We spend about a quarter of our lives online, regularly sharing our names, addresses, and credit card information with shopping sites and social networking, and trusting those websites to keep us safe.
But a plethora of data breaches and security fumbles in the news—such as the Cambridge Analytica scandal, DNC email leak, and Yahoo! data breach—have broken the illusion of internet security for many of us. And for every high-profile data breach, there are a growing number of phishing scams, identity theft, and fraudulent charges. In the United States, the number reported of identity thefts doubled from 2019 to 2020.
Is the internet safe?
The dangers of the internet are different than the dangers of the outside world, but no less real. At best, data theft is inconvenient—e.g. when you spot a fraudulent charge right away and have to cancel a compromised credit card; at worst, it can have disastrous personal or financial consequences. Some of the biggest threats to internet security include:
Data breaches. A data breach occurs when hackers gain access to data stored by an online service. The type of data involved could be anything from passwords to credit card information to health records. According to the Pew Research Center, 64% of Americans have been notified of a breach involving their accounts or personal data.
Identity theft. Identity theft occurs when personally identifying data, such as a social security number, is stolen and used for fraudulent purposes such as stealing government benefits. The Federal Trade Commision received 1.4 million reports of identity theft in 2020.
Credit card fraud. Credit card fraud involves the theft of credit card information used to make purchases. According to Pew Research, 41% of Americans have experienced fraudulent credit card charges.
Ransomware. Ransomware is a type of malware (malicious software) that prevents you from accessing your own files. Basically, your data is taken hostage and you must pay a ransom to get it back. In 2020, the FBI’s Internet Crime Complaint Center (IC3) received 2,474 complaints of ransomware with losses totaling over $29.1 million.
Phishing. Phishing is a type of scam that involves emails, texts, or calls from someone pretending to be somebody else—like your bank or internet service provider—in an attempt to obtain your personal information, gain access to an account, or trick you into clicking a link or downloading a file. In 2020, IC3 reported more victims of phishing scams than any other internet crime.
Relationship scams. Relationship scams involve a personal element. The scammer may be someone you met on an online dating site, an internet friend, or someone pretending to be a relative of yours. According to IC3, relationship scams accounted for the most money lost ($600 million in 2020) of any internet crime other than business email compromise.
25 Tips for better internet safety
Online safety requires a multi-pronged approach that takes into account all of your online activities. Here’s how to get started.
We use passwords for everything: online banking, health records, shopping, and phone games. Creating unique passwords for every website and service can be exhausting. If you use variations on the same password for every account, or store your passwords in a note on your phone, you’re not alone—88 percent of Americans don’t use a secure password manager. Unfortunately, this does make you more vulnerable to hacking, since a security breach related to one account could expose all of your accounts. Here’s how to keep your passwords safe:
Download a password manager, like 1Password or LastPass. Password managers offer a more secure way to store your passwords and also suggest strong passwords. Browsers like Safari and Chrome also offer built-in password managers.
Update your passwords. Login to all of your accounts, starting with the most sensitive, like online banking. Using the password generator tool provided by your password manager, create unique, strong passwords for every account. Once you have unique passwords for every account set up, update your passwords whenever you believe an account may have been compromised.
Use two-factor authentication. For critical online accounts like bank accounts, your email and storage accounts, set up two-factor authentication. (You can also set this up for other services if the website or service offers that option.) Two-factor authentication means that, in addition to using a password to log in, you’ll also have to enter a code sent to your phone or email address to confirm your identity. Generally, email or app based two factor authentication is considered more secure than SMS or phone based two factor authentication.
Networks and browsing
You wouldn’t think it, but simply browsing the internet can put you at risk of being hacked. Your risk level depends on a number of factors including the website you visit, the device you use, and even your wifi network. Here’s how to browse safely:
Use trusted devices. Use your own (password-protected) devices whenever possible. If you have to use a public computer, try not to use it to access sensitive information. Use a private browsing mode if possible, and make sure you log out of all accounts and clear the browsing history and cookies before you leave. The same goes for borrowing a friend’s phone or computer—even if you trust your friend, you don’t want to put your data at risk if their device becomes compromised.
Don’t visit unsecure links. Quickly check the url of every new web page you visit: The beginning of the url should read “https://” not “http://”, and you should see a lock icon to the left of the address bar. The “s” in “https://” stands for “secure,” and it means that your connection to the website is encrypted. Make sure you see the “s” or the lock icon on every page, not just the login page.
Keep your software up to date. Software updates might seem disruptive, but they’re often designed to protect against security threats. Set up automatic operating system updates for your computer, phone, and other devices, and make sure to update specific apps as well.
Secure your own wifi network and hotspots. Security starts at home. Change the name and password for your router and wifi network if you haven’t done so already. Make sure you’re using a WPA2 password, and update the password regularly.
Use a virtual private network (VPN). You can use a VPN to protect your data. A VPN provides you with a temporary IP address and encrypts your web browsing activity so that even if a hacker gains access to the public wifi network, they won’t be able to steal your data.
