Upworthy's book GOOD PEOPLE comes out on September 3, 2024 — take a look!

Shop
 Explore 

scams

Education

'Don't fall for this': Woman shares how she was fooled by a common Facebook Marketplace scam

It could have happened to anyone.

via Michel.c.Janse/TikTok and Pixabay

Michel Janse shares how she was the victim of a scam.

After falling victim to a scam on Facebook Marketplace, Michel Janse (@michel.c.janse) hopped on TikTok to give everyone a heads-up so they don’t have to go through the same thing. “Be smarter than me!” she said in the video.

Janse posted some furniture on the marketplace and chatted with a woman who seemed interested in purchasing it. She even looked at her profile to get a “vibe check," and everything seemed legit.

The potential buyer seemed to be careful to protect themselves as well. “For my safety, I just want to confirm that you’re a real person,” the buyer messaged Janse. “Are you ok if I voice call you from Google?”

Even though the request seemed odd, Janse went through with it. She subsequently got a message containing a Google Voice code. When the buyer asked Jane to send her the code, she did, only to quickly discover she had been duped.

It seems that Janse had a gut feeling that the woman was a scammer but didn’t act on it til it was too late.

@michel.c.janse
oops dont fall for this scam like me

Janse fell victim to a common scam through online marketplaces. According to the Federal Trade Commission, the scammer could use the Google Voice number to rip off other people and conceal their identity. “Sometimes these scammers are after a Google Voice verification code and other information about you,” the FTC wrote. “If they get enough of your information, they could pretend to be you to access your accounts or open new accounts in your name.”

From Your Site Articles

scams

Science

17 tips to avoid getting hacked that you might have forgotten—or never even knew

A few lessons from IT professionals about securing your personal data.

Canva

There are unsavory people interested in your information.

True

In 2009, Scott McGready stumbled on a massive phishing scam targeting his company's email server.

Thousands of emails bombarded the company in a short period of time. They all came from the same source, pretending to be someone or something they weren't in order to lure people into clicking on shady links and giving up their personal data.

"While investigating it, I stumbled upon the phisher's database which had [the] personal data of thousands of people," McGready says. "I was surprised how little effort was required on the fraudster's part to acquire such a trove of information."

This discovery sparked McGready's interest in information security and teaching others how to protect themselves from fraud. Since then, this journey has taken him from the U.K.'s National Trading Standards department to the documentary series "Secrets of the Scammers" to his own company and beyond.

Here are just a few lessons from McGready — and some other IT professionals — about securing your personal data:

data hacking, browsing, protection, financial

Is your information protected online?

Stomchak/Wikimedia Commons

1. Know there is a LOT of data about you online.

"Having data readily available online means that things like phishing emails can be automatically tailored to targets without much effort," McGready says.

But what does "data" really mean in this case? Um. Er. Pretty much everything. Even if we don't realize it. Something as simple as your basic browsing habits and location history can actually reveal a lot about you. Even if your name's not attached to it, a savvy social hacker could still figure something out.

2. Be aware that your friends may expose info about you — even if you're not on social media.

"We tend to share every detail of our lives on social media because we feel obliged to by peer pressure — whether that be adding your birthday to your Facebook profile because the website keeps asking for it," McGready says. But it's worse when your friend tags you in that photo from high school with your school mascot in the background and — oops. There goes another security question.

social media, data leak, Facebook, friends

Things don't always go as planned with technology.

Photo by Elisa Ventur on Unsplash

3. Pay attention so you can mitigate the risks (though probably not completely avoid them).

McGready recommends keeping your social media profiles as private as possible and asking your friends and family to do the same. "Even those that intentionally aren't on social media may be easily findable by their friends or family that share the 'dinner table selfie.'"

4. It's better to be proactive than wait until you're compromised.

"We hear about data leaks almost every week, it seems," McGready says. "The general public are no longer asking 'if' their data is compromised, but rather 'when.'"

This might sound scary. But it's also a good reminder to stay sharp.

Do you know everyone that's using your computer?

Image via Pixabay.

5. Check the Facebook apps and third-party services that might have access to your account.

"It's worth checking what data you share with specific companies and only giving out the bare minimum in case of a data breach in the future," McGready explains.

