We all make silly mistakes sometimes. We answer robocalls (those numbers do look awfully familiar), click links we should have checked first, and open spam emails.
Everyone is vulnerable and can be caught off guard. It’s what we do next that really counts. Do you believe the caller claiming to be an IRS employee, use your credit card on a sketchy site, or download files from a sender you don’t recognize?
If you do, the consequences can be dire. Tap or click for the heartbreaking story of a retired fire chief and Vietnam vet who was conned out of more than $100,000.
That’s why we’ve put together this list of 10 things you should never do online, along with do-it-yourself security tips, as reminders that we have to be vigilant with every click we make.
1. Don’t fall for fake posts
We’ve said this before, but it’s worth repeating: If you get an email solicitation to participate in a survey or for a money-making opportunity you didn’t sign up for, don’t click the links. The same goes for work-from-home gigs that seem just a little too good to be true.
Open a browser window (Chrome, Safari, Firefox or whatever you use) and search for the company name plus the word “scam.” Chances are if it is a scam, someone else has reported it.
If the email comes from what seems to be a real person, do a quick Google search (or use one of these alternatives to Google) for the person’s name plus the company name. If you have a LinkedIn account, go there and search for the person and company, too.
That’s a smart way to, at the very least, confirm the person emailing you works for the company they claim to. Check that the person posts regularly and is connected to others; those are signs the profile is real and not just a front.
DIY advice: Subscribe to Kim’s free fraud and security alert newsletters, which go out as soon as we learn about a hack, scam or security breach. Bookmark the FTC’s Consumer Alert page. It’s updated regularly.
2. Don’t skip 2-factor authentication
Use two-factor authentication any time a website or app offers it. Yes, it involves a couple of extra steps, but the purpose is to protect you if someone tries to access your accounts from a device the website doesn’t recognize.
Anyone who uses Facebook is already familiar with 2FA. If you use a work, public, friend or family’s computer or new device to sign in, Facebook requires you to verify that it’s really you, using 2FA.
This is a no-brainer for any financial account, and we recommend it for your email and any service that has your payment info, too.
3. Don’t reuse passwords or password formulas
You’d never use a password like “123456,” “abcd1234,” or “password,” right? If you don’t use a password manager, how do you remember them all?
You don’t write them down, store them on your computer or reuse them, do you? So, how do you safely store passwords so you don’t have to memorize them?
We don’t recommend you use password formulas that are easy to hack, like “website+birthdate,” as in google1225, adobe1225 or facebook1225. You can see how that’d be easy to crack.
DIY advice: Use a safe and secure password manager. You can also try a free password generator, which gives you crazy, impossible-to-hack-or-memorize passwords like p6Us9temWz#B. Or let your browser do the work for you.
4. Don’t use public Wi-Fi
We know: Saying “Don’t use public Wi-Fi” is like saying, “Don’t go out in public.” It’s impossible. But you really should be careful about what you do on a public network. Save the banking for a trusted network, and be extra careful about the sites you visit and the links you click. Your best bet, though, is to use a VPN.
DIY advice: If you have to use public Wi-Fi, practice safe surfing. A VPN (virtual private network), which creates an encrypted connection through a secure server that allows you to browse the internet. Businesses have been using VPN technology for years, and more private users are adopting them as well. Tap or click for a guide on setting up Kim’s pick, our sponsor ExpressVPN.
Not really sure how VPNs work? No worries. Tap or click for 6 questions about VPNs you’ve been afraid to ask.
5. Don’t fight on social media
Time and time again, research shows social media makes us depressed, angry and isolated. During the pandemic, we believed social media would bring us together, but really, we got sucked into scrolling through endless timelines, comments and arguments. Tap or click for Kim’s advice on how to step away.
Plus, you might lose your car, like this girl almost did when her parents saw her complain about the car they bought for her.
DIY advice: If you can’t break up with Facebook, Twitter, Instagram or whatever channel monopolizes your time and incites the scrapper in you, use common sense. Don’t post anything that you wouldn’t want your grandmother to see or that could come back and haunt you when you look for a job … or that some website would post as an example of what not to do online.
6. Don’t post sensitive photos online
Speaking of not posting anything that could haunt you later, we’re talking about things that may seem innocent, like photos of your kids or grandkids.
There’s a whole conversation on the internet about whether or not parents should post photos of their kids online and share them publicly. In 20 years, will your children thank you for sharing their private lives with the world? One woman even sued her mother (and won) after she refused to take down photos of her grandchild.
Not to mention, child predators set up fake social media profiles and troll pages looking for innocent victims.
DIY advice: Change your privacy settings on Facebook, Twitter and Google so only your closest contacts can see your pictures. If you have kids at home, don’t share full names or specific locations, share only with people you actually know, check with other parents before sharing photos of their kids, and wipe out hidden data from photos.
7. Don’t post vacation photos or updates while you’re gone
Most of us are sticking close to home this summer, but if you do venture out for a road trip or even just a day away, think twice before you post.
It’s so tempting to share in-the-moment updates and pictures while you’re on vacation. Think of these as public announcements that say, “I’m out of town. My house is empty. Go burglarize me.” Wait until you get back home and post your photos after the fact.
DIY advice: If you’ve got a home alarm system from SimpliSafe, you can monitor your property and get alerts when you are away. Thieves are less likely to break into homes that are protected by alarms, cameras and motion sensors. SimpliSafe is easy to install without having to call a professional. Visit simplisafe.com/kim for a great deal that Kim negotiated for you.
8. Never diagnose yourself on WebMD or similar sites
Let’s say you have a persistent cough. When you searched online, you diagnosed yourself with pneumonia, tuberculosis, lung cancer, heart disease, acid reflux and chronic bronchitis. After all, those conditions share similar symptoms. You’re freaked out.
Sites like WebMD, Mayo Clinic and Cleveland Clinic are packed full of good, reliable information, but that doesn’t mean they should replace your doctors.
It’s even more dangerous to use YouTube to look for medical information. Just like how conspiracy theory videos can dominate political searches on YouTube, health misinformation can climb to the top of your recommended videos and searches.
DIY advice: Leave the diagnosing to medical professionals. Use those medical reference sites to learn more about what your doctors tell you, and always consult with your doctor before beginning any medical treatment. Or consider setting up a virtual appointment. Tap or click for our guide to getting started with telemedicine.
9. Don’t drunk shop online
Have you ever fired up your browser after a glass of wine or two? Apparently, drunk shopping is a billion-dollar industry on Amazon. A 2019 survey showed 79% of alcohol consumers have made at least one drunk purchase. Clothing and shoes are the most common drunk purchase.
DIY advice: Set up spending alerts with your bank. Most banks will allow you to set a dollar amount and if you go over that amount, you’ll get a text message or email. That way, when you sober up in a few hours and check your messages, you’ll have time to cancel your orders. As a bonus, if someone gets hold of your credit or bank card and makes purchases, you’ll get alerts if they go over your limit.
10. Don’t take quizzes online (especially on Facebook)
If you are logged into a website and take one of those tempting quizzes like, “Which ‘Friends’ character is your soulmate,” you’re potentially handing over personal information about you. When you take these quizzes, you’re helping websites create profiles about you so they can sell your information and target you with advertisements.
And some quiz sites are downright sketchy. You never know who is watching what you type or what could happen when you hit submit.
DIY advice: Aside from the obvious “don’t take a Facebook quiz,” there are steps you can take to disable third-party app access to your personal information.