Before we get any further, EE Times
needs you to click here
to confirm your identity.
Ok, I’m pretty sure most of you didn’t fall for that (though you were sorely tempted to click and see what happened, right? RIGHT? Go ahead, I still dare you….).
The point is, this morning’s LinkedIn hack and the subsequent slew of phishing emails attempting to get people to update their account information via dodgy embedded links distressed me somewhat.
It’s not about trust issues. It’s about our lack of trust issues.
It’s about the fact that most people use the same basic, easily hackable password for all their online accounts, and never change it.
It’s about the fact that people don’t see the big deal in having their password cracked. (Overheard today: “So, my Linkedin password got hacked, what’s the worst that can happen? They send my CV out?”)
It’s about the fact that even intelligent, savvy people click on things they shouldn’t and get infected with malware that then spreads through their networks, making them look like amateurs.
Gee, somebody is spreading rumors about me? I better click and find out what they’re saying. AMATEUR.
Someone I rarely talk to has a link to a funny photo of me they want me to click on? AMATEUR.
Wow, my boss lost 15 lbs on some kind of revolutionary diet that he’s sharing with me through a link on Twitter? Click. AMATEUR.
No, seriously, people, what is up with that? You may as well forward your bank account details to that African prince who keeps emailing you, because, you never know, it might be legit!
Of course, I’m just busting your chops here, and to be honest, I’m pretty sure most people reading this feel as much disdain for the amateur tactics described above as I do. Just in case, though, here’s a few quick recommended steps to ensure you’re not being an online chump.
First, change your passwords. Now, please.
Use at least one capital letter and at least one symbol, but don’t make it so complicated you can’t remember it. See the brilliant comic from XKCD below:
Also, using the same password for all accounts is risky business – eggs, basket…. Don’t make me explain this, people! – mix it up, and if you need to, leave yourself clues or hints that can help jog your memory.
LastPass/One Password/KeyPass – they’re all good universal password services, and I highly recommend using them. Especially if you’re not very good at remembering a lot of different passwords. They’re very secure and easy to use.
Lastly, use some common sense. If an email seems dodgy, check the email address. Or google it. If an email asks you to click a link to update information, be suspicious. Always go DIRECTLY to a site to update your personal details.
Rocket science is what you engineers do…. This? This is child’s play.