Five Online Security Don'ts for Your Protection


Avoid Scammers by Adding Protection

When it comes to protecting their finances from cybercriminals, most consumers have heard the online security basics before: Avoid entering financial information at a public computer, and don't repeat passwords across multiple sites.

The same experts also warn against using public Wi-Fi hotspots to conduct transactions on your own computer. "You never know who's sitting next to you at Starbucks when you log on to pay your bills or check your bank statement," says Eric Friedberg, co-founder of Stroz Friedberg, a security firm in New York City.

And just to beef up online security, all security experts advise consumers to take advantage of extra layers of protection, such as secondary passwords, security questions or tokens, if their financial institutions offer those services. But as our daily lives grow more intertwined with technology and cybercriminals become more sophisticated, there's always more you can do to make sure you aren't the next victim.

Here's what you need to know for online security 2.0.

Don't Take Social Media Offers at Face Value

For years, scammers have been using email to dupe their victims into sending money or divulging sensitive information. While that's still a problem, scammers are increasingly turning to social networks, such as Facebook, and using your friends against you, says Joe Ferrara, president and CEO of Wombat Security Technologies in Pittsburgh.

"To ensure safe social networking, never connect with anyone you haven't met, verify the identity of new friends and look out for scam messages, even from trusted friends, which could indicate an imposter," Ferrara says.

Spotting an imposter may be tough at first. The message, which can appear as a direct message or a post on your Facebook wall, is designed to look like it came from your friend's profile. A free treat from your favorite store presented by a friend can be a tempting offer, but before you click, Ferrara says you should ask yourself a few questions.

  • Is the offer too good to be true?
  • Is this really something my friend would write?
  • Does the language have awkward phrasing or a lot of typos?

If any of those questions raise a red flag for you, don't click the link. And, if you want to verify the message, try contacting your friend directly about the offer.

Don't Ignore Updates

You may not realize it, but keeping your software up-to-date isn't just a question of adding new features to your programs; it can also be a critical part of protecting yourself online.

"Cybercriminals can get in through holes in unpatched computers," says Marian Merritt, a Los Angeles-based author of "Family Online Safety Guide," written for Symantec, the makers of Norton AntiVirus.

But updating software doesn't just mean making sure you have the latest version of your chosen anti-virus program, Merritt says.

"You also have to keep your computer's operating system and the programs that run on your computer up-to-date," Merritt says. "Don't ignore prompts to update your operating system or applications with critical security fixes."

But when you do update, you need to be careful. If you use a Microsoft operating system, you can safely update through Windows or Microsoft Update, which is a program that comes preinstalled on your computer. Macs have a similar updating program that prompts users when it's time to make an update. For other software programs, experts say it's a good idea to update through the company's website to ensure safety.

Don't Forget to Eye the URL

When you visit a new website, you should always take a moment to scan the site's Uniform Resource Locator, or URL, which is displayed in a bar at the top of your Internet browser. That URL is the address of the website, and online security experts have been warning consumers for years to look out for typos or other irregularities to make sure they really are connecting to a legitimate website and not just a clever imposter.

Most URLs will begin with the familiar "http" before the site's address. News, entertainment and other general interest websites all use this format for their URLs.

But these days, if money is about to change hands or you're asked to share sensitive information such as your Social Security number, it's a good idea to look for a URL with an extra letter, says Andrea Eldridge, CEO and co-founder of Nerds On Call, a computer and electronics repair service based in Redding, Calif.

"Make sure that anytime that you are putting in sensitive information that the Web address starts with 'https' instead of 'http,'" Eldridge says. "That little 's' stands for secure, so the website has to have additional security precautions on the page keeping you safer and a whole lot less likely to have your information stolen."

Don't Assume Mobile Apps Are Safe

For sheer convenience, it's hard to beat the allure of banking with your smartphone. But before you download an app that promises to turn your phone into a wallet, it's a good idea to ask yourself if you're trading convenience for security.

"Smartphone users who want to use mobile banking should only use apps from their financial institution," says Eldridge, who warns third-party apps may not have the same privacy protections as apps offered by your bank.

But Albert Thiel, president of Your Data Center Incorporated, a website hosting and network security company based on Long Island, N.Y., says consumers shouldn't be too quick to adopt mobile banking until there's better security across the board for mobile apps.

"Don't ever use a cellphone to connect to your bank," Thiel says. "(Many of) those apps you have loaded continue to run, even when you exit them," which may put users at risk for having keystrokes and touch screen selections intercepted.

According to Thiel, security on mobile devices will get better as anti-virus and anti-spyware packages evolve, but for now, he cautions, "Just don't do it."

Don't Click on Shortened URLs

If you use Twitter, you're probably familiar with so-called shortened URLs, which are a method for streamlining a link so it can fit in Twitter's 140-character limit. While shortened URLs are handy for sharing information via Twitter, they're also dangerous, according to Gary Bahadur, CEO of Miami-based KRAA Security and author of "Securing the Clicks: Network Security in the Age of Social Media."

Even if you know the person who has posted the link, it's a good idea to proceed with caution. When you see a shortened link "you do not know what the actual Web address is until you click," Bahadur says.

According to Bahadur, scammers often use shortened URLs to lead victims to a malicious software, or "malware," website.

Thankfully, you don't have to skip the links your friends share. But you should take the extra step of expanding the link to see the full address before clicking on it, Bahadur says. But that's not as simple as a mouse click.

Many of the services that provide shortened URLs have stepped up their efforts to guard against scammers, but it's also a good idea to have a tool that allows you to safely open the shortened URL, Bahadur says. can help, but there are others.