For example: Does Bejeweled Blitz really need permission to access everything you've ever put on Facebook, to post on your behalf, and to spam your friends and family? It's not just annoying — it puts you at risk if that information leaks.

6. Take some time to get rid of those old accounts.

A clever hacker might still be able to figure out something through your iwasdefinitelyacool15yearold@aol.com email address. "Many of us, myself included, also have a large number of 'dormant accounts' on websites that we no longer use," McGready says. "I'd fully recommend logging into these accounts and changing all the profile information before deleting the account."

It's important to know what accounts are open in your name.

Photo from Daderot/Wikimedia Commons.

7. Don't feel bad if it happens to you. Even IT professionals fall for it!

Georgia Bullen, technology projects director for New America's Open Technology Institute, recounts how she was hacked:

"My password wasn't secure enough and so someone had built a program that was logging into not-secure-enough accounts and then spamming."

What she felt at the time is all too familiar for anyone who's been hacked: "Embarrassed, confused, and then really worried that someone else was going to click on something from me."

8. Be smart, pay attention, and know what you're getting into with any website or service you sign up for.

This bears repeating because a little awareness can make a big difference.

What type of security for your accounts do you have?

Photo by Marcello Casal Jr/ABr/Wikimedia Commons.

9. Have a solid P@$w0rds plan.

Passwords are the Achilles' heel of the modern world — but there's a trick.

"It's totally possible [for hackers] to take one password, see where you've re-used it, and then get access to those accounts as well. And that's where the bigger danger happens," explains Harlo Holmes from the Freedom of the Press Foundation.

That's why, in general, passwords should be different for every website or service used, and consist of three random words, interspersed with special characters; a DiceWare password like "correct horse battery staple" is a good place to start.

Password managers can help out by creating unique passwords for you. Which leads to...

10. Use a password manager.

Password managers can generate strong, random passwords for you. And they keep track of all of your different passwords so you don't need to memorize them yourself.

All you need to do is remember one super-secure master password in order to unlock every other possible password combination. That way, says Bullen, you can't even make the mistake of verbally giving your password away because you genuinely don't know it yourself! (Unless it's your master password, in which case, ya know, don't do that.)

11. Set up two-factor authentication (2FA) for added security.

Safety is good, but a back-up plan is even better. 2FA sends a code to a device on your person just to make sure that the person logging in is really you. Even if your password does get compromised, the hacker probably doesn't have access to your smartphone, too. (Probably.)

Mozilla's Amira Dhalla explains how it works:

12. Consider using a separate email address — with a separate strong password — for important accounts like banking.

That way, even if you do use the same password elsewhere, hackers will have a harder time getting in to your important accounts. (Make sure this secondary email account has two-factor authentication, too!)

13. Be sure to hover over links before you click them.

"Links may look legitimate, but upon hovering, they actually redirect to a completely different place," McGready says. (Don't believe me? See what happens when you click on www.upworthy.com/definitely-not-an-upworthy-page.)

14. Always double-check the URL in the address bar. (But even that's not always safe.)

Ever notice that green padlock in your browser bar? It's a good sign! ... except when it's not. As McGready explains, "While it's true that this means your data is encrypted between your computer and the website itself, it doesn't legitimize the website."

routers, world wide web, computers, Wi-Fi

Using default passwords on the computer router can leave you vulnerable..

Photo by Michael Geiger on Unsplash

15. Secure your router.

It may seem harmless to use the default password for your router, but that can actually leave you vulnerable to hackers (there are even websites that can be used to find out different routers' default settings). And someone accessing your router can access pretty much your entire home network. So it's worth taking that small extra step of setting up a strong user name and password.

16. Be wary: These days, the internet is in everything from lightbulbs to baby diapers. Which is super cool! And bad.

McGready sees "the internet of things," or IoT, as the biggest online threat on the horizon. Even if you have worried about Amazon spying on you, you probably didn't consider who else could be spying on you through a vulnerable Wi-Fi or Bluetooth system built into your smart home. "The issue comes when these wireless chips are integrated by default on all products, whether the customer wants them or not," McGready explains.

17. Exercise a little extra caution.

It all boils down to the fact that humans are too trusting.

