Alert Africa | Keeping Safe in the Holidays

Keeping Safe in the Holidays

Keeping Safe in the Holidays

Posted by Msizi in Awareness, Cyber security

With the festive season having arrived, and the new year coming soon with all of its New Year’s resolutions, now is a good time to consider tightening up your online security and getting on a good track for the new year.


Discussed below are some tips to improve your awareness and to help keep you safe in the festive season:


You Should Clean Up Your Passwords Before Christmas.

Too many people are still using passwords like “123456”, “password” or particular phrases meaningful to them which are easy to remember. An important rule to follow is to have a different password for each site you are registered for. Don’t recycle passwords across multiple sites, and make each password super strong and long.


If you struggle to remember all your passwords, consider using a password manager like Lastpass, Keepass or 1password. Use a strong password and use two-factor authentication for added security. For advice on creating good passwords, watch this video provided by Sophos.


Defend Yourself from Ransomware by Backing Up Your Files.

Think of all the things that could go wrong with your hard disk and your data. Be it lost, stolen, damaged, broken, accidentally deleted, hardware failure, as well as ransomware. Ransomware is the punch-in-the-face malware that scrambles your files, sends the only copy of the decryption key to the crooks and then offers to sell the key back to you. With a decent, recent backup you can recover from most of the situations listed above.


Always keep at least one backup offline and offsite, e.g. on a removable disk in a safe deposit box or at a trusted friend’s house. Also use a backup program that encrypts your data securely so only you can restore it.


Remember, the only backup you’ll ever regret is the one you left for another day.


Set Your Facebook Posts to ‘Friends Only’

You wouldn’t go up to a stranger in a street and tell them what you’ve been up to, so why would you let just anyone see what you’ve posted on Facebook?


Set your posts and photos to be seen by “Friends only” by clicking on the down arrow at the top right of any Facebook page and choose Settings, then select “Privacy” from the menu on the left. Under “Who can see my stuff?”:

  1. Click “who can see your future posts?” Then choose to limit the posts to “Friends only”, or a custom list of people you choose.
  2. Click “Limit the audience for posts you’ve shared with friends of friends or Public?” Click “Limit Old Posts”


To view your profile from a third person’s point of view, go to your profile and click the three dots on the bottom right of your cover photo. Click “View As…” this will then display your profile as seen by anyone who isn’t your friend.


Hang Up On Fake Support Calls

Unsolicited technical support calls are common things, it is a scam that has been going on for years, and it goes something like this:


You receive a phone call or sms, or a popup on a website, and the message tells you that there’s a virus of some sort on your computer. If the “warning” arrives in an SMS or a pop-up, you’re urged to call a “support line,” typically a free number that seems harmless enough to dial. These “support techies” typically imply that they are from Microsoft or Windows and they have some official-sounding reason to be talking to you. These calls are all bogus and you’re about to be squeezed into paying for a service you don’t need, and which wouldn’t fix your problem even if the caller were telling the truth.


There are various story lines the call will follow, but in the end the scammer will insist that a virus infection has been traced to your computer and that you need to let him help you fix it. If you cave in, you’ll end up paying by credit card for a remote-access support session or some software that you didn’t need, that you can’t trust and that won’t solve the problem you didn’t have.


Encourage your less tech-savvy friends and family not to yield to this sort of pressure. End the call right away.


Change Default Passwords on Baby Monitors and Webcams

If there is a default password on any internet-enabled camera, the crooks know what it is. In other words, if you don’t change the password from the default one then you are making it much easier for a cybercriminal to hack in and watch whatever you have filmed.


Don’t make it easy for thieves: change passwords from their defaults and make sure you pick a proper password. If you are unsure how to set the password, try the camera vendor’s support forums for help


Ignore Padlocks Inside Web Pages

Many web addresses start with “http://” which is short for “Hypertext Transfer Protocol”, the language that browsers and web servers use when they talk to each other. These days, an increasing number of websites start with “https://”, which means “HTTP with added Security”.


HTTPS isn’t perfect but it helps a lot. When you make an HTTPS connection, a padlock appears in your browser’s address bar, and you can click on the padlock to find out more about who’s at the other end. This provides authenticity.


Also, when you use HTTPS, the data you send back and forth is encrypted, so that other random people can’t eavesdrop on your network connection and see what you have been saying to your bank. Additionally, they can’t intercept and change what you and your bank are discussing.


If a site where you would expect security doesn’t use HTTPS, stop at once – you are probably on a fake site that’s phishing for your password. Be sure to always look for the HTTPS padlock and associated security information in your browser’s address bar.


Never rely on anything that’s inside a web page to convince you that the page is secure, because the content of the page is controlled by the web server at the other end. A picture of a padlock inside a web page is just that: a picture of a padlock.


Turn off Flash

Want to do one single, simple thing to drastically improve your security during this festive season, TURN OFF FLASH (the program, not the camera feature).


Turning off Flash deprives malware writers of one of their favourite toys, and it stops con artists preying on your hair trigger for Flash security updates by using them as camouflage for malware. It also deprives marketeers and advertisers of one of their most annoying toys, stops them from tracking you across multiple browsers with Flash cookies and makes you far harder to fingerprint online.


It might seem difficult at first but remember that iPhone and iPad users have been Flash-free from the get-go and they seem more than happy with their lot.


If you still can’t see the writing on the wall, consider that Adobe – the maker of Flash – is airbrushing the name out of existence and that even its newly monikered Adobe Animate software thinks you should seriously consider HTML5 as an alternative.


Free iPhones Aren’t Free

Time and again we see scammers using implausible promises of free stuff to lure in people.


Perhaps they want you to spam your Facebook friends by sharing something, maybe they want to take you to a phishing page, or perhaps their goal is to get you to inadvertently download malware. Whatever the reason, it’s not worth taking the risk.


