We live in a wonderful world, an amazing time with infinite possibilities. Writers have more power than ever before in the whole of human history. Many of us are explorers in a New World, charting unknown territories in a realm with no boundaries. The Digital World has no limits, because its genesis is human imagination and human art, which also has no limits. What the mind can believe, technology can achieve.
Every new territory comes with the splendors never seen, the resources never tapped, the powers never before harnessed. All of this is wonderful, but I wish all art was beautiful. All art is human and all art has intent, but some intent is, well, evil. Some art qualifies as a dark art. Its intent is to steal, to create havoc, to harm.
They are called con artists for good reason.
I don’t understand these individuals, and I suppose the nature of evil is for the psychologists and theologians to debate. I can’t explain why there are those in this world who will hurt people they’ve never met or steal with no concern to what devastation they might create. But, these crooks are there, they are a real threat, and I’m here today to help you guard against attacks.
Hey, I may be a Lamb, but I’m no sheep 😉
Not only am I going to offer tools to keep you as safe as possible, but I am also going to give ways we can look out for each other and for those who might not know better. There are digital sheep, digital wolves, but today I want to train you guys to be digital sheepdogs. We aren’t passive, but we are protective and we are on guard to protect those around us.
Mom, I’m happy you’re on FB, but please stop talking to the “nice man from the bank in Nigeria.”
Hackers and Phishers Use Emotion
One common tactic used by hackers and phishers, is they seek to get us upset. If they can scare us or momentarily panic us, we are far more likely to part with sensitive information without thinking.
This past Friday, I received an automated phone call from Sprint. The computer asked for me to press 1 if I was the person with the Sprint account ending in blah blah blah. The computer voice gave a number (supposedly the ending 4 digits on my account number), but how many of us are running around with our account numbers memorized? Most of us aren’t and the bad guys are counting on that. They bluff.
So then the computer tells me that some recent changes have been made to my account and that this call was to verify that I was the one who made the changes.
See how they want to get me upset?
They want me to think Oh no! Someone has hacked my account! I need to get to the bottom of this RIGHT NOW!
The next question the computerized voice asked was the red flag. It wanted me to punch in the billing zip code for the credit card my phone bill was registered under so they could verify I was the holder of the account and help me get the problems sorted.
Yeah, uh no.
Companies Will NOT Call YOU and Ask for What They Already Know
If I’d had any doubts this was a hacker before, all doubts evaporated. Any time a company you do business with calls you, they will NEVER ask for sensitive information that they can call up with a few keystrokes. Yes, they will ask for it when we call them because they are verifying we are not phishers.
BUT, if MasterCard or American Express or Sprint or AT&T CALLS YOU, they will already have that information and will never ask for it. If they do, hang up and CALL THEM to make sure who you are talking to.
Alert Those in the Know
This is what I did. I hung up, called Sprint and asked if recent changes had been made. Of course, there hadn’t been. So at this point I gave the folks at Sprint the phone number where I received the call and turned the problem over to them. Someone might have already hacked their accounts. They needed to make sure no one had breached their firewalls, and that, if there had been a breach, that it was contained and sealed and the threat eliminated.
I was being a sheepdog. Sheep either get eaten by wolves (hand over account information) or they go back to munching grass (playing Farmville). Digital sheepdogs go alert those in charge that wolves are sniffing the perimeter.
Sprint might have been fine and this was just a random attack. Ah, but if Chinese spies can hack into the major oil companies and defense companies, there is no reason that programming cannot be easily adapted as malware that could have infected Sprint. Sprint (or any company) can’t fight the problem until they know there is a problem.
If someone is a suspected bot on Twitter, we should block and report them. If they try to phish our account, we need to report them. If we get odd e-mails that seem like phishing on Facebook, we must report it.
Digital Wolves WILL Wear Digital Sheep Clothing
So thieves will try to upset you. This will get you to react and hand over sensitive information. One of the ways they can get this reaction is by posing as an authority. For instance, I had this pop up on my Facebook:
Now, 99% of the time I am multitasking and have a toddler trying to scale the back of my head like the Matterhorn. Do you see how EASY it would be to catch me off guard and hack my account? Looks official…but look closer.
See how they tried to embarrass and upset me? These creeps know that most of us are good and decent and follow the rules. We were the kids who would have cried if we were threatened with a visit to the Principal. These trolls use what is good an noble about us to attack us. They will use our respect for authority against us if we let them.
I have also had a pop up appear when I went to get on Tweet Deck. The pop up from “Tweet Deck Security” was there to inform me me that my account had been suspended for suspicious spamming activity, but that they were sure it was all a misunderstanding. If I just typed in my password, they would make sure everything was sorted and my account would be unlocked.
I closed the window, logged out and logged back in. My account was fine. This was an attack.
If They Can’t Bait You with Bosses, They’ll Bait You with Buddies
Another common ploy is to come disguised as our “friends.”
friend phisher will send a DM (direct message) about rumors about you or a nasty review or wild pictures and a link. The hacker is disguised as a fellow member of the herd. Baaaahhhhhh. Someone is saying baaaaaad things about you.