We trust that our friends aren't going to expose our address over Twitter. We trust that some disgruntled Angry Birds employee won't hijack our linked Facebook page because we didn't pay attention to permissions. We trust the green padlock in the browser bar that keeps our credit cards secure, even if the website taking that information wants to use it for a shady purpose.

Simply put, we trust that the internet is mostly good and that people are, too.

It's hard to solve a problem you can't see — which is why McGready is so passionate about teaching online safety.

"Show the public exactly what is possible and what they should be watching out for," McGready says. "It's one thing to tell someone that a scammer can send a text which appears to be from a legitimate company or a known person; it's another thing entirely to send a text to that person's phone which comes from 'Mum.'"

There's no "one weird trick" to protect us from the dangers of technology. But we can do our due diligence — as long as we know where to start.

This article originally appeared on 06.19.17

tech

Pop Culture

Heads up! That call from a panicky relative may be a scammer voice clone.

The FTC is warning people to look out for the latest scam trend.

via Pexels

A man makes a phone call from prison.

One of the oldest frauds in the book is the “your loved one is in trouble” scam. Scammers call posing as a grandchild or loved one in distress who claims they’ve been kidnapped or are in jail. The scammer may also impersonate a nurse, police officer, lawyer or other authority figure representing the loved one.

The scammer claims that the loved one needs money wired to the fraudster immediately to bring them to safety.

The scam is effective because the victim is under pressure to get them money quickly, so they don’t have time to consider the fact that it may be a scam. All the while, they imagine the torment the loved one is going through. The urgency of the scam makes it much more likely that the victim will hand over the money.

The FTC is warning people that scammers have given this scam a new technological twist by faking the voice of the loved one by using voice cloning powered by artificial intelligence.

None
— (@)

“Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie,” the FTCs warning reads. “We're living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member's voice—which he could get from content posted online—and a voice-cloning program. When the scammer calls you, he’ll sound just like your loved one.”

All fraudsters need to clone someone’s voice realistically is a 30-second clip of audio that they can easily rip from Facebook, TikTok, podcasts, commercials or Instagram. The voice-generating software synthesizes what makes a person's voice sound unique and then finds similar voices by searching vast databases. This allows them to replicate someone’s voice in real-time to create a phone call that sounds authentic.

It’s terribly difficult to detect the scam because voice-cloning software has become increasingly accurate. As AI technology improves, avoiding being fooled by the scam will become harder.

A scammer finds his next victim.

via Pexels

"It's terrifying," Hany Farid, a professor of digital forensics at University of California, Berkeley, told The Washington Post. "It's sort of the perfect storm ... [with] all the ingredients you need to create chaos."

FTC officials say that in 2022 Americans lost $8.8 billion to fraud, with imposter scams being the most common, and there’s usually no way to get the money back. Scammers usually demand payment through cryptocurrency, money wires, or gift cards, so tracing it is impossible.

The FTC wants people to think twice if they receive a phone call from a loved one in distress or someone claiming to be their representative, especially if they ask for money.

“Don’t trust the voice,” the FTC warning reads. “Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can’t reach your loved one, try to get in touch with them through another family member or their friends.”

If you are targeted by one of these voice clone scams, report it to the FTC immediately. You could prevent the next person from being scammed.

From Your Site Articles

scams

Pop Culture

People share society's biggest scams and honestly, they've got a point

Hot dog buns should absolutely have 10 buns per pack. Who decided on 8?!

Canva

People share society's biggest scams.

Some things have scam written all over them and you can spot it a mile away. Like the random commenter on your social media post trying to sell you a love potion or get you to call a "love doctor." Both of those things sound made up and besides, your profile clearly says you're in a relationship. But there are some things that are so ingrained in society that we just accept them as normal, even when they're really a scam. A Reddit user asked people to call them out. Truthfully, this thread will have you questioning everything because their points are valid.

It doesn't take much thought to come up with a few things that are total scams. I have a beef with the hot dog industry, because why are there 10 hot dogs in a pack but only eight buns? It makes no sense. Is it a conspiracy with the bread companies to get us to buy more bread? It makes literally zero sense. Some people have much bigger and more interesting gripes than I, so let's get into them.

