Magic of online security

pict of user being phished

If there is one magic silver bullet that will help you maintain your online security, it is critical thinking skills. If you read my previous article on the basics of online security, you may recall that I stated there is no single thing that can automatically keep you safe. You will, therefore, recognize the title here and the opening statement as the hyperbole it is meant to be. In other words, there no magic silver bullet that maintains your online security automatically. While there is no single thing that can guarantee 100% online safety automatically, having rock-solid critical thinking skills is the next best thing.
There are probably entire college courses devoted to the acquisition of critical thinking skills, so I won’t be able to do that justice with a single blog post. I will endeavor to at least explain what I mean by critical thinking skills and how it helps you stay safe online.
Somewhere I once heard the advice “treat every day as if it was April 1st,” and I love that advice. On April fools, people do seem to make it a game if not a mission to figure out who is trying to pull a prank online, and they tend not to believe anything online that day. Then every other day, they seem to eat up anything that anyone puts online. If everyone put as much effort into identifying the scams online as they do recognize the April fools pranks, there would be much less crime online.
Critical thinking is about being critical about everything you read online. I know that is a bit of a recursive definition, so let me try to explain more.

To maintain online security, you need to be suspicious about everything you read online, whether it is on Facebook, Twitter, some blog, a News Site, your email, etc. The idea that “I read it online so it must be true” could not be further from the truth. Also, just because something is going viral on Social Media does not make it real. Like the old rumor mill, things don’t become true just because a lot of people are repeating it. Even viral videos don’t prove anything; they are frequently taken entirely out of context, manipulated, or outright fakes. We have fantastic technology these days, and it is often used for evil instead of good. There are a lot of people out there that get their kicks from spinning people up and get them fighting about nothing. Those people spread half-truths and deep fakes for their enjoyment. Some even go so far as setting up automation to help them spread their garbage faster and farther by setting up something called a bot farm. The term bot is derived from the term robot, and it is simple automation that carries out a specific task such as posting to Facebook.
Then, there is a whole class of online criminals that are termed “Social Engineers” in the cybersecurity world. I think the term “scammers” or “fraudsters” are much better terms. These criminals have been around since the dawn of time, and they use their trade to trick you into doing something you shouldn’t, buying something you regret or defrauding you in one way or another. The Play/Movie, “The Music Man,” depicts a man particularly skilled in this area. Many other movies depict similar tactics, but that is the first one to pop into my head.
One particularly prevalent subsection of Social Engineering is called phishing. Phishing typically happens over email and is geared towards tricking you into installing malware on your computer or getting you to click on a link. The goal generally is to either take over your computer so it can be used for criminal activity or to steal your identity. I go into a lot more details about phishing in my book, but I’ll touch on few pointers here. Please note that while email is the most prevalent method, a modified version of phishing also happens via text and voice mail.
In my book, one of the running themes throughout the book is don’t click on links in email or open attachments. If you never click on any links in email or open attachment falling for email phishing attack just became practically impossible.
The general theme of a phishing email is pretending to be a safe email from someone or something you know. This is where critical thinking comes in again. Here being distrustful will save the day. How do you know that email is from who it claims it is from?
One of the hallmarks of a phishing email is urgency; you need to click that link right this very second or face immediate financial ruin. Be extra wary of these emails.
Back to the idea of being distrustful, if you want to maintain online security, you can not trust anything online or take anything at face value. By that, I don’t mean that you can’t trust your buddy online even though you trust them in real life. I mean, don’t believe that really is your buddy.
Time for an analogy. I hope you are a Mission Impossible fan or at least are familiar with what it is all about. Imagine Ethan, the lead character, is using some government level tech to change how he looks and how he sounds so that he can get past security and complete his mission. There is a scene like that at least once per movie, if not more. I don’t know if this is actually possible in real life or if this is pure Hollywood fiction, but this is trivial to do online.
So let’s say for the sake of demonstration that you are a character in a Mission Impossible movie and you have some high-level access that Ethan needs. So Ethan dresses up like your best buddy and uses his tech to create a mask that makes him look and sound like your buddy. He calls you up and invites you out for a drink. At first, you’re glad to see your buddy, but then you start to get this gut feeling that something is off. You see, Ethan may be able to change his voice and create a mask that looks like your buddy, but copying your buddy’s mannerisms and the way they carry a conversation is much harder. What do you do, do you brush off the gut feeling, or do you throw out a curveball to test this person? If you are smart, you test them to show them for the imposter they are. I’m pretty sure there is a scene like this in at least one of the movies 😀
Now translate this to online behavior, if you get a message claiming to be from your buddy, do you just accept it, or do you analyze to see if it sounds like your buddy? The smart and safe approach is to be suspicious.
Again a lot more details about this in my book, so if you are looking for more details on how to maintain online security you should check out my book. If you have any questions, feel free to shoot me a note.