I identify as queer and nonbinary," says Kuk. "A lot of people in this community and other marginalized communities access care through the ER and also tend to avoid medical care since there is a history of mistreatment and judgement from healthcare workers. How you carry yourself as a doctor, your compassion, that can make a huge difference in someone's care."

In addition to making a difference in the lives of LGBTQ+ patients, Kuk wants to make a difference in the lives of patients with cancer as well, like their mother had.

"We've diagnosed patients in the Emergency Department with cancer before," Kuk says. "I can't make cancer good news but how you deliver bad news and the compassion you show could make a world of difference to that patient and their family."

During their training, Kuk advocates for patients by delivering compassionate and inclusive care, whether they happen to have cancer or not. In addition to emphasizing their patient's pronouns and chosen names, they ask for inclusive social and sexual histories as well as using gender neutral language. In doing this, they hope to make medicine as a whole more accessible for people who have been historically pushed aside.

"I'm just one person, and I can't force everyone to respect you, if you're marginalized," Kuk says. "But I do want to push for a culture where people appreciate others who are different from them."