December 19, 2016 By Pamela Cobb 3 min read

Whether hanging stockings, lighting candles on a menorah or gathering for an Airing of Grievances, if you are an IT professional visiting family this season, you will inevitably be asked to fix the family computer, tablet, smartphone or programmable thermostat while you’re there.

As an introvert, I use the hour I might have to spend uninstalling browser toolbars and removing adware to recharge from the intensity of so many people crammed into one place. It’s my own little holiday within a holiday. However, I do wish I could leave my family with a list of things not to do on a computer or tablet.

Fortunately, there’s enough combined internet security brainpower at IBM to create such a list. In fact, we have a handy printable version you can leave with your folks on your next visit.

Online Safety Tips to Fix the Family Computer

At its core, the advice boils down to increasing awareness of your digital surroundings. Here are some examples.

Trust Is Tops

  • Only use trusted apps or software. Download apps directly from trusted app stores such as iTunes and software from well-known sites such as CNet. Be especially careful of apps or software you’ve never heard of or malware posing as legitimate apps. If you’re unsure if an app is legitimate, check the ratings and reviews in the app store. If it’s a major retailer and it only has one review or a low rating, it might be a copycat.
  • Don’t trust every search result. Just because you get dozens of search results for “free golf handicap spreadsheet calculator” doesn’t mean you should download each one to try them all. Office documents and spreadsheets are notorious for hosting malware within embedded macros. If you frequent forums or communities of interest, ask what software others have used.
  • Beware of extras when installing software. Even legitimate software or browser add-ons can be accompanied by malware. Remember that every new app or software you install is a new potential entry point for cybercriminals. Be sure to uncheck extra software options unless you really need them.

Don’t Click That

  • Beware of unexpected emails. IBM X-Force has observed scammers using fraudulent package tracking emails, for example, to spread malware such as Locky ransomware. Be cautious and wary of unsolicited emails.
  • Double-check links. Scrutinize links in emails and social media posts. Hover over the URL to make sure a link directs to a legitimate website before clicking it.

Protect Your Passwords

  • Don’t save your info. Yes, it’s a pain to retype your info every time you want to order something online, but you should never save your password or credit card information in retail or bill payment sites, especially those you don’t frequent.
  • Use a special shopping email address and password. Have a separate email address just for retail websites and create unique passwords for each account. Use a password wallet to store your login credentials.
  • Get creative with password reset questions. When filling out account information, opt for the password reset question that doesn’t involve public information. For example, don’t use your high school mascot, since that could be found online. Instead, pick a subjective question (favorite dessert, favorite song, etc.) and enter answers that only you would know. You can also create unique answers to each question and store them securely in a password wallet.

Control Your Credit Cards

  • Opt for credit over debit cards. Use credit cards instead of debit cards whenever possible. Credit card providers offer protections if your card is compromised and won’t dock your checking account if there’s an issue.
  • Use one-time credit cards. You may want to consider a one-time credit card when buying from a nontrusted or entirely new retailer. That way, you can avoid putting your personal card data at risk.
  • Monitor accounts for unusual activity. Be sure to check your accounts frequently, especially during the holiday shopping season. Visit any of the three credit bureaus — Equifax, Experian or TransUnion — to place a fraud alert or freeze on your credit report or to learn more about credit fraud.

 

 

Have a Happy, Hack-Free Holiday!

I wish my fellow IT professionals luck this holiday season. Personally, I hope I won’t have to fix the family computer again in 2017. I will, however, commit to fixing the adjustable thermostat, since I’m always the coldest one in the house.

If you’d like to learn more about particular attack vectors, check out the many reports available from the IBM X-Force research hub. And don’t forget to print the handy tips list above to leave with your family!

More from X-Force

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today