Internet has permeated to every sphere of our lives. Facebook and WhatsApp have pervaded to every sphere of our lives.
Hoevver, the generation 1950s and earlier have to a lrge extent been unable to grapple with the complexities of this new medium.
Internet Safety for Elder Adults and Beginners is a quick step guide to such adults, to both simplify and yet make them aware of the consequences of their action.
The idea is not to create fear of the monster, but to get them relate the safety precautions to what they would take in offline world.
Would appreciate your suggestions. This is a crowd sourced effort and I am thankful to the contributors.
11. We will talk about these today…
• Passwords
• Online Banking, Secure Shopping
• Hoax and Rumours on Facebook, WhatsApp, SMS
• Safe Browsing on Internet
• Email Caution
• ATM and Internet Banking
• Protecting with Anti-Virus and Spam Filters
• Home Wi-Fi Safety
• Filter Bubble
13. A password is a word or string of
characters used for user
authentication to prove identity
or access approval to gain access
to a resource (example: an access
code is a type of password), which
should be kept secret from those
not allowed access.
14.
15. Password strength is a measure of the
effectiveness of a password in resisting
guessing and brute-force attacks. In its
usual form, it estimates how many
trials an attacker who does not have
direct access to the password would
need, on average, to guess it correctly.
This website is interestingly useful
https://howsecureismypassword.net
16. tips for a strong password
• DO Change your password – (1) every 90 days
(2) when it is compromised (3) More frequently
for banking and social sites
• DO Write down Passwords in a small Diary/
Notebook. While there is password
management software available, it may lead to
more compromise than safety if you are a
novice user. Please do share the details on
where you stored with at least one or a
maximum of two trusted people. Spouse or
Children
• DO NOT *save* your passwords on your mobile
phone or laptop. If lost, you are giving away a
lottery to the thief.
• Do not key in your password on your mobile
phone/ desktop / kiosk that is not your
personal private.
• DO NOT share your password ever, ever. If you
even have the slightest doubt that it is
compromised, please change it immediately.
19. BANKING BLUES
• Think twice may be even 5 times over two days, before you click anyting to do
with Money
• Never, Ever, share banking information(account numbers) Cheque numbers and
credit card information via email.
• Change PIN for debit cards as soon as you receive them from the bank - Do not
write PIN down and keep it next to the card in a "safe" place
• If someone from the bank calls you and asks for information, as for a number to
call them back on and call them back on a landline that is a bank number.
• Your bank will never contact you via email if your credit card is "compromised".
Never click on such emails.
• Use e-banking and update your cellphone numbers for SMS updates.
• Do not give your ATM card and PIN to anyone (maid, driver, fuel pump attender)
to withdraw money for you.
20. Can you compare and contrast
real life safety and online safety?
21. tips for Online Transactions
• ALWAYS Check for https whenever doing any banking transaction,
online shopping or even for a mobile re-charge (example -
https://www.icicibank.com)
• DO Close that Window/ Tab or Browser ‘each time’ after finishing the
banking transactions
• DO NOT login to an internet links from your mobile unless you are
doubly and triply sure that it is secure and authentic. If in doubt,
avoid.
• DO use Virtual Keyboards where possible.
• DO use Two Factor Authentication (2FA) and Mobile OTP
• LOOK for padlock symbols in the URL
28. tips for Facebook/ WhatsApp/ SMS
• ALWAYS Google and check before forwarding anything. You do
not want to be a rumour monger. Do you?
• ALWAYS be very careful about the security / privacy settings
before uploading pictures and videos on Facebook
29. ALWAYS refer to the dozens of sites
share the hoaxes on Internet–
• Hoax-Slayer: Latest Email Hoaxes - Current Internet Scams
• Best WhatsApp Hoax messages: 5 new irritating ... - India
• 25 Hilarious Hoax WhatsApp Texts and Forwarded messages
• 11 weird health rumours on Facebook, WhatsApp and ...
30. BEWARE Internet is NOT Gospel
Truth.
• A high % of WhatsApp Forwards are unconfirmed rumours
• Almost ALL rumours have malicious intent
• WhatsApp and Facebook take advantage of simplicity, speed and ignorance
to mass forward texts inside their CLOSED groups.
• Most of today’s digital audience wouldn’t sift out the facts.
• DO NOT accept unknown friend requests. If in doubt, ignore. If no display
picture, you must not accept that request.
• DO NOT REACT when you reading emotional charged posts
31. There is a big difference
between posting a social
media post and a private
message. Discuss private
matters face to face or
on phone if it can be
helped, not on
electronic media.
33. tips for Browsing the Internet
• ALWAYS hover the mouse on URL links and
check (in the status bar) if the site it is
pointing to seems reasonably safe. When in
doubt completely avoid clicking something.
• ALWAYS AVOID clicking on pop-ups
• browsing the internet relentlessly and
finding crazy suggestions for fitness and
health. Often, people are ready to try
anything without pausing to think.
