10 Things Not to Do Online
1. Never surf naked.
That is to say, don't use the Internet without installing an anti-malware program (malware is a catchall term that refers to any kind of malicious software -- viruses, worms, spyware, and the like). Years ago virus infections meant slowdowns, erased data, or obnoxious messages -- when your computer was infected you knew it. But hackers only care about money now and they get it by collecting information without your knowledge. "We don't see malware that wrecks your computer anymore," says David Perry, director of global education for Trend Micro, an anti-malware company. "Versions today just steal your credit card or bank account number. The first indication that it happened is when you notice purchases or withdrawals that you didn't make." If you use a Mac, don't assume you're safe: While they have a reputation for better security, malware that attacks the Mac operating system has been on the rise. The good news? You can fend off new threats as they come up. Kaspersky, Trend Micro, and Norton all sell security programs for between $70 and $85. If you're looking for a decent free alternative, try ThreatFire (for PCs only).
2. Don't use weak passwords.
If you base your password on your name, zip code, or the word "password," you're essentially putting out a welcome mat for thieves. The rules of thumb for creating strong passwords: (1) Avoid real English words. (2) Use more than eight characters. (3) Mix in upper- and lower-case letters as well as numbers or punctuation marks. A trick to remember this string of gibberish? Base your password on a memorable phrase of at least eight words, using the first letter of each word as your password. The phrase "To be or not to be, that is the question" becomes "2bon2Btitq." You can create a simpler password for all low-security uses (newspaper or cooking websites), then use your bulletproof one for accounts that really matter (banking and e-mail).
3. Never respond to spam.
Those unsolicited e-mails trying to sell you anything from miracle diets to cheap prescription drugs clog your in-box and waste your time. Spam exists because it's profitable. And it's only profitable because a small percentage of people respond to it. Don't be one of them. If you reply at all, even to ask to be removed from a list, the amount of spam you get may triple. Your e-mail provider should offer spam protection, perhaps in the form of a junk mail folder, to filter it out.
4. Don't give out your personal information too easily.
5. Never send anything in e-mail you wouldn't want to see on a billboard in Times Square.
E-mail is not secure. The majority of the time, that's fine. But just as you wouldn't send someone your Social Security number on a postcard (given that every mail handler can see it), every e-mail is essentially an open door to your computer, your recipient's computer, and other points between. So don't use it to send anything worth stealing -- in the body of an e-mail or in an attachment. "If I had to send my Social Security number to someone and didn't have a secure method for that, I'd just tell them over the phone," says James Van Dyke, CEO of Javelin Strategy & Research, a financial services research firm.
6. Don't fall for phishing scams.
It's easy to become the target of hackers who are phishing: They send out e-mails that look exactly as though they came from your bank but contain links that send you to a fake site disguised to look like your bank's log-in page. Then, when you think you're logging in, you're actually sending thieves your user name and password. It's probably okay to click links from people you trust that go to sites you trust and don't require a password to log in. If you don't recognize the main site's URL, play it safe and don't click.
7. Never open an attachment you weren't expecting.
Watch out for generic greetings like "thought you'd like this" or "this is so funny!!!" Tell friends to send you links in an e-mail instead of attachments. But be wary of links that were sent through Facebook, Twitter, or instant messages, since hackers also target social media. If you get a Facebook notice that sounds fishy ("Win a free iPad!"), it probably is.
8. Don't post your real e-mail address in a public forum or message board.
You're just asking to be put on spam e-mail lists. But you can still give people a way to reach you by using a simple trick. Instead of typing firstname.lastname@example.org, write meATmyselfDOTcom. People will understand it, but the computers that troll the Web trying to steal e-mail addresses won't.
9. Stop using file-sharing networks.
The vast majority of content on music and movie file-sharing networks such as LimeWire, The Pirate Bay, and BitTorrent is illegal. Beyond their ethical stickiness, the legal gray area they operate in means there's usually no oversight of the files they traffic in. This makes them fertile ground for malware. While that file may look like the latest Brad Pitt movie, it could just as easily be malware in disguise.
10. Don't forget your friends.
Your pals on Facebook, LinkedIn, or Twitter may feel like a cozy group of friends, but after a while you're bound to end up with some "friends" you don't really know. They have access to just about everything you post and that personal info can be used to impersonate you. (Be sure to adjust Facebook privacy settings to "friends only"; the default allows everyone to view your status updates, posts, and photos. You can even customize settings so that only certain friends can view your entire profile.) So be careful what you post. For example, if you love yoga, go ahead and list it as an interest on Facebook, blog about it, and post on message boards. But when it comes to choosing a security question for your e-mail or bank password, make sure it has nothing to do with hatha or vinyasa. Assume anything you share online is available to the entire Internet, and keep truly private information to yourself.