December 19, 2016 By Pamela Cobb 3 min read

Whether hanging stockings, lighting candles on a menorah or gathering for an Airing of Grievances, if you are an IT professional visiting family this season, you will inevitably be asked to fix the family computer, tablet, smartphone or programmable thermostat while you’re there.

As an introvert, I use the hour I might have to spend uninstalling browser toolbars and removing adware to recharge from the intensity of so many people crammed into one place. It’s my own little holiday within a holiday. However, I do wish I could leave my family with a list of things not to do on a computer or tablet.

Fortunately, there’s enough combined internet security brainpower at IBM to create such a list. In fact, we have a handy printable version you can leave with your folks on your next visit.

Online Safety Tips to Fix the Family Computer

At its core, the advice boils down to increasing awareness of your digital surroundings. Here are some examples.

Trust Is Tops

  • Only use trusted apps or software. Download apps directly from trusted app stores such as iTunes and software from well-known sites such as CNet. Be especially careful of apps or software you’ve never heard of or malware posing as legitimate apps. If you’re unsure if an app is legitimate, check the ratings and reviews in the app store. If it’s a major retailer and it only has one review or a low rating, it might be a copycat.
  • Don’t trust every search result. Just because you get dozens of search results for “free golf handicap spreadsheet calculator” doesn’t mean you should download each one to try them all. Office documents and spreadsheets are notorious for hosting malware within embedded macros. If you frequent forums or communities of interest, ask what software others have used.
  • Beware of extras when installing software. Even legitimate software or browser add-ons can be accompanied by malware. Remember that every new app or software you install is a new potential entry point for cybercriminals. Be sure to uncheck extra software options unless you really need them.

Don’t Click That

  • Beware of unexpected emails. IBM X-Force has observed scammers using fraudulent package tracking emails, for example, to spread malware such as Locky ransomware. Be cautious and wary of unsolicited emails.
  • Double-check links. Scrutinize links in emails and social media posts. Hover over the URL to make sure a link directs to a legitimate website before clicking it.

Protect Your Passwords

  • Don’t save your info. Yes, it’s a pain to retype your info every time you want to order something online, but you should never save your password or credit card information in retail or bill payment sites, especially those you don’t frequent.
  • Use a special shopping email address and password. Have a separate email address just for retail websites and create unique passwords for each account. Use a password wallet to store your login credentials.
  • Get creative with password reset questions. When filling out account information, opt for the password reset question that doesn’t involve public information. For example, don’t use your high school mascot, since that could be found online. Instead, pick a subjective question (favorite dessert, favorite song, etc.) and enter answers that only you would know. You can also create unique answers to each question and store them securely in a password wallet.

Control Your Credit Cards

  • Opt for credit over debit cards. Use credit cards instead of debit cards whenever possible. Credit card providers offer protections if your card is compromised and won’t dock your checking account if there’s an issue.
  • Use one-time credit cards. You may want to consider a one-time credit card when buying from a nontrusted or entirely new retailer. That way, you can avoid putting your personal card data at risk.
  • Monitor accounts for unusual activity. Be sure to check your accounts frequently, especially during the holiday shopping season. Visit any of the three credit bureaus — Equifax, Experian or TransUnion — to place a fraud alert or freeze on your credit report or to learn more about credit fraud.



Have a Happy, Hack-Free Holiday!

I wish my fellow IT professionals luck this holiday season. Personally, I hope I won’t have to fix the family computer again in 2017. I will, however, commit to fixing the adjustable thermostat, since I’m always the coldest one in the house.

If you’d like to learn more about particular attack vectors, check out the many reports available from the IBM X-Force research hub. And don’t forget to print the handy tips list above to leave with your family!

More from X-Force

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

X-Force discovers new vulnerabilities in smart treadmill

7 min read - This research was made possible thanks to contributions from Joshua Merrill. Smart gym equipment is seeing rapid growth in the fitness industry, enabling users to follow customized workouts, stream entertainment on the built-in display, and conveniently track their progress. With the multitude of features available on these internet-connected machines, a group of researchers at IBM X-Force Red considered whether user data was secure and, more importantly, whether there was any risk to the physical safety of users. One of the most…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today