We’ve all either seen it happen to someone, or had it happen to us.
You open up Facebook one day, and there’s a message from someone you know. “OMG Stewart! This video of you has gotten so many views” with a link to a video, hosted somewhere trying to act like it’s YouTube.
Chances are they didn’t actually send that message. More than likely, you’re not in that video at all.
What’s more likely, is that your friend, or you, has had your Facebook login credentials stolen somehow. The most common way this happens is from another site having their database hacked, and you used the same login details there.
This page contains some tips on preventing this from happening to you. This list is by no means comprehensive or bulletproof, but these instructions are a good starting place to get your cyber-presence started.
Have you been pwned?
Let’s start off with finding how badly you’ve been pwned. (And by that I mean, what sites have been hacked and had your details leaked)
There’s a number of sites that look at this, but the one that a large number of people use and trust is Have I Been Pwned by Troy Hunt. Simply enter your email and find get a list of websites that have had their data leaked, and your data was included in there. If you subscribe you’ll get notified of any new data breaches that get entered. Obviously that list isn’t going to be every site that’s ever had their data leaked, but it’s a good collection.
Clean up your computer!
Malware comes in many shapes and forms these days. The old days of just having to worry about a virus are long gone. Viruses, as they used to be found, are quite rare. Ransomware is the big one, with Trojans and Key loggers being common as well. Malware Bytes is a great tool that can be utilised to get rid of any Malware that’s found it’s way onto your computer. It works for Mac and PC, and while you CAN pay for it, you don’t need to, the free version is amazing.
And yes I did say “Mac and PC” – Macs CAN and DO get viruses. (Just a lot less frequently than PCs, for a number of reasons)
With saying this, the best way to clean everything is to do a complete re-install of your operating system and start from scratch. Depending on your computer skills this may require a visit from a technician to do for you, but it’s sometimes the only way to deal with something.
I will also quickly make a mention of Ransomware.
Most Anti-Malware solutions don’t come with comprehensive anti-ransomware protection right now. Some have certain levels of protection, but nothing is as comprehensive in this field as others just yet. If you’ve been backing up your data, simply re-installing your operating system is often the best way of dealing with this, although there are a number of decryption tools available. Keeping your computer up-to-date is one of the best defences against this.
Backup your data
This isn’t exactly a “Security” thing, but as mentioned above it’s a good idea to do this for other reasons. To keep this short, I’m just going to link to this article from PC Mag.
Preventing malware
Malware Bytes is a great way of removing Malware. But prevention is always the best medicine.
A lot of preventing malware is simple things you can do.
- Don’t open attachments from emails you weren’t expecting
- Don’t follow links like the one mentioned at the start of the article
- Don’t plug in random USB’s to your computer
- Don’t plug your phone into random USB ports (including public charging ports!)
- Install an Ad Blocker
The last one may come as a surprise to some people, especially as I run ads on my own site. I’ve placed a certain level of trust in Google, who I use to serve ads, that they won’t serve malicious content to my readers. Other ad networks, I wouldn’t trust as much, detailed below. Another benefit is privacy. Ad networks like to track your browsing habits, so if you’re privacy conscious running an ad blocker can help there too.
Unfortunately, these days a lot of sites are starting to implement systems to block people from accessing their site if you’re running an ad blocker. Those sites aren’t worth your traffic. I would suggest hitting your “Back” button, and find whatever you’re looking for on another site. Even if it’s the site of a larger and more reputable company, they don’t directly control their ads. A great example of this was Forbes back in 2016. A quick summary… Forbes forced people to turn off adblockers to view their site, and then a lot of their visitors got infected with Malware from the ads on Forbe’s site. Here’s another article talking about it too.
This section’s gotten quite long, but I felt the need to explain why you need an adblocker before I go onto listing different adblockers.
I have been a long term user of AdBlock plus for a number of years, and you can get it here. The ability to subscribe to different ‘lists’ and enable/disable it for sites trust is nice. Add onto that they have an ‘acceptable ads‘ program allows sites who follow certain guidelines still have their ads displayed, but those that are horrible get blocked. This is of course something you can opt-out of if you simply want to block all ads.
A large number of people dislike AdBlock for various reasons, either they don’t like the idea of “acceptable ads” or they want to use a more “free” tool. Those people tend to use uBlock Origin. There are also claims that it’s less resource intensive, but I have yet to test these claims out.
Secure your accounts
The final step is ensuring your accounts are secure. Which accounts? All of them. Facebook, Gmail, banking, twitter, instagram etc. This comes in two parts.
Use a password Manager
Using a password manager helps allow you to generate secure, and unique passwords amongst the different websites. Having unique passwords is a MUST. If someone gets your Facebook password, that’s one thing. But if you use the same password for your internet banking as well, that’s an issue! Our brains aren’t designed to be good at remember different passwords, and to end up using truly unique passwords is practically impossible.
There’s a number of different managers out there. I use LastPass for this myself. LastPass is free, and lets your sync your passwords among multiple devices, including your Android and iOS devices, and for certain websites it can even automatically change your passwords with a single click!
Other managers include:
They all have their different Pros and Cons. Pick one that you’re comfortable with!
2FA/2SV/MFA
The final thing, is to enable what is known as 2FA or 2SV or even MFA. There is a technical difference between the terms, but most places just call it 2FA, even if it’s just 2SV and that’s fine for the most part.
Basically, using one of these systems a person needs more than just your Username and Password to be able to login. There are many different ways of implementing this across the internet, and different sites do it differently. This website though contains a rather comprehensive list of instructions on how to enable it on most commonly used websites.
Final Thoughts
Now that you’ve hopefully done all that, you’ve taken your first steps in being secure online. There’s always more to be done by yourself, site admins and app developers, but hopefully this guide has helped you get a head start.