We live in a wonderful world, an amazing time with infinite possibilities. Writers have more power than ever before in the whole of human history. Many of us are explorers in a New World, charting unknown territories in a realm with no boundaries. This is part of how we are able to offer you the writing conference of the future, WANACon (learn more HERE).
Every new territory comes with the splendors never seen, the resources never tapped, the powers never before harnessed. Yet with new opportunities come new predators eager to take advantage of the naive.
I can’t explain why there are those in this world who will hurt people they’ve never met or steal with no concern to what devastation they might create. But, these crooks are there, they are a real threat, and I’m here today to help you guard against attacks.
Hey, I may be a Lamb, but I’m no sheep ;).
There are digital sheep, digital wolves, but today I want to train you guys to be digital sheepdogs. We aren’t passive, but we are protective and we are on guard to protect those around us. We are not alone!
Image courtesy of misteraitch from Flikr Creative Commons.
Hackers and Phishers Use Emotion
One common tactic used by hackers and phishers, is they seek to get us upset. If they can scare us or momentarily panic us, we are far more likely to part with sensitive information without thinking.
Frequently they will tell us our account has been suspended because we have been breaking rules we haven’t broken like friending people we don’t know, or friending too many people or even that we have been reported as spammers. Of course, if we just “enter our password” they will get it sorted straight away. Uh huh.
They want us to think Not me! I follow the rules! This is a mistake! I need to get to the bottom of this RIGHT NOW!
When I see this, I log out then back in and often the message goes away, and then I report them. Facebook or Twitter can’t get these guys if we don’t blow the whistle.
Be a sheepdog. Sheep either get eaten by wolves (hand over password) or they go back to munching grass (playing Farmville). Digital sheepdogs go alert those in charge that wolves are sniffing the perimeter.
If someone is a suspected bot on Twitter, we should block and report them. If they try to phish our account, we need to report them. If we get odd e-mails that seem like phishing on Facebook, we must report it.
Digital Wolves WILL Wear Digital Sheep Clothing
So thieves will try to upset you. This will get you to react and hand over sensitive information. One of the ways they can get this reaction is by posing as an authority. For instance, I had this pop up on my Facebook:
Now, 99% of the time I am multitasking and have a toddler trying to scale the back of my head like the Mt. Shasta. Do you see how EASY it would be to catch me off guard and hack my account? Looks official…but look closer.
See how they tried to embarrass and upset me? These creeps know that most of us are good and decent and follow the rules. We were the kids who would have cried if we were threatened with a visit to the Principal. These trolls use what is good an noble about us to attack us. They will use our respect for authority against us if we let them.
I have also had a pop up appear when I went to get on Tweet Deck. The pop up from “Tweet Deck Security” was there to inform me me that my account had been suspended for suspicious spamming activity, but that they were sure it was all a misunderstanding. If I just typed in my password, they would make sure everything was sorted and my account would be unlocked.
I closed the window, logged out and logged back in. My account was fine. This was an attack.
If They Can’t Bait You with Bosses, They’ll Bait You with Buddies
Another common ploy is to come disguised as our “friends.”
friend phisher will send a DM (direct message) about rumors about you or a nasty review or wild pictures and a link. The hacker is disguised as a fellow member of the herd. Baaaahhhhhh. Someone is saying baaaaaad things about you.
“I’m your friend so I am discreetly telling you so you can go tell them what for.”
No, they are a phisher, and, if you hit that link, your computer is toast. Malware will be all over you like fleas on sheep.
If you get a DM like this, be a sheepdog. Look out for your peeps. Tell them you are getting strange messages and alert them to change their passwords (Something more than seven digits with a number is a good choice). DM them back, but even if you can’t? No one will mind a, “Hey, I tried to DM you but I can’t. You might want to change your password. Getting weird DMs from you.”
This Also Applies to E-Mail
If you get an e-mail from a friend and there is only a link, DO NOT CLICK. If they write a message that seems out of character, DO NOT CLICK. REPLY ALL and alert everyone on the e-mail that this is likely a phisher and tell the sender to change her password immediately. Put in the subject line Re: THIS IS A PHISHER!!! DO NOT CLICK THE LINK!!!
Either the sender will come back and verify he really did send just a link; it was for a dancing squirrel and he hit “send” before he typed a message OR he can change his password and keep hackers from getting in any deeper.
If a friend e-mails for help because she is stranded (and you are unsure if this is really the person), feel free to e-mail back and tell the friend to call you. Since you are friends, then she should have your number.
