March 30, 2020
How to Wash Your Virtual Hands for 20 Seconds
Life has moved online. You may be video chatting for work or surfing for a new gig online. Local restaurants, shops, and theatres are asking you to buy a gift card, create an account with another new password, or download yet another app. Of course, you are extra careful in the physical world, washing your hands and staying home. But since staying connected online is crucial right now it is more critical than ever to practice safe surfing. Once your information is online, removing it is harder than clicking 'unsubscribe'. Unlike your half-listening roommate, the internet's memory is long and enduring - and the hackers' reach is broad and deceptive.
Our goal is to help you prevent and respond to risks and threats online. Join Kanary to stop spammers, hackers, brokers and trolls from abusing your information. And read on for our online hygiene habits that keep your information safe in our new virtual reality:
So you want to stream that movie for free? You click the link sent by your cousin-in-law and immediately see pop-ups. You feel a little uncomfortable, but the movie you're trying to watch was an Oscar winner! The problem is, that site could infect your computer with a virus or malware - and no one wants to deal with a laptop crashing mid-pandemic, or ever. Especially a work computer.
Make sure links are squeaky clean. Some types of malware and computer viruses can move from malicious sites to your browser and local computer if you simply visit the site. Hackers are in high gear trying to get your information and the FBI Cyber Division predicts an unprecedented wave of attacks.
So what do you do? Take 15 seconds to check the link. VirusTotal will tell you if the site's been reported as malicious. Even 1 report of malicious activity is a good reason to find a different way to watch. And if someone sends you the movie file directly? VirusTotal also handles checking files for you too.
Wear Protective Gear
Setting up a Zoom happy hour with 15 of your closest friends? You share your meeting link with your group and might not realize that *anyone* can join. The link gets passed around and a couple unexpected guests jump on the call. Awkward. Especially if they're total randos.
Set up specific meeting rooms for specific events - especially when posting on other platforms like Instagram, Facebook, Google Hangouts, Skype or this cool Norwegian webmeeting company. Use a one time Zoom password and send it to people directly as recommended by the FBI. Bottom line: you can't hire a security guard for Zoom, so stop the crashers by making your settings private or password-protected.
Stay “6 ft” Away
Everyone and their Aunt Karen is online. You might be watching Outlander for the 5th time or just starting to explore the world of Fortnite. You might find calm by watching Youtube videos from the 90s. Whatever your enjoyment, online trackers, cookies, and ads slow down load times and burn through your data and block up your bandwidth.
So what do you do? Use an ad blocker or a private browser to block the ads and trackers that slow things down. We recommend Brave as the leading privacy browser -- and you can privately browse with Tor: “with Tor, your browsing is hidden from your ISP or employer, and your IP address is hidden from the sites you visit.” If you're used to using another browser like Chrome, you can move your bookmarks and plug-ins over to Brave with a few clicks.
Be Aware, Not Alarmist
So finances are tight and the future is uncertain. You might feel better after governments and financial institutions announce plans to suspend loan payments or offer money directly to individuals. Then you get a phone call from someone claiming to be your bank. They ask you to confirm your student loan information.
Or maybe you want to support your friends through this time. Their live-streamed concerts seem trustworthy until someone posts a strange link asking for donations.
So what do you do? The most important eternal advice: never ever give an untrusted and unverified person or site your financial or health information. For donations, verify the person requesting money from you on Venmo or Paypal directly with them via text or call if possible. Read and reread emails, sender addresses, and urls - and if your phone rings, tell 'your bank' you will call them back using the number on your account or card. Tell your insurance or loan company to leave you a message in your secure account. Most transaction or warning notices require more formal communication - and most tasks will not be done via emailed links.
So you now have logins for your virtual yoga studio, your Masterclass account, your Slack channels, Zoom account, DoorDash account and 40 other services. You think, “no big deal to use my cell phone number to verify this service. How bad can reusing this password really be? I just forget them otherwise.” The problem is the yoga studio website might not be keeping your information private - by accident.
What happens if they leak your information?
Your phone number and email is posted in multiple places, and used freely in minutes by hundreds of scammers and advertisers. Some of the obnoxious spam is blocked but some of it trickles through cluttering your inbox and messages.
The accounts you used that same password and email on are now open to hackers - like your bank or your Instagram. They take over your social media account and send spam messages to your friends. Worse, they collect sensitive information and use it against you. Just ask Jeff Bezos what that's like. But you don't have billions to rest on - especially not if the hackers clear your bank account.
So what do you do?
Use a password manager, never reuse passwords, and use a designated 'spam' phone number and email for non-essential apps. If your password manager generates passwords for you, great! If not, experts recommend using a Passphrase instead; a phrase of 5+ words that are memorable for you but are hard to guess... 'Sparkly-Strawberry-Intergalactic-Corona-Beer'.
There are hundreds of password managers to choose from. OnePassword has a free trial and a ton of privacy-protecting features. Otherwise, Brave and Chrome have free managers in their browsers. Apple products have a password manager in Settings > Passwords & Accounts.
For setting up non-essential emails and phone numbers, Google is your friend. Google Voice lets you set up a phone number for free. And Gmail makes it easy to set up an 'spam' email. If you want to get fancy quickly, you can use a service like TempMail to generate a temporary email address to sign up for one time events or services.
Get Organized and Stay Cautious
Start by taking 5 minutes to create a list of your essential and non-essential accounts. This should take you ~5 minutes. Just get started and see how many you can list - 100% coverage or accuracy not necessary. You can add accounts to your list later or gather them in your password manager.
Looking for some help? Kanary scans the internet for any sites that match your email and username. For free! Look at your essential accounts. Make sure you have strong and unique passwords for each one. See 'Protect Yourself' above for tips.
For the non-essential accounts, delete the old ones and outdated ones. Delete your Pandora account since you switched to Spotify years ago. Email your high school and ask them to remove an article about you. Submit an opt-out request to YellowPages so they stop selling your address and phone numbers. Removing information can take time and feel overwhelming but it does help keep your information private and secure. Kanary is here to help with removals at the click of a button too.
Stay safe in your physical and virtual worlds.