Do Not Be Reckless with Your Passwords
Negligence over password security is one of the most common mistakes made online.
Do not use a password:
- Containing just one word
- Containing your name or birth date
- Containing your username or account number
- Containing the name of a pet or a family member
- That is one of the most popular passwords online, such as: password, 123456, 11111, or querty
Use a password that:
- Is easy for you to immediately remember
- Is longer than eight characters
- Contains at least one capital letter
- Contains at least one special character (@, #, $, %, etc.)
- Share passwords with friends
- Ask browsers to remember your password
- Write your passwords down and leave them in an easily-accessible place
- Use the same password for every account
- Create passwords around an obscure theme that can be customized for each site
- Create nemonic devices for remembering different passwords to different sites
- Change passwords regularly
Be extra careful with passwords related to:
- Your email
- Your bank account
- Your social media accounts
Should you like more advice on password creation, visit our guide to creating passwords that are both easy to remember and hard for others to crack and peruse ZoneAlarm's infographic to the right (Note: Take its information with a grain of salt; its sources are inadequately cited and therefore dubious; we included it as a fun reference point, nothing more).
Do Not Be Fooled by Fraudulent Emails or Pages
Nearly everyone who has spent significant time online has been fooled, at least once, by a scam. Knowing what to look for and what to avoid can prevent these embarrassing slip-ups from happening (again).
Common characteristics of scam emails include:
- Messages you do not expect
- Messages sent from strangers
- Messages containing attachments
- Messages that claim to be from the IRS
- Messages that do not address you by name
- Messages sent from friends that are off topic or out of character
- Messages asking you to log into your account from a link within the email
- Messages offering quick money (be that money from a stranger or money you supposedly earned, won, or somehow failed to collect)
- Messages that appear to be from a service you use- such as an online store or bank account (they may even use the company's logo in the email)
- Messages asking for personal information, such as bank account numbers, account information, phone numbers, addresses, or social security numbers
- Requests to reply to the email with confidential information (the real businesses scammers impersonate in these emails would not ask you to do this)
- Messages offering links/attachments enabling you to view or download photos/video of things you would be very tempted to see (let's just pretend they're kittens)
- Alarmist messages urging for immediate response containing threats of immediate danger, loss, or suspension
- Requests for help from strangers or supposed family members who urgently need money
- Obvious scams (e.g. Nigerian princes- these scams are intentionally obvious, to spare criminals the wasted time of dealing with those who will not blindly follow directions)
- Text containing multiple grammatical errors
If you get an urgent warning message from your bank or another site to which you belong and you think it is suspicious, visit the page through a known URL (not the email) or call the business directly. By logging into your account or checking with the business in question through some other direct means, you will be able to verify the legitimacy of any message you have received.
If your receive a desperate email from a friend or family member asking for quick money, call them. Doing so can both calm your worried mind and inform your friend that his or her email address has been compromised. Do not donate to causes or people with which you are not familiar.
In a previous lesson, we mentioned Snopes.com as a great resource for verifying dubious information. Snopes is also an excellent resource for researching potential email scams; be sure to take advantage of it.
To check the legitimacy of a sweepstakes or contest, visit the Better Business Bureau's website.
How to Report Email Scams
- Visit the United States Government's Internet Crime Center and file a complaint
- Forward the message to the Federal Trade Commission: email@example.com
- Report IRS-related scams to firstname.lastname@example.org
- Mark the message as spam in your inbox
Common characteristics of fraudulent websites include:
- No "https://" at the beginning of the URL of a login page or page related to payment or banking informatoin (HTTPS is the communications protocol used for secure communications that provides encryption and protects against attacks from third parties)
- URLs containing the name of the company whose website you think you're visiting, but mixed in with other elements (e.g. "http://fraudster.chase.com" or "http://signin.Amazon.email@example.com/" or "http://scamdecoy.@wellsfargo.com" or "http://fakepage-etsy.com/")
- Grammatical errors within the page's text
Do Not Click on Links without Checking Them
While you do not need to worry about links presented on trustworthy mainstream websites, you should be wary of links presented in more obscure forums and personal emails.
By hovering over a button or hyperlinked text with your mouse, you can see the URL of the page to which it leads in the lower left corner of your browser (this may vary a bit from browser to browser). If the link looks suspicious (see the section above for guidance on identifying URLs of fraudulent websites), do not click on it.
Be especially wary of links sent via email, especially if you do not know exactly why the sender included that link in the email.
