I got alarmed with the number of phising instant messages (YM) and emails I’m receiving lately. What’s more alarming is that they come from members of my family indicating that their machines are infected. In fact, I think my mother’s netbook is also infected! We’re thousands of miles away and I can’t fix her netbook right away (I’ll remotely connect to her PC tomorrow to fix it.)

In that note, I decided to list down what I apply to secure my profiles. I’m sharing it to my family to remind them on how to better secure their machines and online profiles.

Best Practices

  1. Email password should be different from facebook password (especially if you use your email in accessing facebook).
  2. Use yahoo email just for instant message(YM) purposes only. Use gmail or google apps for my actual email for less spam.
  3. Use a separate email in registering for forums, email groups (yahoogroup/googlegroup). In case my FB account is compromised, my email will still be fine and be able to reset the FB password
  4. DO NOT USE YOUR OFFICE EMAIL IN SIGNING UP IN SOCIAL NETWORKS(FaceBook/Friendster) or eGroups (yahoogroup/googlegroups). If your yahoo group gets compromised, then expect your email to be spammed.
  5. DO NOT CLICK HYPERLINKS IN EMAILS and YM. Yes, unless you are sure it was intentionally sent to you by a trusted source. Here are sample phising messages.


    I received this several times in my email. Click on the image to view larger version


    I kept receiving this phising attack from a malware. Click on the image to view larger version

    If you follow those links, the site will either drop a virus on your computer or ask for your login details.

  6. Choose a secure password(see password policy below)
  7. Do not display/post your email in social networking sites, forums and websites. Email harvester will one day find their way to that website and bombard you with spam emails.
  8. Use updated FireFox or Chrome browser. Ok, some of you may not have a choice because you may be accessing internet via corporate/office network but please DO NOT USE Internet Explorer 6.0
  9. Stay away from logging into your main email/ym in computer shops/public computer.
  10. DO NOT DOWNLOAD FLASH GAMES!!!! Well, it’s very basic but a lot of people still fall into this. Kids who play games online are usual victims here. I know because my nephews and nieces infected their computers. As operating systems and anti-virus become more effective in thwarting attacks, attacking the user is the next most easiest target. Don’t be the weakest link.
  11. Make sure you are logging-in in the correct website. If want to login in facebook, the URL address should be http://facebook.com, not http://ol.wy?http://facebook.com
  12. Install the latest service pack for your OS(take note that malwares can also infect linux and OSX machines)

Passwords

These are few of the rules in creating passwords that I follow.

  1. Must be at least 8 characters
  2. Must have at least 1 capital letter
  3. Must have at least 1 special character (~!@#$%^&*<>{}[]-_+=)
  4. At least 1 number
  5. Must not be your birthday

Sample password (don’t copy!)

  • B@nTay69
  • Gand@M0!
  • T0fu[ka]
  • Pogi@ko1

Additional

  • Licensed anti-virus on Windows machines(AVG/
  • Use linux (ubuntu) as my operating system
  • Use OpenDNS instead of ISP DNS (more on it in future posts)
  • On online banking, I use my PC in the office or my ubuntu netbook/laptop. The reason being is that the corporate network has multiple layers of protection and updated anti-virus

The list is in no way exhaustive. They are pretty generic. But with this list, you’ll keep yourself protected from the majority of the attacks. But what we really need is to keep our COMMON SENSE at all times. Online criminals are out there looking for vulnerability in systems. They’ll keep on finding exploits in our systems.

However, it should not stop you from using the internet. I use ibanking and buying stuffs in the internet in a daily basis. We just need to be vigilant and aware of the security threats.

Comments are closed.

Post Navigation