DO NOT Forward on Cutesy E-Mails
Ever get those messages with a picture of an angel and you have to send to 25 friends in the next ten minutes if you want a miracle…but if you don’t forward the message the note promises that you will be hit with some form of bad luck? DO NOT PASS THESE ON. Hackers use these types of messages to get a hold of addresses.
How else could that cousin in Uganda who wants to will you a million dollars find you?
If you do get some really cute story in your e-mail and you REALLY want to pass it on, just copy and paste into a new e-mail. Hackers already don’t work for a living. Why make their life on Easy Street easy?
Play Games at Your Own Risk
There are all kinds of games on Facebook. We can join causes or keep up with high school peeps, but often it requires granting permission to an application to have access to our information. Not all of this is nefarious, since if I am an application that wants to connect alumni, I need that information.
But these applications are gateways for hackers and phishers, too. I don’t play games like Farmville for that reason (frankly, it’s also because I don’t have time). But any of those games are a risk, so be alert and don’t just grant access to anyone. I rarely join ANYTHING that wants access to my account information, even if it will make life easier.
We have to do the cost-benefit analysis. Sure we can have fun, or an ease of access….but we can also grant fun and ease of access to thieves.
Don’t Use Tweet Validation Services and DO NOT FOLLOW People Who do
I don’t like any service that directs people to an outside page. Anything that directs us off Twitter is vulnerable and can be hijacked. We could be redirected to a copycat site that is there to capture information.
We don’t need validation services. It is not THAT hard to unfollow bots. If someone follows us then they spam us, it takes two clicks to report and block them.
If I follow someone and I get A DM that I need to click a link to prove I’m a real person? I move on. That is a good way to get hacked. And, since I don’t like people making me vulnerable to attack, I just make it my policy to not open any of YOU to attack.
It’s being a good TweepDog.
So to sum up:
1. Never give information to any unconfirmed source.
2. If a message upsets you, calm down before giving any information. Thieves want us reactive. Remain CALM AND PROACTIVE.
3. Never click on any outside link. Ignore validation services. There are plenty of people who won’t make you jump through hoops and open you up to viruses who will befriend you.
4. USB drives are classic tools for getting malware through a firewall. If you don’t trust where a drive came from, don’t insert it into your computer.
5. Always report any attempts to gain access to your information or accounts.
6. Keep an eye out for friends, family and members of your network. Alert them if it seems their account has been compromised.
7. Do NOT use any outside validation services. This opens those in your network to hackers.
Social media is, above all else, SOCIAL. It is far easier to relax and have a good time if we aren’t having our bank accounts emptied. Remember, they call those people con artists for a reason. They will be cunning, clever and quick…but we can be educated and work together.
Please post this blog to your networks, send it to friends and family so they know how to stay safer. The more educated we all are, the safer we are. Together we are stronger.
I hope you enjoyed these tips, but I do have to say that Internet security is not my specialty, but WANA International has someone who is an expert on the subject. Jay Donovan, founder of Tech Surgeons is offering a course on Internet Privacy and Security. This is a valuable class for all of us, but especially valuable for writers who are worried that what they write might cost them a day job (I.e. those who write political or religious works or genres like erotica). While I generally recommend to avoid pen names, sometimes they are a must. Jay can teach you how to maintain that privacy without going nuts.
Have you ever been hacked or phished? What did you do? How did it make you feel? I know I don’t know everything, so what are some tips YOU guys would recommend? I know there are some computer geniuses in my following. Help us out. What are some more ways we can stay safe? How can we better look out for one another?
I LOVE hearing from you!
To prove it and show my love, for the month of February, everyone who leaves a comment I will put your name in a hat. If you comment and link back to my blog on your blog, you get your name in the hat twice. If you leave a comment, and link back to my blog, and mention my book We Are Not Alone in your blog…you get your name in the hat THREE times. What do you win? The unvarnished truth from yours truly.
I will pick a winner once a month and it will be a critique of the first 20 pages of your novel, or your query letter, or your synopsis (5 pages or less).
And also, winners have a limited time to claim the prize, because what’s happening is there are actually quite a few people who never claim the critique, so I never know if the spam folder ate it or to look for it and then people miss out. I will also give my corporate e-mail to insure we connect and I will only have a week to return the 20 page edit.
At the end of February I will pick a winner for the monthly prize. Good luck!
I also hope you pick up copies of my best-selling books We Are Not Alone–The Writer’s Guide to Social Media and Are You There, Blog? It’s Me, Writer . And both are recommended by the hottest agents and biggest authors in the biz. My methods teach you how to make building your author platform FUN. Build a platform and still have time left to write great books.