Internet Safety Tips
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.
The best protection is to simply pay attention. If an email or Website just doesn't seem right, or if you receive a message asking for financial or personally identifying data, you should take a pause and proceed with caution:
- Do not respond to any email message asking for personal or financial information, and do not click on any links provided in such a message (the importance of this cannot be overstated).
- Get in the habit of never sending sensitive data (Social Security number, credit card numbers, etc.) via email.
- Be careful when opening attachments or downloading files attached to emails, even if they appear to be from a friend (since spoofing can hide the true source).
- If you need to update potentially sensitive information online, open a new browser window and type in the Web address manually, using the same process you have used before.
- If the Web address of a known site looks unfamiliar, it may not be the legitimate site.
- If you are conducting bank business or other sensitive transactions online, look for the lock icon and "https" in front of the Web address indicating a secure site.
- If in doubt about an email that appears to be from a legitimate organization, call the organization yourself instead of replying to the message.
- Do not open any files attached to an e-mail from an unknown, suspicious or untrustworthy source.
- Do not open any file attached to an e-mail unless you know what it is, even if it appears to come from someone you know. Some viruses can replicate themselves and spread through e-mail. Better be safe than sorry and confirm that they really sent it.
- Do not open any files attached to an e-mail if the subject line is questionable or unexpected.
- Delete junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network.
- Do not download any files from strangers.
- Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. If you're uncertain, don't download the file at all.
- When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats.
It is easier than you think for someone to steal your password
Any of these common actions could put you at risk of having your password stolen:
- Using the same password on more than one site
- Downloading software from the Internet
- Clicking on links in email messages
2-Step Verification can help keep bad guys out, even if they have your password.
Signing in to your account will work a little differently
- You'll enter your password: Whenever you sign in to Google, you'll enter your password as usual.
- You'll be asked for something else: Then, a code will be sent to your phone via text, voice call, or our mobile app. Or, if you have a Security Key, you can insert it into your computer’s USB port
Keep sign-in simple
- During sign-in, you can choose not to use 2-Step Verification again on that particular computer. From then on, that computer will only ask for your password when you sign in.
- You'll still be covered, because when you or anyone else tries to sign in to your account from another computer, 2-Step Verification will be required.
An extra layer of security
Most people only have one layer – their password – to protect their account. With 2-Step Verification, if a bad guy hacks through your password layer, he'll still need your phone or Security Key to get into your account.
Sign in will require something you know and something you have
With 2-Step Verification, you'll protect your account with something you know (your password) and something you have (your phone or Security Key).
Verification codes made just for you
Codes are uniquely crafted for your account when you need them. If you choose to use verification codes, they will be sent to your phone via text, voice call, or Google's mobile app. Each code can only be used once.