This is just a quick post with a few quick thoughts and reminders on staying safe while you're online. I'm blogging this as a friend on Facebook had a concern that they had been asked to reset their password on Facebook and was having problems as a result.I thought I'd just pass on a few things to remember - hopefully you can just tick them off in your mind, but reminders are always a good thing.
1. If you get an email from someone like eBay or Facebook do not automatically assume that it's from them. It's very easy to spoof email addresses, and while Gmail is pretty good at picking this up and alerting users, not all email packages are as good. Ask yourself if this is common practice for this particular website to contact you in this fashion. If it's not, be doubly on your guard.
2. If there's a link embedded in the email, do NOT click on it. Again, it's really easy to fake this, and simply because you think the link will take you to the site that you expect, it's not necessarily the case. Hover your mouse over the link and check the bottom left hand corner of the browser (if you're using Firefox) and see what the URL actually is.
3. If you do click on a link, even if you think you've gone to eBay, Facebook, PayPal etc, check the URL of the site in the address bar at the top of the screen - if it's not what you're expecting, just close the window down. Scammers will do their level best to ensure that the page they create is as exact a match as possible to the original site, including linking to images from that site.
4. If you are asked for your password details or any other personal information it's unlikely in the extreme that this has come from a legitimate site. Do not provide this information.
5. Even if you are fairly sure that the communication is genuine, open up a new tab or window and type in the URL of the site yourself. It'll only take a few more seconds and is a safer way of working. If there's a problem with your account in any way you'll find out soon enough.
6. If you're going to a secure site such as your bank or PayPal, check the URL to see if it starts with https:// and if there is a padlock symbol that's displayed in the browser (usually bottom right corner).
7. Do not panic! Scammers are banking on the fact that you'll act in haste without thinking things through. However important the email seems to be, however dire the emergency, close the email, get a cup of coffee, talk to a colleague or friend and *think* about the email. Is it really likely that your bank will have contacted you like this? Have they ever done so before?
8. Take a copy of the email, open a new window, go to your bank site, PayPal etc, find the contact details and cut and paste the email you've received into the email and ask if it's genuine. They really won't mind you asking.
9. Do not worry about looking stupid or being an idiot. You'll look a lot more of an idiot if you lose money or your account is hacked.
10. If in doubt at all, change your password on the site. Then change it again a couple of minutes later, just to be sure. Go to the website directly each time. Sure, it's a pain, but it's a lot less of a pain than trying to get your account back.
11. Set up a shadow email account. Ensure that all the email you get sent to your main account is copied and sent onto the second account, though of course, this may not be possible with work emails. That way you'll still have copies of all emails sent to you in case you've deleted them by accident.
Hopefully those few pointers will help keep you safe when you're online. Most importantly, do not panic. Unlike spilling a cup of coffee, matters will not be improved if you act quickly - quite the opposite in fact.