Day 10

Using Proper Internet Hygiene


DAY 10: Using Proper Internet Hygiene

Welcome to Day 10 of my 30 day security challenge, the month long challenge I created to help you gain control of your privacy and security online. You can follow along with the security challenge via my blog at, where you can skip ahead or download a checklist of the challenge. Each video will also be curated into a playlist so it'll be easy to follow along from Day 1 all the way through 30 here on Youtube.

Today let's chat about using proper internet hygiene. What does that mean? You go to the dentist and they ask if you're using proper oral hygiene to take care of your teeth. Floss. Brush. Get cleanings. Same thing can be said for the internet. We use it everyday, and you wanna make sure you're taking care to protect yourself as you do. Floss. Brush. Clean.

If you've followed along so far, you've already made some positive changes to your online security and privacy. But these changes won't matter if you don't use techniques that folks like me now use naturally. Repeating an action creates a habit, and overtime, these pointers will become habit for you if you keep them in mind when browsing the web.

First stop: clicking links. Everything on the web has an address, and to get to that address, we use hyperlinks. Sometimes, attackers use clickbait to get a user to go to a site that's made specifically to steal data. Clickbait is common on social network platforms. It's made to tease you into clicking and reading more, BECAUSE YOU JUST HAVE TO KNOW WHAT HAPPENS NEXT! Clickbait is built to bring up an emotional response by a user. I see this so often on Facebook. Someone will post an image with a link that's titled "this dogs owner was trapped in a car, you won't believe what he did!" When a user clicks on that link and gets directed to loading new content, the new site might ask them for more info upfront to finish reading, or it might just collect data in the background. Some browsers have gotten better about detecting suspicious sites, but don't depend on them to catch 100% of the sites. How do you detecting these sites? Do they raise an emotional response from you? Does it seem to good to be true, like a random Twitter account saying "click here for a free iPad!"? When you hover over the link, does it show a weird address at the bottom of your browser? If you do click it, does your browser say "WARNING! Certificate invalid!" Or something similar? If you click on the site, do you see a red unlocked padlock in your browser window? These can all be signs of malicious sites. PS: I will also be discussing this in relation to email later on into the challenge.

Next, if a site asks you to store data, DONT! Shopping sites do this. If you order stuff online all the time, don't store your address or credit card data on the website. Some sites do store your personal data or force you to have a credit card on file to shop their site. If that's the case, either use a gift card or temporary visa or mastercard (you can buy these at CVS and Walgreens) or try to checkout as a guest instead. Here's the thing: when you store your credit card and address on a website, you don't know how they are protecting that information. Is it encrypted? Who in their company has access to that info? If they got hacked, would someone have your credit card details in plain easily readable text? Try to go the sites you shop at and delete what data you can.

Use different passwords everywhere. If you want to wait on this part for a few days, that's perfectly fine. I'm gonna show you a really easy way to have different passwords on all sites and only need to remember one with a password manager in a few days. Basically, this is the same as above. You don't know how a site is storing your passwords, so if they got hacked and your password leaked, you don't want someone using your password and re-trying it on say Keep the aftermath of a hack to the minimal by using different passwords on all sites.

Trust no one. TNO. Assume all websites you visit are hackable. You can still browse, but think before you type something into a site.

The next technique is social network specific. Ever go through your "likes" or "friends" or even "pages" you've liked on Facebook and found something unfamiliar? You may just think "huh, I must've forgotten who that is. Or huh, I musta forgot when I liked that page. I don't like it anymore so I'll unfollow it."

Okay, human memory is terrible - that's just plain science. But it could be something more malicious. Attackers use social media to phish information out of unsuspecting users. It's hella easy on social networks because we overshare and are trusting. So that's where attackers focus their time and energy. Unless you're into exercise why take the long route when you can get to where you're going with a straight shot? Same thing. So an attackers may create an account on Instagram, Twitter, Facebook, wherever and call it some incredibly popular company name. I'll use Disney as an example, because I've seen scammers use their name before. On this new profile page, they might post an image that says "HUGE DISNEY GIVEAWAY! 100 FREE CRUISE PASSES! LIKE COMMENT AND TAG A FRIEND FOR YOUR CHANCE TO WIN!" Worth a shot, right? No. It's not.

Red flags: 1) spelling errors. Would a big company not hire a copyright editor for a giveaway? Duh. 2) no Verified check mark. Verified check mark appear next to company names on social media to prove that company is the legitimate, company owned account. No check mark? Search for that same company on the social network. I betcha they already have a verified account. This one is a fake. 3) no giveaway legal page. All giveaways have to have a legal page with the rules of the contest or giveaway. Not there? It's fake.

What do these scammers get out of it? Chances are they're gonna ask for your data to potentially sell to third parties, advertisers, or other hackers. OR they could wait til they've amassed a huge amount of followers, then overnight, change the entire page to reflect a completely different company. This is shady, but it's a thing. So going back to the whole "I musta forgot I liked that page" thing. Yeah. Maybe you thought you were liking the "free Disney cruise" Facebook page, but overnight it was changed to "random dudes car dealership in ohio" or something random. You see a page like this? Report it. Same goes for random friend requests. No mutual friends? Unfamiliar name? No image on their profile pic? Unfriend.

So basically, I could wrap up today with this: Use skepticism. The internet can be a beautiful place full of culture, art, and education. But if it looks to good to be true, it probably is. Go to the source of info before assuming that you can trust everything on the web.

Day 10 is done! Tomorrow I'll chat about some of my favorite smartphone apps that are privacy conscious. But first, make sure to subscribe on youtube and hit up for the downloadable checklist and to skip ahead on the 30 day security challenge. Again, I'm Shannon Morse and I'll see you tomorrow for day 11!