Photo by Clarissa Watson on Unsplash

One user brought up text book codes, and yeah what is that about? You spend approximately $7,000 on a text book only for it to come with a one-time code. Someone made the argument that college textbooks in general were a scam because sometimes you don't even open them. I can personally attest to this. I once spent nearly $300 on a biology book that was "required" and it was never used because the professor only created test material from his lectures and his lectures were based off of his own personal notes (insert eye roll here).

Now this next one stings a little. A commenter pointed out annual raises that are almost always lower than the annual inflation, to which someone replied "you get annual raises?" Yikes. When thinking back on the jobs I've had, none of them provided adequate annual raises, even when they were called "cost of living increase." I can't help but wonder, whose cost of living only increased 0.5%? We should all move there.

Photo by Kenny Eliason on Unsplash

Convenience fees are another one that people have pretty strong feelings about and yeah, same. If you pay any bill online, including your rent, you're charged a convenience fee. Maybe in 1993 this fee would've made sense, but it's 2022, everything is convenient. What, do you expect people to leave their houses and go to the electric company to pay with a check? There are probably plenty of people walking around today who have no earthly clue where their utility company is located or how to properly fill out a check.

If you apply for services without having to change out of pajama pants, then you should be able to pay your bill without the added convenience fee. Why are we still pretending we are inconveniencing someone in order to pay online? Let's just stop this madness or the millennials will revolt. We already can't afford avocado toast anymore, the least you can do is let us keep that extra $3.

Health insurance. I feel like if you're reading this from America I really don't even have to explain further. But let's get into it for the grins and giggles of it all, because health insurance is probably our nation's biggest scam. The first problem with this monstrosity of a system is that it's essentially tied to your place of business, so if you lose your job, surprise, try not to get sick because you no longer have health insurance. The second issue that another commenter pointed out is that it costs an ungodly amount of money every single month, even though your employer is also paying a portion.

While you're paying your monthly premium you still have to pay co-pays, co-insurance and meet your deductible for things to be fully covered. I'm sure whoever came up with health insurance died an extremely wealthy person because according to the Reddit thread under this comment, health insurance is a joke and is bankrupting Americans.

Photo by Jonathan Cooper on Unsplash

Last on the list is bank hours and I have to agree because there's no doctor's excuse for going to the bank, so why are their hours so inconvenient? Hmm, I wonder if we can charge banks a convenience fee as most people have to leave their jobs to get to the bank before it closes. Fair is fair, right?

If you're looking for a deep sense of being duped, go check out the thread on Reddit. There are more than 11,000 comments exposing unsuspecting people to all of the societal scams we have fallen for with absolutely no instruction on how to fix them. I guess the joke is that we eventually buy into the scam or pretend we don't know it exists.

From Your Site Articles

Joy

After a local bookstore was scammed out of $35K their Detroit neighbors stepped in to save it

Photo by Jason Leung on Unsplash

Local bookstore scammed out of $35K

Communities coming together for a bigger purpose is always a feel good story, so when we came across this story from WXYZ Detroit, we had to share it. Imagine being in business bringing stories to your community and creating a space where everyone could feel welcomed, only for a stranger to try to take it away. That’s exactly what happened to the owners of 27th Letter Books in southwest Detroit when a scammer purchased $35K worth of books with fraudulent credit cards.

The bookstore, which only recently opened a brick and mortar location a little over a year ago focuses on bringing diverse titles and authors to their readers. One of the co-owners, Jazmine Cooper, told WXYZ, “There’s a lot of diversity in the titles that we choose.” Cooper discussed a book about Asian American mental health titled Permission to Come Home by Jenny T. Wang, PhD. Cooper explained, “there aren’t a lot of books that allow Asian Americans to have mental health issues or to read about mental health issues.”

Maintaining diversity is important to the small business and the highlighted title, Permission to Come Home is picking up popularity. But everything hasn’t been rainbows for the store because in May, someone pretending to be a customer was able to scam the bookstore out of thousands of dollars before they were able to catch on. Losing this amount of money could cause a small business to close its doors for good and that’s exactly what Cooper thought was coming next. But to her surprise community members stepped up in a big way.

