Protect Your Information From Website Hacks

It seems like I receive an email monthly about my information being stolen from one of the websites I use for online business. This month it was AT&T, last month Bank of America, and the month before, Farmers Insurance. Every day, there are data hacks where people steal your information.

You might ask, why is this happening? Do these companies just not care about your information, or is it something else? I believe that companies genuinely do their best to safeguard your information, and their security is pretty good. However, the weak point lies in the failure to train their employees.

Hackers are constantly sending out malicious links via emails, using fake addresses. They make their websites appear genuine, duping people into giving up passwords and other information. Hackers purposefully send emails to companies in the hope that some employee will click on a malicious link, granting them access to their security. Once in, the damage starts.

Companies should label every email that does not originate from inside the company with a warning: “This is an external email – do not click on links or attachments.” While the company I work for does this, companies receive emails from outside their organization at all times.

The reality that people must understand is that you should NEVER click on a link within a chat, text, or email. Recently, many people were hacked by a popular video meeting program. Malicious emails were sent to users, instructing them to upgrade their software to access the latest features. However, clicking on the link installed malware, infecting their computers and stealing information. If you receive information about upgrading software in an email, ignore the link. Instead, visit the actual website, such as Adobe.com or Zoom.com, to check for updates.

Many text messages claim that your account has been compromised, a tactic often used with streaming applications like Netflix, Amazon Prime, Hulu, and others. Nobody legitimate will ever text you asking for information. Clicking on their links or calling them will lead you to a hacker whose sole purpose is to obtain your credit card and banking information to steal your hard-earned cash.

The company I work for provides hacking and phishing attack training. They even had a video in one of their online courses featuring a hacker explaining how they infiltrated company email systems. The malicious links provided them with access and passwords, enabling them to send out fake billing and redirect payments to themselves from vendors. Many of these links offer high rewards, requiring just a few clicks from untrained individuals to breach security.

Understanding this, you now comprehend why your information is constantly being hacked. It isn’t the fault of the company’s security; it is almost always the fault of an untrained employee.

Now that you are aware of this, here are some actions you should take:

1. Use a different password for each website you do business with to minimize risk if one site gets hacked.
2. Use a long, difficult-to-crack password. Consider using your browser’s suggested passwords and a password manager to remember complex ones. Download a password manager.
3. Never click on any links in emails you receive from businesses. Always visit the website directly and log in to review any information.
4. Avoid clicking on any links in social media. If you receive a suspicious message, contact the person directly using a secure messaging service or phone, but never respond through your computer.
5. Always scrutinize the sender’s email address. Hackers often use addresses that closely resemble legitimate businesses.
6. Look for misspelled words and sentence structure issues, common indicators of malicious emails.
7. If you’re unsure about a web link, use a malicious link checker tool. Copy and paste the link into a website like https://www.urlvoid.com/ or https://sitecheck.sucuri.net/ to verify its legitimacy.
8. Remember, no legitimate business will ask you to update your information via email or phone. If you receive such a request, call the business directly or delete the email. Report suspicious emails as spam or block the sender.

There are many ways to get hacked, with most damage caused by clicking on malicious links or visiting malicious websites. Use a reliable antivirus program and a tool that warns you of malicious links online.

Opt for a secure web browser like Firefox, which blocks third-party cookies by default and prioritizes privacy. On Firefox use the strict setting in the Privacy and Security Tab under settings. Using the Standard Setting only blocks known and suspected finger-printers on private browsing pages. Changing the setting to strict will block known and suspected finger-printers on all pages. Keep in mind a couple of websites will break with this setting. Follow this link for instructions on how to make exceptions for certain websites that break (and you want to allow). https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?as=u&utm_source=inproduct#w_what-to-do-if-a-site-seems-broken

Also you should not be using Google DNS unless you have to. Google DNS (Primary #) is 8.8.8.8 and (Secondary) number is 8.8.4.4. Google has privacy and security issues. If you are using Firefox your searches are already tunneled to Cloudflare. Other services use what ever is programmed into your Router. Cloudflare DNS numbers are (Primary) 1.1.1.1. (Secondary) 1.0.0.1. if you want to set them in your router. Cloudflare is usually faster than Google because most people use Google. If you tunnel through a VPN you will be using whatever your VPN has set up for you, however the address you connect to will be different than your actual address – so browsing through a VPN is the other option if you don’t want to change your DNS settings.

Additionally, consider using a privacy search engine like DuckDuckGo. When browsing on your phone away from home, use a VPN for added security. A VPN at home will also hide your IP address so that is recommended as well. Use a good VPN – the free ones are not good. I use Norton, and Proton has a good free one.

Stay safe! I hope this information helps prevent you from being compromised in the future.