Watch Out for Dark Patterns
Dark patterns are online interfaces designed to trick you into doing things. Common examples of dark patterns include:
- Bait and switch: When you set out to do something on a website and something else happens instead
- Disguised ads: Advertisements disguised as genuine content or navigational elements
- Faraway bill: Distant and inconvenient-to-access bills that do not prompt you to consider the costs of a given service
- Forced continuity: Commonly manifested in free trials that come to an end and leave you with a bill you never intended to receive
- Forced disclosure: When a website asks for a large amount of personal information in exchange for (typically minimal) value
- Friend spam: When a service uses your social media and email accounts to send promotional posts and messages promoting its brand
- Hidden costs: Not-clearly-disclosed costs that appear at the very end of a purchase flow
- Misdirection: When your attention is intentionally drawn to a certain feature to prevent you from focusing on another detail
- Price comparison misdirection: When sites make it difficult or inconvenient to compare price information
- Privacy Zuckering: When confusing user interfaces lead you to share more information than you would like to share
- Roach motel: When a site makes it easy for you to get into a situation out of which it is very difficult to back out
- Road block: When your progress is blocked by something else appearing on your screen
- Sneak into basket: When additional items are placed into a shopping cart without your intention
- Trick questions: When a site prompts you to answer a quick question that you would probably answer differently when giving it more attention
To learn about dark patterns to watch out for and review examples, visit DarkPatterns.org. The more familiar you become common deceptive patterns, the better equipped you will be to avoid uncomfortable situations (both online and in the physical world).
Do Not Fail to Back Up Your Data
All data storage methods eventually fail. If your important data (photos, documents, etc.) is not backed up in at least one entirely separate place, you are very likely to lose it.
There are countless scenarios in which your data may be lost, including:
- Your computer getting thrown out a window
- Your computer being stolen
- Your accidentally deleting files on your computer
- A piece of software on your computer deleting files you did not intend to delete
- Your hard drive dying
- The online storage service you use experiencing a technical glitch
- The online storage service you use going bankrupt and suddenly closing down
For this reason, we recommend always keeping your information in two locations:
- One online (e.g. Google+ of Flickr for images, Google Drive for files, etc.)
- One offline (e.g. external hard drives kept in a fire safe)
One way to ensure that you do this systematically is to only keep files on your computer that you actively use. Move everything else, on a weekly basis, to external hard drives (while keeping everything very accessible through online storage). This ensures double backup and leaves your actual computer relatively uncluttered.
Do Not Feed the Trolls
Cyber bullying and trolling is commonplace online. While not ideal, negative behavior by others should be viewed as a known and expected occupational hazard.
Most common mistakes made regarding online bullies and trolls is:
- To acknowledge them in any way
- To respond to them in any manner
- To react to troll-like behavior quickly or rashly
- To report behavior that does not clearly violate a specific policy or law
- To report behavior that is outside an authority's jurisdiction (action is out of their power)
Though we know that this is a herculean feat, we urge you to not only publicly ignore the behavior of online bullies, but to not care about it.
A troll is only powerful if you care about what he or she says and does.
Do Not Share Information Online You Don't Want Public
While there is much debate about privacy settings on sites, privacy policies, and the extent to which government agencies (not to mention advertising agencies) can access our private information and communications, common sense dictates that one should not put anything online that one does not want the world to see.
Even when you are using private, secure channels, we recommend adopting the mindset that everything can and will be seen by someone else.
When you put information online:
- That action cannot be undone
- If found by someone else, legally or illegally, it may be shared
- You cannot control how, where, or by whom it is shared
If you do not want something to be known or seen, do not bring it online. If you must share something private online, be sure to be very mindful about the level of encryption you use and the people with whom you share it (not to mention their own security practices).
Note: 99.999% of the Time, People Don't Care About Your Information
While you should be aware that your private information online may by no means be private, you should also keep in mind that in all likelihood, people are not going out of their way to find information on you.
Unless you are some extremely rare exception to this reality (hint: you are not), there is no man poking through your browsing history and sneering. There is no secret government conspiracy to censor your personal political rants. Few, if any people, are concerned about your opinion.
Just be aware that your private online information has the potential to have an audience.
Do Not Forget You Have an Audience
While most people will not be interested in what you are doing online (let us be frank; all we care about is ourselves), it is very important to remember that every person online who publishes something in a public or semi-public area, such as a comment thread or Facebook page, has an audience.
It is a common mistake for people online to forget about the consequences of their actions and the actual needs and desires of their potential audience.
We recommend asking yourself the following questions before posting things online:
- Will this provide the potential audience with something of value (useful information, entertainment, etc.)?
- Will the audience care about what I have to say?
- Do I have something unique to contribute (Am I saying or sharing something that has not already been said or shared countless times)?
- How will this affect my online reputation (Am I going to become known as the weirdo who "likes" everything on Facebook, talks too much about his kids, or always posts self-important diatribes)?
- Does this post leave me vulnerable to legal liability?
- Could this content hurt my future or present career prospects?
Taking time to think about the value you are contributing by posting something online and the manner in which others may react to your work can spare you from a great deal of trouble.
On A Final Note, Don't Delete System 32
This should go without saying, but some old pranks still crop up every now and then.
Our goal is to never charge for the educational materials we provide. If you’d like to give back, please share our lessons (and Gigaverse in general) with your friends. Who knows- you might introduce someone to an entirely new career path and change their life!
Only take this lesson’s quiz if you are enrolled in the course and want to prove your skills and earn official credentials. Credentials related to a course are useful if you would like to find work related to this course’s career, as we direct businesses and entrepreneurs to our membership page when they approach us looking for specialists.
Finally, make sure you have reviewed this lesson’s required reading (displayed at the top right of the page) before taking the quiz- you will be tested on information covered in those guides!