In an effort to save the store, Cooper and her co-owner, Erin Pineda, started a Go Fund Me with the hopes that they would raise enough money to keep the doors open. The response was unimaginable and warmed the hearts of the two business owners. Pineda told WXYZ, “We had someone I remember come in the store and they were like I just started a new job and I don’t have a ton of extra income to donate but can you share a flier and I’m going to put it up at a couple different community spots for you.”

The entire $35K was raised in a matter of 10 days, thanks to the generous hearts of the southwest Detroit community. Now the store can continue its dedication to bringing diverse stories into the homes of their neighbors. But raising the money doesn’t only provide the community with books. It allows for the other programs to continue, one of which is the bilingual story time for kids.

It’s amazing what a little help from your neighbors can do. No worries about future opportunity grabbers that come in the form of scammers. Cooper and Pineda are reviewing their policies to make sure they never have to deal with the frustration of realizing you’ve been scammed. Pineda left off by imploring other business owners to review their own policies around online ordering to avoid their costly mistake.

Hopefully this bookstore will be around for many years to come and the next time you’re passing through Detroit on an extra long layover, or to visit family, stop by 27th Letter Books. Surely the owners have a title or two they can recommend to you.

From Your Site Articles

scams

Democracy

Here's why those tiresome 'auto warranty' spam calls may finally become a thing of the past

“We’ve been trying to reach you concerning your car’s extended warranty."

via Pexels

Fraudsters making auto warranty calls are finally on the outs.

Is there a sound on Earth that fills people with more rage than the following:

“We’ve been trying to reach you concerning your car’s extended warranty. You should have received something in the mail about your car’s extended warranty. Since we have not gotten a response, we are giving you a final courtesy call before we close out your file. Press 2 to be removed and put on our Do-Not-Call list. Press 1 to speak with someone about extending or reinstating your car's warranty.”

The Federal Communications Commission (FCC) says there have been more than 8 billion unlawful prerecorded message auto warranty scam calls sent to American consumers since at least 2018.

The scammers lure people in with the lie that they’re calling about a car warranty and then ask for sensitive financial information to defraud them. Unfortunately, even though Americans lost out on $39.5 billion last year to phone scammers, the government has not been very effective at stopping the calls.

A recent study published by The Ascent revealed that last year, 68.4 million Americans fell victim to phone scams with 20% being victimized on multiple occasions. The scams are more likely to defraud younger people and men.

The sheer number of annoying robocalls has driven many people to stop picking up the phone altogether.

\u201cI love that there was a period of time when it was like 'grrr someone should fix these robocalls' and then they never really did and now we just don't answer phones anymore\u201d
— Lord Businessman (@Lord Businessman) 1634048356

In 2019, Congress passed the Telephone Robocall Abuse Criminal Enforcement and Deterrence (or TRACED) Act but the audio-dialing industry has been able to keep a step ahead of the law. Fortune says that blame can also be placed on federal agencies whose inaction has allowed scammers to get off scot-free and big businesses for their "tacit support for robocalling.”

On July 7, the FCC announced that it is actively investigating the calls for formal legal violations. This step could mean the end of years of foot-dragging.

“Billions of auto warranty robocalls from a single calling campaign. Billions! Auto warranty scams are one of the top complaints we get from consumers and it’s time to hold those responsible for making these junk calls,” FCC Chairwoman Jessica Rosenworcel said in a statement.

\u201cIn the past 2 years, auto warranty scam #robocalls have resulted in more consumer complaints to us than any other unwanted call category. These calls usually claim your insurance or warranty is about to expire, and they often use PII to make it seem legit. https://t.co/Rc6t4ioUvn\u201d
— The FCC (@The FCC) 1657234017

It also sent cease-and-desist letters to top phone carriers asking them to stop carrying the calls within 48 hours from Roy Cox Jr., Aaron Michael Jones, their Sumco Panama companies and other international associates.

The FCC says that the Cox/Jones/Sumco Panama operation could be responsible for the 8 billion scam calls.

"The Enforcement Bureau will use all the tools at its disposal to protect consumers and U.S. telecommunications networks from the scourge of illegal robocalls," Acting FCC Enforcement Bureau Chief Loyaan A. Egal said in a statement.