Phishing is an internet scam that involves tricking users into giving away their personal or financial information, usually through emails that look just like ones you may receive from your bank or credit card company, or from familiar retailers. But phishing isn’t limited to email—social media is full of phishing scams, and you’ve probably received phishing texts, as well. Here’s how to avoid them:
Evaluate the message. Phishing scams often convey a sense of urgency: Your account has been hacked! Your payment method is invalid! Your package has been delivered! Your computer has a virus! This is an attempt to create panic, so that you will act quickly, before you notice anything, well, fishy. If a message seems urgent, slow down. Look closely at the sender’s email address. Phishing emails often seem like they’re from legitimate sources, but the sender’s email address may contain misspellings or different domain name. Plug the email or phone number into your search engine to see if it’s actually associated with the company it claims to be from.
Go to the source. If you’re not sure whether an email is legitimate or not, go directly to the source. For example, call your bank directly, and ask if the email is legitimate. Do not click on any suspicious links, download any files, or call/text any phone numbers associated with the potential phishing email.
Report it. If you receive a phishing email directed at your work email address, report it to your IT manager. If you see phishing attempts on social media, you usually have options to report them to the platform, either in-app or on the website.
Use a spam filter. Many email providers offer a spam filter that can automatically send suspicious emails to your junk folder. It won’t stop all phishing emails, but it can reduce your chances of getting scammed.
Back up your data. Often the goal of phishing scams is to find out personal information, but sometimes, it’s to download malicious software—malware—onto your computer. Backing up your data—to an external hard drive, the cloud, or both—won’t prevent malware from getting onto your computer, but it is the best defense against getting locked out of accessing your own data.
Online shopping is one of the most convenient features of the internet, but it’s not without risk. In fact, because shopping requires your payment information, it’s important to only shop on trusted sites. Here’s how to stay safe while shopping online:
Don’t click on suspicious offers. If you see an offer that seems too good to be true, don’t click on it. Instead, go directly to the merchant to verify that the offer is legitimate.
Don’t use debit cards. When it comes to payment methods, choose a third-party payment method (like Google Pay, PayPal, or Apple Pay) or a credit card. While a debit card is linked directly to your bank account, a credit card or third-party payment method offers a layer of protection against fraud.
Don’t give away any more information than is necessary to complete the transaction. If you don’t feel comfortable with the information an online shopping site asks for, don’t share it. It’s simply not worth the risk—there are other stores you can buy from.
Set up notifications for your most important bank and credit card accounts. You can configure most bank / credit card accounts so that you receive notifications by email or SMS when certain conditions (like a transaction that exceeds a large amount) occur. These notifications can allow you to detect and report fraudulent charges quickly.
Monitor your bank statements and credit report. Regularly check your bank and credit card statements, as well as your credit report, for signs of fraud. If you notice anything suspicious, contact your financial institutions immediately and change/cancel your cards.
Assuming a false identity on dating apps and sites—called catfishing—is so easy that there’s a popular TV show about it. Sometimes the consequences are no more than finding out that the person you’re talking to isn’t who they say they were. Other times, catfishers use their dating or social media platforms to trick their victims into sharing sensitive personal information, like passwords or credit card information. People lost more money in 2020 to romance scams than any other type of fraud: a total of $304 million dollars, up 50 percent from the previous year. Here are telltale signs of online dating scams:
They delay or cancel plans to meet up in person. Scammers often profess love early, and then avoid meeting in person. If you’re involved with someone who you can’t meet in person, you may want to ask a trusted outsider to weigh in on the situation.
They ask for money. Whether it’s for a plane ticket to visit you, or technology that allows the two of you to keep talking, online dating scammers will always find a way to ask you for money—and it often seems urgent. Funds are commonly asked for in the form of wire transfers or gift cards. Never send gifts or money to someone you haven’t met in person.
They want to send you money. Online dating scammers will sometimes try to send you money, and then ask for it back. Don’t accept money from someone you haven’t met in person.
Teach your kids about online safety.
Online safety is just as important for kids as it is for adults—if not more. Not only are kids more vulnerable to financial and identity scams, but they’re also at risk of encountering inappropriate and potentially disturbing content. According to a 2020 survey, about 80 percent of American children ages 5 to 11 use a tablet computer, making your child the potential “weak link” in your family’s online safety plan. Here’s how to include them.
Talk to your kids. If your child is old enough to use an internet-enabled device, then they’re old enough to learn about internet safety. Teach your child about the types of information they should never share, such as their birthdate, address, and social security number, and let them know that if they ever feel uncomfortable online, they should talk to you about it.
Use parental controls. Many devices, search engines, browsers, and apps are equipped with parental control settings that can block inappropriate content or prevent kids from making accidental purchases. Parental controls can be a passive way to keep your kids a little bit safer online. If your child uses an iOS device, use this guide to set parental controls. If your child has access to an Android device, here is how to set parental controls on Google Play.
Review apps. Before your children download an app, it’s a good idea to learn as much as you can about it. Look at the screenshots, read the description and reviews, and learn about the developer on their website. If possible, use the app together so that you can see how it works.
Stay present. It can be hard to know if your child is being safe on the internet when you’re distracted by what’s happening on your own device. 68% of parents say they are sometimes distracted by their phones while spending time with their children. To keep young kids safe, supervise their online activity as much as possible.
Ready for a safer, more private internet experience? Try Neeva, the world’s first private, ad-free search engine. We even show you additional information on sensitive search results like health and news, so you can have transparency into what websites you visit. We prevent companies from tracking you online with our privacy protecting extension. Try Neeva for yourself, at neeva.com.