• Clear you Cache
36. tips on Email Safety
• Emails have become by-far the most ubiquitous means of
communication. Gone are the days of post-cards and inland letters.
With such emails come s its own pain of being careful.
• ALWAYS Be extra cautious with when you open emails on Mobile
and tablets
• ALWAYS Check the email address is veritable - sometimes the name
reads like these - Facebook Team <noreply@acenzi.com>, Gmail Team
<xyz@abc.com>, ICICI Bank <acds@in.icici.org>, YouTube Support
<egnan@goosu.com>. You would never be able to see these in the
mobile phones.
• For a more detailed discussion please refer to the topic ‘Phishing’
below
37. Dos and DON’Ts
• DO add safe contacts in Junk Mail and vice versa
• Do login to your mail systems on your desktop (Gmail/ yahoo/ Hotmail) and check the
junk mail box.
• DO NOT open any emails where the sender is not familiar. At the slightest doubt and you
delete them rather than open a can of worms.
• Downloading Attachments and Clicking Hyper-Links
• DO NOT click on links in emails unless you are 200% sure that it is from verifiable source.
Just as you would be careful to welcome an unknown carton from an unknown entity in
your house, you would need to treat attachments on email as such.
• DO NOT download suspicious attachments. If the attachment is not a *pdf or *.vcf, just be
doubly careful. You might want to verify for attachments like *.doc and *ppt and *.xls and
*.zip. If it is an *.exe or anything else just DO NOT click that attachment. Call the Sender.
40. Winning Lottery and Freebies
• THERE ARE NO FREE LUNCHES. PERIOD.
• If you had relatives in Africa who had $50 million you would have
known. Nor will a rich influential Chinese or Nigerian business may
be willing to bequeath you with their $100Million wealth.
• If you are not a gambler and an online lottery player, there is NO
way you will win a lottery of $8 Million.
• And, neither Apple, or Rolls Royce are fools to give away a 1000
iPads or 100 Cars for the first bunch of fools that Like a website link,
answer a silly question or share their contact details.
• Well, if Greed drives it, then this chapter is not for you!
42. PHISHING EMAILS
• "Phishing" (also known as "carding" or "spoofing") refers to email that attempts to fraudulently acquire
personal information from you, such as your account password or credit card information. On the
surface, the email may appear to be from a legitimate company or individual, but it's not.
• As a general rule, never send credit card information, account passwords, or extensive personal
information in an email unless you verify that the recipient is who they claim to be. Many
companies have policies that state they will never solicit such information from customers by email.
• Find out who the email is really from. View the email headers to see where the message really
originated from. A typical email header displays several lines that begin with "Received." If the
"Received from" information does not match the email address of the sender or the company being
represented in the email, it usually means that the message did not truly come from that individual
or company.
• Be cautious of links in the email. One common phishing technique is to include links in an email
that look like they go to a legitimate website. Upon closer inspection, the link may actually take you
to a website that has nothing to do with the company the email is pretending to be from, even
though the resulting website may be designed to look exactly the same.
43. PHISHING EMAILS (CONT)
• Note the email greeting. Phishing emails tend to start with generic phrases like "Dear valued customer" or your email
account name, such as "Dear snookums123," instead of your name ("Dear Raghav" for example). Most legitimate
companies include your name in their correspondence because companies will have it on record (if you've dealt with
them before).
• Keep previous history in mind: If you've had previous, valid correspondence with the company, compare those messages
to the email in question. If you have never done business with a particular company, and you receive an email that
appears to be from that company requesting account information, it could be an attempt at phishing. Again, never email
account information or credit card information if you are in doubt.
• Never provide personal account information through email. if you receive an unsolicited commercial email requesting
personal information, do not provide any information without first checking directly with the company that appears to be
the one requesting this information. Do not reply to the message or click any of the links in the message. Instead, visit
the company's website and find an email address to contact regarding this issue, or call the company. Many companies
appreciate being notified about fraudulent attempts to gain information about their customers.
• Be cautious of attachments. If you receive an unsolicited message that contains an attachment, do not open it. Contact
the company directly to verify the contents of the email and the attachment before opening it.
46. tips for ATM and Internet
Banking
• NEVER do write ATM pins or passwords in a text file or back of
ATM card.
• NEVER add personal information like phone number, address on
your ATM card
48. tips for Antivirus
• ALWAYS use the online Mail access and spam filters. The ones
used by major providers like Gmail, Hotmail and Yahoo are
pretty decent.
• DO get a good anti-virus and spam filter.
49. Spam And Spam-Filters
• Email spam, also known as unsolicited bulk email (UBE), junk
mail, or unsolicited commercial email (UCE), is the practice of
sending unwanted email messages, frequently with commercial
content, in large quantities to an indiscriminate set of recipients
• Spam Filters are the best way to stop spam.
• You can also unsubscribe to unwanted email lists, if you have
inadvertently subscribed or had found that sender’s email useful
in the past, but not anymore.
