By
Here’s how to combat targeted ads, hackers, and cyber thieves.
Sometimes I feel like I spend my entire day dodging attacks on my digital identity. I wake up to scammy text messages begging me to click sketchy links. I delete them. Brush my teeth.
Open my email and voila! Fake sweepstakes emails — from my own email address, no less — telling me I won everything from a power drill to a Yeti cooler. I delete those, too. By noon I’ve silenced at least a half dozen robocalls, and at least once a day I see a Facebook ad for something I recently talked to my husband about — is Siri eavesdropping on me, too?
Obviously, I’m not alone. With so many scams floating around we’re all starting to see privacy dangers around every mouse click, even where they might not exist, like in a Snapchat filter.
The recent midterm elections and upcoming Black Friday/Cyber Monday online shopping extravaganza have only made these concerns more intense. If you haven’t gotten at least a hundred unsolicited text messages — again, with sketchy-looking links — consider yourself lucky.
Where is all of this headed? Are we forever doomed to a future of digital paranoia, and the threat of cybercrime, stolen money, identities or worse? Is there a way to break free from all these shady spammers, scammers and thieves?
The good news is: It all gets a lot less scary once you realize what is going on.
Now you know: 7 default settings tech companies don’t ever want you to change
An email from myself?
I get emails from myself all the time … only I never sent them. They’re often low-effort scam-bait messages claiming that I won something or I have unclaimed funds somewhere. Or even more annoying, that I’ve been hacked “watching porn” on my laptop and better pay up — or else.
Spoiler alert, there’s no watching porn or getting hacked actually going on, these are among the most common of threats.
You likely get these, too. No doubt, looking at your own email address in the “From” line is unsettling, but how does that even happen?
Sadly, it’s easy. The email addresses that populate when you open an email are rarely verified, especially if you use a free email service. Using a less-secure Simple Mail Transfer Protocol (SMTP) server, a scammer can just type in what they want the “To” and “From” addresses to say.
Someone using one of these servers — a scammer can just set one up themselves — can make an email look like it came from anyone, including you. It really is that easy.
As annoying as it is to change an email service, you can avoid these spoofed emails and do away with a whole lot of spam and scam messages by switching to a secure email provider.
ProtonMail is a popular one these days. It’s free for a private email account, and since it uses more advanced protocols than most free services, it spots spoofed emails, so you don’t have to.
Online scams targeting veterans and active duty members. Here’s how to protect yourself.
Password Paranoia
Oh, passwords. I don’t know of a single person on the planet that actually likes the password system, but there’s no getting around them … or is there?
“Passwords have been the default mechanism for authentication since the beginning of computer technology,” Bob Eckel, president and CEO of Aware, a biometrics software company based out of Massachusetts, tells me over email.
“They don’t require extra or special hardware, there are no compatibility issues and they are a cost-effective option for companies and businesses of all sizes, which is why they are still the go-to for identity or use authentication today.”
The biggest problem with passwords is that they’re far less secure now than they were a couple of decades ago. Modern hackers use more advanced techniques, and most of us don’t practice good password hygiene, such as using a different password for every account.
If you use your birthday, maiden name, pet’s name or one of the most easily hacked passwords on the planet, like 1234, or “password,” you’re just begging to get scammed.
Companies like Apple and Google pioneered new methods for securing digital devices such as smartphones and even laptops, but individual accounts for the millions of apps we all use still require passwords. Our own fear and apprehension are a big part of the reason that certain biometric technologies aren’t catching on as fast as they could.
RNC sues Google over email spam filters: Alleges ‘bias against Republicans’ ahead of midterms
“Certain segments of the general public, such as baby boomers, for example, continue to be weary of facial authentication; instead, they’re much more receptive to fingerprints. Therefore, we need to continue our mission to educate both organizations and consumers about the technology and special techniques used to make facial authentication highly safe, secure, and accurate,” Eckel says.
While we wait for passwords to kick the bucket, utilizing features like Apple’s “Sign in with Apple” can effectively bypass many app login requirements and use your smartphone as the default for verification.
It’s also a lot more convenient than inventing a new password for every app, and lets you use FaceID or TouchID (depending on your device) to log into just about anything.
Man who lied about being a millionaire: Fake Navy SEAL stole up to $1.5M in romance scam, DOJ says
Is Siri listening?
Do you ever see an ad for something you were just talking about with a friend, within earshot of your phone?
It’s easy to assume that since our phones are constantly listening to us — waiting for the trigger word, like “Hey Siri,” “Okay Google,” or even “Alexa” — that they may be working behind the scenes to feed us relevant ads. That’s not exactly right, but it’s not that far off either.
“Our phones are designed to listen, first and foremost, to virtually assist us, which can explain why you may be served ads that directly relate to a conversation you just had,” Eckel adds. “It is similar to how search engines work by tracking your activity to ensure it is delivering the most relevant results.”
But it’s important to note that Apple, Amazon and Google have all stated that they treat the audio from their respective virtual assistants with the utmost security and privacy.
Tab overload? How to control what happens when you start your browser
You may get a relevant ad on your computer, related to a voice prompt if you choose to search Amazon’s marketplace using Alexa, for example, but having a background conversation with a friend isn’t the reason you get those ads.
The more likely scenario is that your searches on desktop or mobile triggered an ad algorithm to suggest those relevant products for you.
I know it can seem creepy and weird, but unless the big three companies are lying through their teeth — and security researchers haven’t busted them yet — it’s just a coincidence and a cleverly-designed ad system.
It’s not you, it’s them: Google, Alexa and Siri may answer even if you haven’t called
Steps to be more secure online
What can you do about it all? Here are some simple steps you can take to search for information online as privately as possible these days:
- Use a privacy-focused search engine that doesn’t collect as much data about your habits as say, Google. Options here include DuckDuckGo or Brave Search.
- Disable your mobile ad ID on your smartphone and tablet, and block ads on your laptop and desktop browsers. Most smartphone apps default to collecting tons of data about your behavior. There are easy ways to disable these functions in the settings on iPhones and Androids that run on the Google operating system.
- Use an ad blocker such as Ghostery or AdBlock Plus.
By
Jennifer Jolly is an Emmy Award-winning consumer tech columnist. Email her at j[email protected]. Follow her on Twitter: @JenniferJolly. The views and opinions expressed in this column are the author’s and do not necessarily reflect those of USA TODAY.
