During this week’s school board meeting, while technology director Barrett Bush was discussing data security and internet safety, my phone vibrated.
When I looked at it later, what I saw was a phishing text message. Phishing, for those of you who aren’t tech inclined, is the practice of sending out emails or text messages with compelling offers that sound too good to be true, or with notices about your account with a bank or a vendor. The name comes from the act of “fishing” for personal details, like bank account numbers, and they often include links that direct you to a look-alike site where you’ll be prompted to login, inadvertently sharing your account info. Other links may direct you to sites that will infect your device with a virus if you click on them.
This one, as phishing attempts go, wasn’t very sophisticated. It came from a generic “your bank account security” sender – that didn’t even include the name of my actual bank – and came from an out of state area code. Since I bank with a local bank, I knew right away that it wasn’t actually from them and deleted it. But I’ve seen much more sophisticated and convincing phishing attempts – ones that use corporate graphics and hide their actual sending address behind a sort of digital facade that can only be revealed when you look at the sender details in your email inbox.
If you aren’t careful, it could be easy to fall prey to one of those phishing schemes. Or something much worse.
We live in a world where we leave a huge digital footprint with our everyday activities. Unless you specifically turn it off, your phone tracks your physical location with navigation apps and augmented reality games. Every time you scan a loyalty card at a gas station or a grocery store, you’re not only saving a little money, you’re also leaving a digital record of where you’ve been, and what products you’ve purchased.
While it may seem like these are the most banal and innocuous of details, it’s the kind of thing that can help those putting together a phishing scheme when it comes to targeting you.
If they can insert a virus on your device that tells them the email address associated with your loyalty card app, and what items you’re using digital coupons for, it can help them send a more convincing message.
But these criminals aren’t just targeting your bank accounts. With your email and social media accounts they can solicit money from your friends and family, or hijack and sell your game and streaming accounts. If you have credit card information associated with accounts they could access through your email, they might run up debt purchasing items which they then have shipped out of country. Or purchasing digital assets that are then traded through multiple accounts before being monetized.
(Another variation on this scheme tricks people into “paying off debt” using untraceable digital currency codes for things like the iTunes or Xbox Live store. Codes that are then sold through online storefronts.)
There are also folks out there who could use our digital footprints for things even more nefarious than stealing our money.
While Bush made a joke about the stereotypical computer nerd “living in his mom’s basement,” when discussing network security, he knows that the real threats aren’t from some sort of mischief making caricature of a hacker.
The real threat comes from these overseas hacking collectives, often associated with organized crime – like those who attempted to access school administrative records from Russian and Ukraine based IP addresses recently – or other online predators closer to home.
While Bush is charged with protecting our children by restricting their internet access while using school networks and devices, and protecting their information by securing administrative and faculty access, some of his suggestions for maintaining network security could help keep your accounts safe too.
One of those suggestions is the use of multi-factor authentication. This type of authentication, which requires you to log in, then verify a code sent to your text messages, email, or through a dedicated dongle device before accessing your account, can be a little annoying at times. It adds extra steps that can be frustrating, especially if you are in a hurry or a code times out by the time you receive and attempt to enter it. But it’s also a great way to make sure hackers can’t get into your accounts even if they were successful at guessing or stealing one of your passwords.
Speaking of passwords, Bush’s other suggestion should help you with that; especially if you’re forced to come up with new passwords on a semi-regular basis. While many folks hate having to change their passwords, and trying to remember those new passwords every time they change them, it does make your account more secure.
What makes it even more secure, though, is changing your password to a pass phrase. Not only is a pass phrase easier to remember than a password, especially if you have to change it regularly, it’s more secure because it’s length means its harder for brute force attacks to come up with the correct series of characters.
Bush’s suggestions are meant for students, teachers, and other district staff, but they could be helpful for anyone who wants to maintain some online security.
We highly recommend considering a pass phrase next time you need to change your password, and see if it is easier for you to remember than a random string of letters and numerals, as well as setting up multi-factor authentication. It may be extra work, but in the end it’s worth it.