• Online mail applications and most mail clients can also do help
you with intelligent spam options that can get sorted into
appropriate spam folders boxes or junk email folders. Since they
are based on intelligence of usage, it would help if you guide
these by a few actions on your desktop or web-experience. Your
mobile sorting would not help these systems learn much.
52. Account Hacking
• In the computer security context, a hacker is someone who
seeks and exploits weaknesses in a computer system or
computer network. Hackers may be motivated by a multitude of
reasons, such as profit, protest, challenge, enjoyment, or to
evaluate those weaknesses to assist in removing them.
• When you believe your account is hacked, please contact the
service provider immediately.
• Share the information with a few friends or family who are
technically savvy, so that they can raise an alert on your behalf.
53. tips Home Wi-Fi
• Wi-Fi routers at homes have usernames and passwords often
handed down by service provider or the router manufacturer.
Usually unknown users (free riders) gain access and use up your
bandwidth. Not only does it cost you heavily in broadband bills,
but it also leads to potential hacking through their connections
and devices.
• ALWAYS change this to a more personalised name and have a
new password
• ALWAYS use a new WPA2 password or equivalent and make
sure you note down the same on the router lest you lose it.
54. Be Aware of Filter Bubble
• A filter bubble is a result of a personalized search in which a
website algorithm selectively guesses what information a user
would like to see based on information about the user (such
as location, past click behaviour and search history) and, as a
result, users become separated from information ...
• http://www.goodreads.com/book/show/10596103-the-filter-
bubble
http://www.amazon.com/The-Filter-Bubble-Personalized-
Changing/dp/0143121235
55. In Summary
• Passwords
• Online Banking, Secure Shopping
• Hoax and Rumours on Facebook, WhatsApp, SMS
• Safe Browsing on Internet
• Email Caution
• ATM and Internet Banking
• Protecting with Anti-Virus and Spam Filters
• Home Wi-Fi Safety
• Filter Bubble
57. Some Additional References
• http://www.wikipedia.org
• www.google.com
• www.bing.com
• Securing The Human Newsletters: Securing Your New Tablet,
January 2016
• Securing Your New Tablet, January 2016
• Phishing, December 2015
• Shopping Online Securely, November 2015
• Password Managers, October 2015
• Two-Step Verification, September 2015
• Backup & Recovery, August 2015
• Social Media, July 2015
• Educating Kids on Cyber Safety, June 2015
• Securing the Cyber Generation Gap, May 2015
• Passphrases, April 2015
• Gaming Online Safely & Securely, March 2015
• Staying Secure on the Road, February 2015
• Securely Using Mobile Apps, January 2015
• What Is Anti-Virus?, December 2014
• Social Engineering, November 2014
• Five Steps to Staying Secure, October 2014
• Using the Cloud Securely, September 2014
• Encryption, August 2014
• Email Do's and Don'ts, July 2014
• Disposing of Your Mobile Device, June 2014
• I’m Hacked, Now What?, May 2014
• Yes, You Actually Are a Target, April 2014
• The End of Windows XP, March 2014
• What Is Malware, February 2014
• Securing Your Home Network, January 2014
59. Glossary
• A password is a word or string of characters used for user authentication to prove identity or access approval to gain
access to a resource (example: an access code is a type of password), which should be kept secret from those not
allowed access.
• Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its
usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on
average, to guess it correctly.
• HTTPS (also called HTTP over TLS, [1] [2] HTTP over SSL, [3] and HTTP Secure [4] [5]) is a protocol for secure
communication over a computer network which is widely used on the Internet.
• Two-factor authentication is a security process in which the user provides two means of identification from separate
categories of credentials; one is typically a physical token, such as a card, and the other is typically something
memorized, such as a security code.
• A one-time password (OTP) is a password that is valid for only one login session or transaction, on a computer system or
other digital device.
• Check if you see a lock on the web browser address bar then you should also see that the website starts with HTTPS as
opposed to HTTP in which case the page is using secure socket layer and is secure from a third party being able to
see your information as it is being transmitted.
• A hoax is a deliberately fabricated falsehood made to masquerade as truth. It is distinguishable from errors in
observation or judgment, or rumours, urban legends, pseudoscience or April Fools' Day events that are passed along in
good faith by believers or as jokes.
60. GLOSSARY (2)
• Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and
sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic
communication. The word is a neologism created as a homophone of fishing due to the similarity of using fake bait in
an attempt to catch a victim.
• A personal identification number (PIN, pronounced "pin"; often redundantly PIN number) is a numeric password used to
authenticate a user to a system, in particular in association with an ATM card.
• Anti-virus software can attempt to scan for rootkits. A rootkit is a type of malware designed to gain administrative-level
control over a computer system without being detected.
• Email spam, also known as unsolicited bulk email (UBE), junk mail, or unsolicited commercial email (UCE), is the practice
of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of
recipients.
• In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or
computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment, or
to evaluate those weaknesses to assist in removing them.
• A filter bubble is a result of a personalized search in which a website algorithm selectively guesses what information a
user would like to see based on information about the user (such as location, past click behaviour and search history)
and, as a result, users become separated from information ...