I just had a birthday this week (thank you). Actually, as somebody who never talks about his birthday I sure got a lot of really nice comments from people — in fact, more than I ever have. Do people like me that much or did they just get a little advance notice on Facebook? I’m betting on the latter.
I think it’s pretty nice that Facebook lets you know about upcoming birthdays. It’s the closest thing we have to the type of crawl that appeared on the lower third of a TV during a video call in the 1985 film Back to the Future. In the movie, the video call listed the caller’s spouse, kids, career, hobbies and more — and I thought it was genius. Anyway, to risk being obvious I feel the need to remind you not to use your birthday or anniversary as a password for anything. I mention it because there have been increasing reports of personal data being stolen because a bad guy found someone’s birthday.
When setting up new accounts and are asked for a security question be sure to choose the one that’s the most difficult to answer — or even better, has a trick answer. Trying your birthday or anniversary is one of the first things a hacker will try to gain access to your accounts. But there’s something even more insidious out there, and something far easier to fall prey to:
Bogus login screens
Phishing with fake login pages have been around for years, but there have been increasing reports that they’re being used more widely — including for major websites including Yahoo and Microsoft. Frighteningly, there’s plenty of tutorials online that show you how to create one. These pages look like the real deal. Some even have a URL that looks close — but isn’t correct. You can tell if a website’s login screen is authentic by always keeping an eye on the URL bar. For example, if you’re signing into Yahoo then make sure the URL looks legitimate. The fake login screens prompt you to enter your username and password, capture the data and will sometimes return an error that looks as if you typed your password in incorrectly and then bounce you back to the real login screen. You would just think you made a typo and try again, this time into the real site.
Bogus social media tools
Hackers are getting more and more creative and are using social media tools in order to get the information they want. We stay on the leading edge of technology with social media, and we know probably better than most how many new social media tools are coming out every day. Hackers have discovered the concept of creating bogus social media tools which are basically just elaborate bogus login screens. Users eager to try out new tools are duped into entering their passwords and smart hackers then try to use those passwords on other real websites to see if they can gain access.
Using Common Sense
As with everything else in this world, your best defense is common sense.
- Use passwords that combine numbers, letters and punctuation
- Never enter your username or password into sites you don’t completely trust
- Always verify the URL in the address bar in your browser
- If you see a fake login page, say something to the true owner
- If are concerned you entered your details in a fake login page change your password immediately
- Use a password manager like LastPass, a recommended plugin for Firefox which can generate complex random alphanumeric passwords and then securely enter them into sites for you. This tool eliminates the worry of entering your data into bogus login pages