No, Bill Gates is not going to give you a free trip to Disney World if you forward this blog post to 100 people. While the Bill Gates thing is clearly fake, the internet is full of mythology and people regularly act on stuff that defies common sense. Unfortunately, even for something as important as online security, people still struggle to separate fact from fiction. Let me see if I can help kill a few popular internet security myths:
- Virus and malware scanners will keep me safe – Partially true – these tools are essential but they won’t catch many of the most modern hacks – bad guys are inventing hacks faster than security firms can stop them
- My computer is running normally so I haven’t been hacked – Not true – modern computers are so fast that they don’t slow down even when they are compromised
- Visiting a malicious site is ok as long as I don’t download anything – Not true – some of the most common hacks occur by simply visiting a rogue or compromised web page
- I can get a virus by simply opening an email – Largely untrue – while it’s theoretically possible, email programs are so locked-down that I’m not aware of any hacks delivered this way. BUT, opening an attachment or clicking on a link in email can be very dangerous and it is the #1 way bad guys will hack your computer.
- Apple computers are more secure than Windows PCs – Partially true but not for long – bad guys focus their attacks on Windows PC’s because there are so many of them. But the security built into Apple Macs isn’t necessarily any better and the growing success of Macs is causing bad guys to target them more and more.
What are the bad guys after?
First and foremost, bad guys do not want to get caught. Their most successful hacks are the ones you never catch or that you really won’t upset you too much. All else being equal, bad guys would rather take a dime from a million people than $100,000 from a single person. Here are a few of the things they might be after
- Your identity – armed with your social security number and other personal information, they can steal your identity to get credit cards and loans using your (previously) good credit
- Your money – while less frequent, bad guys can directly steal your credit card or even your bank account information and get your money. Fortunately for you, banks work hard to prevent this and often cover any losses you might incur.
- Your computer – this is the most common target for attacks. Bad guys can make a decent living using your computer to send spam or as a platform for larger attacks on businesses (and you’ll never know they’re doing it)
- Your email account – bad guys love getting into your email account. My friend was lucky because all they did was send spam from Yahoo. But the bad guys could just as easily used my friend’s inbox to take over nearly all of his online identities. How? All they had to do was go into my friend’s PayPal, online bank and Amazon accounts and clicked “Forgot password”. The password change notices would have shown up in his inbox, the bad guys could have clicked on the messages, and reset all his passwords… giving themselves complete access and leaving my friend locked out.
- Ransomware – increasingly common in the US, bad guys will pose as law enforcement or a security firm and effectively lock you out of your computer and your files until you pay them
I’d love to post any other myths that should to be exposed so please pass them along in the comments section.
Check out my other security posts Read This If You’ve Been Hacked (or Want To Avoid It) and How to Spot Malicious Emails