NB: If something looks too good to be true, it probably is. So do yourself and your friends a favour and avoid sharing


Think Before You Share on Social Media

Whether it’s photos of other people, your credit card details, the fact that you’ve holding a really amazing party on Friday night or anything else, stop and think before you share.


Once it’s out there on the internet it’s extremely hard to take it back


Don’t Put Off Those Updates

Putting off updates is a bit like noticing that your drivers license just expired and figuring, “It’s only a couple of days over – I’ll stop at the Traffic Department on the way home and renew it.”


You’ll probably get away with it, just like you did last time but there’s a lot that could go wrong, so you’re not really doing yourself a favour.


Remember: a brand new security update might cause you a problem, but show-stopping bugs in updates are actually rather rare these days. On the other hand, an unpatched zero-day security vulnerability will leave your computer open to the crooks, and they will take advantage if they can.



Ask Permission to Post Photos, Not Forgiveness

There’s a famous saying: “it’s easier to ask for forgiveness than for permission.” The idea is that the best ideas and the coolest stuff often emerge when you have the guts to back yourself and just Go For It, but this excuse only seems to work if your unauthorized efforts were a staggering success. If you do something you’re not supposed to, and it doesn’t come off, you will find yourself wishing you had asked first.


If you take a photo and the people in it pose happily, then you probably don’t need to ask for permission before posting it on your favourite social media site, but don’t publish photos of other people without asking them first.


Don’t Email Your Credit Card Details

You might end up buying various unusual items during the holiday season, and if you and the seller can’t figure out a conventional way to handle the payment, you may be tempted to fall back on emailing them your card details so they can process the transaction at their end.


It’s easy to convince yourself that “it’ll probably be OK.” However, no matter how much you trust the seller, you can’t reliably control an email once it leaves your email program or your browser. That email could end up in the hands of cybercrooks, even if the seller handles it with care once they’ve received it.


If in doubt, don’t give it out!


Take Care if Internet Friends Ask for Money

Lots of us have friends who we think we know pretty well, but we have never actually met them. We “know” them via e-mail, Twitter, Instagram, or in a number of other ways.


Unfortunately, some internet friendships aren’t what they seem – because it’s easy to pretend to be someone else when online.


It could be a work-from-home job offer that requires you to accept deposits through your bank account and pay the money to a third party. It could be a casual online friendship where money will suddenly enter the equation, with the other person starting to put the pressure on for you to help with expenses, or join in an investment scheme. It might even be an urgent but bogus electronic message from a real-world friend whose account has been hacked, unexpectedly asking for an urgent money transfer because they’ve been mugged while on holiday, or had their hotel room cleaned out. There are to only name a few possible scenarios.


We are not suggesting you need to be ruthless and hard-hearted this holiday season, but be careful when an internet relationship moves into the “about the money” stage.


Beware of Login Links in Emails

Phishing is where crooks “fish” for personal details you wouldn’t give them if they asked outright – information such as date of birth, ID number, login name, password, bank account etc.


Most phishing attempts happen by email and the process is simple and effective. The crooks send you a lure, such as free stuff, or a warning or a scare. The email’s goal is to get you to take action right away, and it handily provides a clickable link for the purpose, which takes you to a signup page, or a login screen, or an account summary page.


If the criminals have done their homework, the web form that appears will look spot on, because the crooks usually rip off the layout, the logos and the JavaScript straight from your bank, or whatever the site claims to be. As a result, you willingly enter your personal details, and click submit.


Only then do you find out that you just submitted the web form to a bunch of crooks instead of to the real site. With a bit of care you can usually spot a fake web page fairly easily (the website in the address bar will be wrong, or the web page will be unencrypted, or simply because it “looks a bit dodgy).


To test the validity of a link or website, copy the link and go to Here you can enter the link and the website will tell you if the link is legitimate or not. Ultimately, the best advice would be to not click on login links in emails.


Set Your Facebook So You Can’t Be Searched For By Phone Number or E-mail

By default, anyone can look you up on Facebook via your e-mail address or phone number. You can change your privacy settings to limit who’s able to search for you by doing the following:

  1. Click on the down arrow at the top right of any Facebook page and choose “settings”.
  2. Select “Privacy” on the left. Under the “Who can look me up?” section, you will see a setting for your email and a setting for your phone number.
  3. Use the dropdown menu next to each setting to select who can look you up using that information. The options are “Friends”, “Friends of friends” or “Everyone”.


You can remove your mobile phone number altogether but that would mean Facebook can’t send you login approvals, which ensures that you don’t get locked out when using an unrecognised computer or mobile device to log in.


Logout When You Are Done. Yes, Even From Facebook!

We know how convenient it is to login to Facebook in the morning, or at the beginning of the week, and to tick the “keep me logged in” box. It’s even more convenient to stay logged in via mobile apps, because typing a suitably long and secure password is harder and more error prone on a phone than it is on a regular keyboard.


The problem is that staying logged in comes at the cost of reduced security. Social media sites love what they call frictionlessness, which is a fancy way of saying “We want your clicks to count, every time you click, with no need for a second thought, and with no pesky pop-up login window.” But sometimes a second thought is exactly what you want.


“Reply All” is probably not what you want:

Whether you will be passing on Christmas greetings, or making plans to meet up with friends or colleagues, you may end up with e-mails that have plenty of recipients, possibly including people who you don’t know very well, or who are your boss’s boss’s boss.


The reason for this is, if you receive an e-mail from someone in your company concerning a meet-up, with other departments in the company being CC’d, you probably don’t want them to see your reply about, for example, how you are planning on having too much. Replying to all will send the message to everyone, instead of just the sender.

15 Dec 2015 no comments

Post a comment