Why is it that computer code has advanced exponentially in the last decade but websites still get hacked? Why is it that online security providers like Norton, Kapersky and McAfee work tirelessly improving their systems, but black hat miscreants still breach our systems and sell our information?

The problem is that while technology has gotten wiser, humans have not.

Hackers have shifted their efforts away from cracking code and onto cracking us. It’s much easier to trick people into giving away their passwords than it is to gain access to a secure system in any other way. Interestingly, this has meant that the bad guys have started to read up on things like psychology and human nature.

Phishing attempts used to be novel and somewhat humorous. We would snicker at the broken English employed by some eastern European nerd in his basement, seemingly choosing words at random from the dictionary and clumsily pasting them into sentences. Things have changed, however. Instead of recruiting men and women who can write code, many criminal organizations are bringing in manipulators who can write English – and write it well. It’s not uncommon for a modern phishing attempt to be indistinguishable from legitimate communication.

Remember when Target got hacked a few years ago around the holidays? The crooks gained access via one of their contractors who happened to have login information for a secure system. An employee at the contracting company fell for a trick email and pow! 10% off for everybody and free identity theft monitoring for a year.

With that being said, there are still ways to scrutinize your email to improve your chances for safety. Here are a few:

  • If it’s too good to be true  Common sense is still the #1 defense against hackers. If an email promises you something for nothing – even if it appears to be from a legitimate source on the surface (see below for more on this), it is almost certainly a scam. If the communication seems to come from a legitimate company, contact that company via the phone number on their website to confirm its authenticity.
  • Look closely at the source – Tricking humans is the easy part of phishing. Managing emails that look legit is much harder. Oftentimes the simplest way to spot a malicious message is by looking closely at the sender’s email address. If it claims to come from Wal-Mart but the address is something – anything different – then delete the email immediately.
  • Never give out your credentials – Businesses know better than to ask you for your login information via email. It’s not particularly secure, and it tends to have a dangerously long shelf life. Instead, businesses with whom you have an account will often ask you to log in using the same methods you always do (via the website or an app, for example). If an email asks you to enter your username and password, delete it. Period. 
  • Change your password often – I know this can seem like a pain in the neck, but it may be the most important thing you do to keep your online property safe. The more you change your login credentials, the less likely that they are floating around the ether of the worldwide web. Think about the last breach you were unfortunately enough to be a part of (almost all of us have, by this point): most of the time all it takes to “re-secure” your information is to change your password. If you do that on your own once a month or so, you significantly reduce the chances of a bad guy ripping it off.

Face it – we humans are the weakest link when it comes to online security. You protect your wallet or purse when you spend time downtown in a big city, why not spend a few moments improving your online security skills as well? Don’t be a victim. Be smart, and the bad guys will be forced to move on.