The following is a summary of questions asked by Sirs at Alan Baker’s August 16, 2024 presentation on avoiding internet fraud.
Phone Calls and Phone Numbers
Can scammers use legitimate-looking phone numbers to make calls?
Scammers use “spoofing” to make their calls look like they’re from trusted phone numbers. This tricks you into answering, thinking the call is genuine.
Can a recording of my voice be misused in phone scams?
Scammers can record your voice during a phishing call and use it to impersonate you later, especially with voice-activated systems. Avoid saying “Yes” or giving out personal information on unknown calls.
Should I verify the phone number included in an email?
Never trust the phone numbers in suspicious emails. Instead, visit the company’s official website and use the contact information listed there. This helps you avoid calling a scammer’s number.
Passwords and Password Managers
Is it safe to store passwords in a spreadsheet, a Word document, or Notes app?
Those apps are not designed for storing passwords securely. For better security, use a dedicated password manager.
How safe is storing my passwords in web browsers like Firefox and Chrome?
Web browsers can save your passwords securely only if you use a master password that locks your saved information. Using a dedicated password manager offers stronger protection.
Is it OK to use a password generator?
Yes, online password generators are useful, but the password generators included with password managers are even better. They generate strong, passwords or pass-phrases and store them securely, which helps prevent using weak or repeated passwords.
Are pass-phrases as good as random passwords?
Pass-phrases are as effective as random passwords if they are long and unique. And they are easier to type.
What are the best practices for storing passwords, especially for shared access (e.g., between spouses)?
Use a password manager to store and share passwords securely. Make sure your spouse or trusted person has access to the master password or recovery options in case of an emergency.
How do password managers work with websites?
Password managers securely store your passwords. Once you unlock the password manager with its master password, it can automatically fill in your login details on websites.
What are the best practices for securing passwords and notes on smartphones?
Use a password manager to store passwords and sensitive notes. Also, ensure that your smartphone is locked with a strong passcode.
Two-factor authentication (2FA)
What is two-factor authentication and which methods are best?
Two-factor authentication (2FA) adds extra security when logging in. It requires a second form of verification, like a code sent to your phone. You can enable 2FA in the security settings of most online accounts. An authentication app that generates a unique code is more secure than a text message. A hardware security key is even more secure.
What are hardware security keys and how do they work?
Hardware security keys are physical devices that generate unique codes for logging into websites. They offer stronger protection than other 2FA methods because the key must be physically present to log in.
What are the risks and benefits of using biometric security like fingerprint or facial recognition?
These are convenient and generally secure, but not perfect. There’s a small risk that someone with a similar fingerprint or face could unlock your device.
General
Is encrypting a computer’s disk useful?
Disk encryption requires a password to gain local access to your disk. It does not protect your data that is stored elsewhere, e.g. cloud services.
Can WordPress plugins help reduce exposure to hackers?
Plugins like Wordfence and Sucuri provide features like firewalls and malware scanning. However, these are not a replacement for website security best practices.
How does Google Search compare with DuckDuckGo in terms of privacy protection?
DuckDuckGo is more focused on privacy than Google. It doesn’t track your searches or store personal data, making it a better option if you’re concerned about privacy.
What should I do if I receive an alert about my information being on the Dark Web?
Change the affected password immediately. Make sure you haven’t use the password for multiple websites.
Should I respond to unsolicited text messages, calls, or emails?
Do not reply to unsolicited texts, calls, or emails, especially if they ask for personal information. Block the phone number and report it as spam if possible. Do not unsubscribe to emails from unknown senders–they will not unsubscribe you and they will add your email address to more spam lists.
Should I freeze my credit information at the credit bureaus?
Yes, freezing your credit is a good practice, but use only official websites or phone numbers of credit bureaus to freeze your credit. Do not share your Social Security number unless you are sure you are contacting a real credit bureau. This article explains how to freeze your credit.
Can a sender’s email address be faked?
Yes, scammers can fake the “From” address or “Reply-To” address in an email to make it appear to be from someone you know or a legitimate company. This is called email spoofing. Email systems don’t always check if the sender’s address is real, so it’s easy for scammers to do this.
What should I do if someone I don’t know sends me money via Zelle or other P2P bank application?
If you receive money from someone you don’t know on Zelle, contact your bank right away. It could be part of a scam, so do not send the money back or respond to the sender. Zelle payments cannot be reversed once sent. Only use Zelle to send money to people you know and trust.