“I’m your friend so I am discreetly telling you so you can go tell them what for.”
No, they are a hacker, and, if you hit that link, your computer is toast. Malware will be all over you like fleas on sheep.
If you get a DM like this, be a sheepdog. Look out for your peeps. Tell them you are getting strange messages and alert them to change their passwords (Something more than seven digits with a number is a good choice). DM them back, but even if you can’t? No one will mind a, “Hey, I tried to DM you but I can’t. You might want to change your password. Getting weird DMs from you.”
This Also Applies to E-Mail
If you get an e-mail from a friend and there is only a link, DO NOT CLICK. If they write a message that seems out of character, DO NOT CLICK. REPLY ALL and alert everyone on the e-mail that this is likely a phisher and tell the sender to change her password immediately. Put in the subject line Re: THIS IS A PHISHER!!! DO NOT CLICK THE LINK!!!
Either the sender will come back and verify he really did send just a link; it was for a dancing squirrel and he hit “send” before he typed a message OR he can change his password and keep hackers from getting in any deeper.
If a friend e-mails for help because she is stranded (and you are unsure if this is really the person), feel free to e-mail back and tell the friend to call you. Since you are friends, then she should have your number.
DO NOT Forward on Cutesy E-Mails
Ever get those messages with a picture of an angel and you have to send to 25 friends in the next ten minutes if you want a miracle…but if you don’t forward the message the note promises that you will be hit with some form of bad luck? DO NOT PASS THESE ON. Hackers use these types of messages to get a hold of addresses.
How else could that cousin in Uganda who wants to will you a million dollars find you?
If you do get some really cute story in your e-mail and you REALLY want to pass it on, just copy and paste into a new e-mail. Hackers already don’t work for a living, why make their life on Easy Street easy?
Play Games at Your own Risk
There are all kinds of games on Facebook. We can join causes or keep up with high school peeps, but often it requires granting permission to an application to have access to our information. Not all of this is nefarious, since if I am an application that wants to connect alumni, I need that information.
But these applications are gateways for hackers and phishers, too. I don’t play games like Farmville for that reason (frankly, it’s also because I don’t have time). But any of those games are a risk, so be alert and don’t just grant access to anyone. I rarely join ANYTHING that wants access to my account information, even if it will make life easier.
We have to do the cost-benefit analysis. Sure we can have fun, or an ease of access….but we can also grant fun and ease of access to thieves.
Don’t Use Tweet Validation Services and DO NOT FOLLOW People Who do
I don’t like any service that directs people to an outside page. Anything that directs us off Twitter is vulnerable and can be hijacked. We could be redirected to a copycat site that is there to capture information.
We don’t need validation services. It is not THAT hard to unfollow bots. If someone follows us then they spam us, it takes two clicks to report and block them.
If I follow someone and I get A DM that I need to click a link to prove I’m a real person? I move on. That is a good way to get hacked. And, since I don’t like people making me vulnerable to attack, I just make it my policy to not open any of YOU to attack.
It’s being a good TweepDog.
So to sum up:
1. Never give information to any unconfirmed source.
2. If a message upsets you, calm down before giving any information. Thieves want us reactive. Remain CALM AND PROACTIVE.
3. Never click on any outside link. Ignore validation services. There are plenty of people who won’t make you jump through hoops and open you up to viruses who will befriend you.
4. USB drives are classic tools for getting malware through a firewall. If you don’t trust where a drive came from, don’t insert it into your computer.
5. Always report any attempts to gain access to your information or accounts.
6. Keep an eye out for friends, family and members of your network. Alert them if it seems their account has been compromised.
7. Do NOT use any outside validation services. This opens those in your network to hackers.
Social media is, above all else, SOCIAL. It is far easier to relax and have a good time if we aren’t having our bank accounts emptied. Remember, they call those people con artists for a reason. They will be cunning, clever and quick…but we can be educated and work together.
Please post this blog to your networks, send it to friends and family so they know how to stay safer. The more educated we all are, the safer we are. Together we are stronger.
Have you ever been hacked or phished? What did you do? How did it make you feel? I know I don’t know everything, so what are some tips YOU guys would recommend? I know there are some computer geniuses in my following. Help us out. What are some more ways we can stay safe? How can we better look out for one another?
I LOVE hearing from you!
And to prove it and show my love, for the month of April, everyone who leaves a comment I will put your name in a hat. If you comment and link back to my blog on your blog, you get your name in the hat twice. If you leave a comment, and link back to my blog, and mention my book We Are Not Alone in your blog…you get your name in the hat THREE times. What do you win? The unvarnished truth from yours truly.
I will pick a winner every week for a critique of your first five pages. At the end of April I will pick a winner for the grand prize. A free critique from me on the first 15 pages of your novel. Good luck!
I also hope you pick up copies of my best-selling books We Are Not Alone–The Writer’s Guide to Social Media and Are You There, Blog? It’s Me, Writer . And both are recommended by the hottest agents and biggest authors in the biz. My methods teach you how to make building your author platform FUN. Build a platform and still have time left to write great books.