Let’s hope that the new regulations passed by the FCC are successful at stopping these fraudsters who are annoying at best and at their worst, take advantage of the most vulnerable. A phone should be a means for communication, not an open hotline for scammers around the globe to try to take advantage of people.

Then, just maybe, we’ll feel free to pick up the phone again.

From Your Site Articles

scams

Family

How to protect yourself from phishing, from experts who deal with it every day.

True

Ever wonder what it's like to be hacked? Sarah Jeong did. So naturally, she decided to ask someone to hack her.

Jeong isn't just a random thrill-seeker — she's a respected technology journalist and lawyer, and she knew exactly what she was getting into when she recruited her friend Cooper Quintin of the Electronic Frontier Foundation to help her out. She wrote about her experience in GQ.

All it took was a couple of hours and some readily available tools, and Jeong joined the approximately 12% of the population who have fallen for a hack.

But even before she was successfully hacked — and don't worry, we'll get to that! — both Jeong and Quintin discovered some important truths about the world of online safety and what it takes to infiltrate it.

Here are just a few lessons from experts that we can all benefit from:

[rebelmouse-image 19531566 dam="1" original_size="2048x1536" caption="Photo by Blogtrepreneur/Flickr." expand=1]Photo by Blogtrepreneur/Flickr.

1. Most hacking isn't done by master "Matrix" coders.

For most people, "hacking" tends to evoke one of two images: a stereotypically out-of-shape nerd in their parents' basement or a sleek, leather-clad cyberpunk in a Guy Fawkes mask who moonlights as an extra on a Wachowski movie.

But in reality, most of what we call "hacking" is actually "phishing." In fact, last year, then-Secretary of Homeland Security Jeh Johnson said that phishing is the threat his department fears most.

[rebelmouse-image 19531567 dam="1" original_size="1024x559" caption="THIS IS NOT WHAT HACKERS LOOK LIKE. Except when they do, which is sometimes. Photo by Vincent Diamonte/Flickr." expand=1]THIS IS NOT WHAT HACKERS LOOK LIKE. Except when they do, which is sometimes. Photo by Vincent Diamonte/Flickr.

2. Phishing is a type of scam that disguises itself as something trustworthy.

It can be an email, phone call, or text message, and it then tricks you into giving up your passwords, credit card numbers, and more. All it takes are some clever social skills plus some free online tools used by information security professionals that, technically, anyone can use. (A little coding knowledge doesn't hurt, though.)

3. Many hackers are savvier than you might think.

It doesn't matter if you have the best anti-virus software installed on your computer and run daily checks for malware along with Ghostery and ad block to keep your online browsing extra-safe. Don't get me wrong — viruses and malware are still dangerous. But phishing isn't about computers. It's about people. And that's a lot harder to protect against.

"Phishing isn’t (just) about finding a person who is technically naive," Cory Doctorow, a sci-fi author, journalist, and technology activist told Locus magazine. As savvy as he is, even he fell for a phishing hack back in 2010. "It’s about attacking the seemingly impregnable defenses of the technically sophisticated until you find a single, incredibly unlikely, short-lived crack in the wall."

"It’s a matter of being caught out in a moment of distraction and of unlikely circumstance." In other words, it can happen to anyone.

[rebelmouse-image 19531568 dam="1" original_size="1200x624" caption="Smile! I'm stealing your identity! Image via Pixnio." expand=1]Smile! I'm stealing your identity! Image via Pixnio.

4. The terrible typos and grammar in some phishing schemes are intentional.

You're probably familiar with the classic "Nigerian prince" phishing scheme, where some kind of foreign dignitary emails you and offers you a ton of money to help facilitate the transfer of their new bajillion-dollar inheritance. You also probably know that these emails are famously riddled with grammatical errors and totally implausible premises.

What you might not know, however, is that these "mistakes" are done on purpose in order to target the most gullible people. That way, reports Business Insider, the scammers don't have to waste their time trying to persuade rational skeptics to give up their bank account information.

[rebelmouse-image 19531569 dam="1" original_size="1280x852" caption="Photo by Nate Grigg/Flickr." expand=1]Photo by Nate Grigg/Flickr.

5. To hack a specific person, all a hacker needs is social media.

You know those silly memes where you find your "porn star name" (or whatever) by using the name of your first pet and the street you grew up on?

