We send incredibly personal emails
Spear phishing, the act of sending targeted emails to get you to share financial information or passwords, can be exceptionally sophisticated. “The old-style ones had spelling and punctuation errors, but today, it has really become an art,” says Mark Pollitt, PhD, former chief of the FBI’s computer forensic unit. “They may call you by name, use your professional title, and mention a project you’re working on.”
Outsmart us: Spot phishing emails by looking for incorrect or unusual URLs (hover over links to see the actual URL address), requests for personal information or money, suspicious attachments, or a message body that’s actually an image. Unless you’re 100 percent confident that a message is from someone you know, don’t open attachments or click links. Here’s how to avoid the most common online scams.
We’ve got all the time in the world
Dusan Petkovic /Shutterstock
Hackers have programs that systematically test millions of possible passwords. “They go to sleep and wake up in the morning, and the program is still going, testing one password combination after another,” says Peter Fellini, a security engineer with Zensar Technologies, an IT and software services firm. Look out for these signs your password could get hacked.
Outsmart us: Instead of a password, try a passphrase. Use letters and characters from a phrase and include special characters, numbers, and upper- and lowercase letters (Mary had a little lamb could become [email protected], for example). Or consider a password manager that generates and remembers random, difficult-to-crack passwords. (Even then, some experts recommend unique passphrases for financial accounts in case the password manager gets hacked.)