1. We send incredibly personal e‑mails.
Spear phishing, the act of sending targeted e-mails to get you to share financial information or passwords, can be exceptionally sophisticated. “The old-style ones had spelling and punctuation errors, but today, it has really become an art,” says Mark Pollitt, PhD, former chief of the FBI’s computer forensic unit. “They may call you by name, use your professional title, and mention a project you’re working on.”
Outsmart us: Spot phishing e-mails by looking for incorrect or unusual URLs (hover over links to see the actual URL address), requests for personal information or money, suspicious attachments, or a message body that’s actually an image. Unless you’re 100 percent confident that a message is from someone you know, don’t open attachments or click links.
2. We’ve got all the time in the world.
Hackers have programs that systematically test millions of possible passwords. “They go to sleep and wake up in the morning, and the program is still going, testing one password combination after another,” says Peter Fellini, a security engineer with Zensar Technologies, an IT and software services firm.
Outsmart us: Instead of a password, try a passphrase. Use letters and characters from a phrase and include special characters, numbers, and upper- and lowercase letters (Mary had a little lamb could become [email protected], for example). Or consider a password manager that generates and remembers random, difficult-to-crack passwords. (Even then, some experts recommend unique passphrases for financial accounts in case the password manager gets hacked.)
3. We sneak while you surf.
A growing number of cyberattacks are arriving via “drive-by download,” says Giovanni Vigna, PhD, a computer science professor at the University of California at Santa Barbara and cofounder of anti-malware provider Lastline Inc. “You visit what looks like a perfectly harmless website,” he says, “but in the background, you are redirected to a series of other sites that send you an attack.” Often even the website’s owner doesn’t know the site has been compromised. Although search engines keep blacklists of known malicious sites, the bad sites are continuously changing.
Outsmart us: Make sure you install all available updates to your browser, or use a browser that automatically updates, like Firefox. Vigna’s research has found that Internet Explorer users are most vulnerable to these attacks.
4. We can infiltrate your baby monitor or smart TV.
Remember, your smart device is essentially a computer—and chances are, it’s not a particularly secure one. Anything in your house that’s connected to the Internet, from your smart fridge to your climate-control system, can be hacked. In several recent incidents, hackers were able to hijack a baby monitor and yell at a baby. Experts have also shown how hackers can turn on a smart TV’s camera and spy on you.
Outsmart us: When setting up smart devices, always change the default password. Most of these devices work from your wireless router, so password protecting your Wi-Fi can also help. Keep up with firmware updates; many devices will inform you when there’s an update available. Otherwise, look for an Update Firmware option in the main menu or settings.
5. We eavesdrop on free public Wi-Fi networks.
Even if you’re connected to a legitimate public network, a “man-in-the-middle” attack can allow hackers to snoop on the session between your computer and the hot spot.
Outsmart us: Avoid public Wi-Fi if possible, especially unsecured networks without passwords, advise security experts at MetLife Defender, a personal data protection program. Instead, set up your smartphone as a secure hot spot or sign up for a VPN (virtual private network) service. If you must use public Wi-Fi, avoid financial transactions and consider using a browser extension like HTTPS Everywhere to encrypt your communications.