Beware the Surprise Login

You’re searching the web or reading an email, as usual, when a little window pops open asking you to confirm your login to some service or other. You weren’t expecting this, but the service is one that you use, so you dutifully check your username and fill in your password. And just like that, your account information has been stolen.

It turns out that the little window wasn’t really from the service that it named, but was actually a “social engineering” trap. One way, among many that bad guys use to trick you out of your login credentials.

Social engineering, in the computer security sense, refers to the manipulation of people to trick them into breaking security habits and into divulging private information – like login identities and passwords.

Some are as simple as the little pop-up window on your computer, tablet, or even your phone. Some are more elaborate ruses, like false error messages, or fake emails that appear to be from friends or relatives.

To be safe from these things you need to be constantly on the defensive. Suspect it is a bad guy first, then figure out if it isn’t. 

For example; say you receive a message – a pop-up window, or an email – that tells you to log in to an account immediately.

First decide if you think it’s important. If you’re sure that it isn’t, then close the window and ignore it. Just move along and forget it. Protection done!

But if you’re not sure – maybe it is important, or you’re just not sure – then Do Not Login with any link in the message.  

Instead, open your web browser to a new window and manually type in the address of the website or service that is asking for the login. (Or manually open the program on your computer, if that’s what seems to be asking.)  Then manually enter the login information yourself, and see if there is actually a message for you or an action that you need to take.

By doing it this way you have effectively gone around any would-be bad guys trying to socially engineer you!

Be suspicious of surprise login requests!

Even those for sites or services that you don’t consider to be important. If the bad guys get into those, then it moves them a big step closer to getting into sites and services that are important to you.

Finding your private information for one website can provide useful information for getting into other sites too.

Hoping, as always, that this is all quite clear and useful; nevertheless if I can fill in some details or help with anything on your computers, please don’t hesitate to call: Mike Pepper ~ Computer Guy. 845-855-5824