Staying Safe on the Internet: Avoiding Common Online and Email Pitfalls

Third and last in a series of articles on ‘Staying Safe on the Internet’

Fraudulent emails and cyberattacks are no fake news – they are daily threats to your inbox and online activity.

The good news is that taking common-sense precautions and not letting your guard down can go a long way toward keeping scammers and hackers at bay.

Altair communicates regularly with clients on these threats and follows rigid protective practices to minimize online risk. Chief Executive Officer Rebekah L. Kohmescher, CFP®, CPA, one of Altair’s founding partners, takes a look at common threats and offers tips to avoid them.

She previously discussed how to manage your passwords and ways to guard against identity theft in Q&A articles.

Q: How can I avoid phishing scams, particularly with emails related to my account?

A: Phishing – the use of fraudulent emails or texts or copycat websites to get people to share personal information – is becoming increasingly common. Our clients should always keep this in mind when receiving emails purporting to be from a trusted financial firm, including Altair. One scam we are seeing a lot lately involves fake emails from DocuSign asking clients to “Click here” to sign something. In a word: Don’t.

Besides being cautious about clicking on links in emails or opening attachments, there are several things you can do:

  • Do your own typing – don’t click on links that come in a notification email. Even if a link looks legitimate, the true destination may have been disguised by a scammer. In the case of DocuSign, access your documents directly from by entering the unique security code that always is provided at the bottom of an authentic notification email.
  • Be particularly suspicious of emails with generic greetings and/or a false sense of urgency. Fake emails often begin by saying, for example, “Dear DocuSign customer.” They also try to deceive you with the threat that your account is in jeopardy if you don’t provide immediate information.
  • Make a call if you are unsure. Call Altair if you have any doubt whatsoever that the email you received concerning your account is legitimate. Remember that fake emails may include a forged (“spoofed”) email address in the “From” field.

For related consumer tips, google ‘FTC phishing.’ (See? Didn’t make you click!)

Q: How can I make myself less vulnerable to cyberattacks on social media?

A: Once again, an important and easy precaution is to avoid careless clicking. Cyber criminals increasingly use Facebook and other social media platforms to distribute malicious browser extensions and ransomware. Two of the most popular types of attacks are link-jacking, redirecting users from trusted websites to malware-infected sites, and like-jacking, when criminals post fake Facebook “like” buttons to web pages and get you to download malware by clicking on them. Don’t click on unfamiliar links.

The same goes for rogue friend or application install requests. Accepting such requests may mean giving up far more access to your social media account than you think.

Oversharing on social media accounts also is unwise. The more details about your life that you allow others to see in your Facebook or Twitter profile, the more at risk you are to leaking information that could be used for account takeover.

More than 600,000 Facebook accounts are compromised every day. The main reason is that users generally trust their circle of online friends. But accounts can be spoofed or imitated so that an attacker appears to be one of your trusted friends. Please think before you click.

Q: How can I best ensure the security of my smartphone?

A: There are several effective steps you can take.

  • Use encryption. Opt for the built-in encryption feature in your phone. Encrypting the phone will store all its data into scrambled unreadable form. If it is stolen, the thief will not be able to gain access to your emails, photos or personal information.
  • Set a numeric password of more than four digits. Take advantage of the 6-digit option on your iPhone, or up to 16 on your Android.
  • Update your software. Keep your software up to date to protect against the latest threats. Download updates for your phone’s operating system.
  • Avoid or at least limit activity in public Wi-Fi spots without a secure connection. To gain a secure connection, create a VPN (virtual private network). You can obtain the software to encrypt your connection. Among the best-known are GhostPath, IPVanish and Private Internet Access – google CNET’s Best VPN Services of 2017 for specifics. Some entail a monthly or annual fee. It may be a wise investment if it heads off hackers lurking on public Wi-Fi.
  • Turn off Bluetooth. If you are not actively using an enabled device, such as a headset, make sure your Bluetooth is turned off in order to shut down the wireless connection between your phone and other devices or phones.
  • Turn on the Limit Ad Tracking (or Opt Out of Ads Personalization) setting on your mobile device. This will make you anonymous to most app and mobile web ads and vastly increase your digital privacy on mobile.
Q: What do I need to know about anti-virus and anti-malware programs?

A: The most important thing to know is not to go online unprotected in an era when computer hackers, viruses, online scams and digital extortionists are rampant.

Be sure to install virus protection to ward off external threats to your computer. McAfee, Norton and Kaspersky, among others, all offer good programs. Expect to pay $20 to $40 per year for the protection. Free antivirus programs also can be good but they offer limited options.

Ransomware – a type of malware that prevents users from accessing their system and may threaten to publish their data online unless a ransom is paid – sometimes can get around traditional antivirus protection programs. It is generally spread through email and errant links.

The best way to prevent ransomware attacks is to install updates to your operating system and all your software as they become available.

In keeping with all our other advice about internet safety, you need to be vigilant – be constantly on the lookout for emails that seem suspicious and err on the side of safety every time you have a doubt about an email, a download or a click.

Q: Scams, spoofs, malware, viruses – it sounds riskier than ever online. Any closing thoughts about all these risks?

A: There is no failsafe solution to fend off all the online threats we have discussed. But by taking just a handful of security measures you can greatly improve your safety. Your common sense and awareness should enable you to still cruise the internet with confidence and minimal issues.

The material shown is for informational purposes only and should not be construed as accounting, legal, or tax advice.  Altair Advisers LLC is a registered investment adviser with the Securities and Exchange Commission; registration does not imply a certain level of skill or training.  While efforts are made to ensure information contained herein is accurate, Altair Advisers cannot guarantee the accuracy of all such information presented.