Now think about those security questions you had to answer for your online bank account — things like, oh, the name of your first pet, the street you grew up on, or your mom's maiden name.

Yeah. See the connection there? If a hacker wants to social-engineer their way into your bank account, all they need to do is poke around your public accounts to find those little bits of information. These targeted attacks are called "spearphishing," and they're why Doctorow recommends that people "only use Facebook to convince your friends to communicate with you somewhere other than Facebook."

[rebelmouse-image 19531571 dam="1" original_size="1280x856" caption="Image from Pixabay." expand=1]Image from Pixabay.

6. Be careful what you open — even when it's sent by someone you know.

Jeong was hacked after she clicked on a malicious link made to look like it was sent from someone she knew.

To hack her, Quintin just had to scour Jeong's online presence until he found an acquaintance who could plausibly email her. He made a fake email address — using that person's real-life profile picture and everything — and that was all it took to get Jeong to give up her information.

Fake Google Docs scams, like the one she fell for, are increasingly common. In these cases, the target receives a phishing email that looks like a standard invitation to Google Docs sent from a trustworthy source — except that both the sender and the link are actually malicious frauds. This link will bring you to a landing page that resembles the standard Google password screen or bank login page you thought you were clicking on, and the hacker can use that to capture whatever password or personal information you enter into the false form.

7. Double-check your URLs.

Always make sure you're really on the website that you think you are before you enter any sensitive information.

How do you tell the difference? Generally speaking, the domain name should look like "[blank].google.com" or "bankofamerica.com/[blank]." If it's something hyphenated like "accounts-drive-google.com" or "boa-accounts-login.com," well, you should probably think twice about it.

(Another helpful tip is to look for SSL certificates, which usually appear as a lock or green text in your browser bar — but even that's not totally reliable.)

[rebelmouse-image 19531572 dam="1" original_size="1280x850" caption="What is real? What is fake? Image from Pixabay." expand=1]What is real? What is fake? Image from Pixabay.

8. You should definitely use two-step authentication.

I hate to break it to you, but your p@$$w0rd probably isn't very safe. The least you can do, according to CNET, is turn on two-step authentication. That way, every time you log in to an unfamiliar device, you'll get a text message with a secret code just to make sure it's you — because even if someone gets your password, they probably don't have your phone, too.

Unless they, um, literally walked into the AT&T store and charmed a sales rep into changing your phone number over to their phone. Which happens.

9. And use a password manager.

If you want to be extra extra safe, use a password manager such as LastPass, then set up a DiceWare password like "correct horse battery staple" (or some of these other great ones recommended by the Intercept) that are incredibly easy to remember but next-to-impossible for hackers or computers to crack.

[rebelmouse-image 19531573 dam="1" original_size="1280x959" caption="Image from Pixabay." expand=1]Image from Pixabay.

10. Remember the greatest flaw in your internet security is the trusting nature of other people.

A trusting customer service rep can easily compromise you without realizing it. Your friend who mentions you on Facebook can do the same.

Heck, my wife has a fairly gender-ambiguous name, and I can tell you from personal experience how easy it is to call up the bank and pretend I'm her — even when I have to charm my way around a security question about her high school mascot. Which, yes, I've done.

As Jeong wrote, "Successful social engineers are not just perfectly capable of interacting with human beings — they are talented manipulators who take advantage of our willingness to trust our colleagues, friends, and family."

"You can turn your digital life into Fort Knox and still be undone by an overly trusting salesperson behind a desk."

[rebelmouse-image 19531574 dam="1" original_size="1280x851" caption="Basic rule: Always look over your shoulder. Photo by Arthur Harry Chaudary/Wikimedia Commons." expand=1]Basic rule: Always look over your shoulder. Photo by Arthur Harry Chaudary/Wikimedia Commons.

There's no way to protect yourself from every possible online vulnerability. But that doesn't mean you shouldn't try!

As we've seen, the power of the internet can used for good or evil. All it takes is one trusting click, and even the savviest security professionals can find themselves compromised.

The best you can do is be smart and pay attention. A tiny bit of paranoid skepticism will save you a lot of time, stress, and energy in the long run, and that'll free you up to enjoy all the wonderful things that the internet has to offer. Trust me.