During an editorial meeting recently, I shared a story about an embarrassing time not too long ago that I fell for a secret shoppers scam. Kim laughed and said: "But you're smart. How could you do something so dumb?" Good question. What seems like an obvious never-do-this-online moment, I was duped, and fortunately I didn't lose any money.
It didn't take long to realize that the shopping scam was fake. But I did get caught up in an insane week of fake checks, threatening text messages, and bizarre emails that ended with me forwarding everything to the state attorney general and blocking the scammers on my phone.
The point is: We're all vulnerable and can be caught off guard and make silly mistakes online.
That's why we've put together this list of 10 things you should never do online, along with do-it-yourself security tips, as reminders that we have to be vigilant with every click we make.
1. Don't fall for fake posts
We've said this before, but it's worth repeating: If you get an email solicitation to participate in a survey or for a money-making opportunity that you didn't sign up for, don't click the links.
Open a browser window (Chrome, Internet Explorer or whatever you use) and search for the company name plus the word "scam." Chances are, if it is a scam, someone else has reported it.
If the email comes from what seems to be a real person, do a quick Google (or alternatives to Google search) for the person's name plus the company name. If you have a LinkedIn account, go there and search for the person and company.
This was how I fact-checked and learned that a Google focus group invitation was legit; the person who reached out to me had a real LinkedIn profile, posted regularly, and was on the company page.
DIY advice: Subscribe to Kim's free fraud and security alert newsletters, which go out as soon as we learn about a hack, scam or security breach. Bookmark the FTC's Consumer Alert page. It's updated regularly.
2. Don't skip 2-factor authentication
Use two-factor authentication any time a website or app offers it. Yes, it involves a couple extra steps, but the purpose is to protect you if someone tries to access your accounts from a device the website doesn't recognize.
Anyone who uses Facebook is already familiar with 2FA. If you use a work, public, friend or family's computer or new device to sign in, Facebook requires you to verify that it's really you, using 2FA.
3. Don't reuse passwords or password formulas
You'd never use a password like "123456," "abcd1234," or "password," right? If you don't use a password manager, how do you remember them all?
You don't write them down, store them on your computer, or reuse them, right? So, how do you safely store passwords so you don't have to memorize them?
We don't recommend that you use password formulas that are easy to hack, like "website+birthdate," as in google1225, adobe1225 or facebook1225. You can see how that'd be easy to crack.
DIY advice: Use a safe and secure password manager like this password manager from our long-time sponsor F-Secure. You might want to try a free password generator, which gives you crazy, impossible-to-hack-or-memorize passwords like p6Us9temWz#B.
4. Don't use public WiFi
We know: Saying "Don't use public WiFi" is like saying, "Don't go out in public." It's impossible.
DIY advice: If you have to use public WiFi, practice safe surfing. Use a VPN, which creates an encrypted connection through a secure server that allows you to browse the internet. Businesses have been using VPN (virtual private network) technology for years, and more private users are adopting them as well.
5. Don't fight on social media
Earlier this year, we reported about researchers who found that people who took breaks from Facebook experienced more happiness. They reported that instead of relying on social media to connect with friends and family, they spent more time meeting in person. Facebook and other social media platforms can bring out the worst in us.
Plus, you might lose your car, like this girl almost did when her parents saw her complain about the car they bought for her.
DIY advice: If you can't break up with Facebook, Twitter, Instagram or whatever channel monopolizes your time and incites the scrapper in you, use common sense. Don't post anything that you wouldn't want your grandmother to see, or that could come back and haunt you when you look for a job ... or that some website would post as an example of what not to do online.
6. Don't post sensitive photos online
Speaking of not posting anything that could haunt you later, we're talking about things that may seem innocent, like pictures of your kids. There's a whole conversation on the internet about whether or not parents should post photos of their kids online and share them publicly.
In 20 years, will your children thank you for sharing their private lives with the world? One teen sued her parents for embarrassing Facebook photos.
Not to mention, child predators set up fake social media profiles and troll pages looking for innocent victims.
DIY advice: Change your privacy settings on Facebook, Twitter and Google so only your closest contacts can see your pictures. Follow ABC Life's advice for being a good "sharent": Don't share full names, don't share specific locations, share only with people you actually know, check with other parents before sharing photos of their kids, and wipe out hidden data from photos.
7. Don't post vacation photos or updates while you're on vacation
It's so tempting to share in-the-moment updates and pictures while you're on vacation. Think of these as public announcements that say, "I'm out of town. My house is empty. Go burglarize me." Wait until you get back home and post your photos after the fact.
DIY advice: If you've got a home alarm system from SimpliSafe, you can monitor your property and get alerts when you are away. Thieves are less likely to break into homes that are protected by alarms, cameras and motion sensors. SimpliSafe is easy to install without having to call a professional. Visit simplisafe.com/kim for a great deal that Kim negotiated for you.
8. Never diagnose yourself on WebMD or similar sites
Let's say you have a persistent cough that has lasted a good 8 weeks. When you searched online, you diagnosed yourself with pneumonia, tuberculosis, lung cancer, heart disease, acid reflux and chronic bronchitis. After all, those conditions share similar symptoms. You're freaked out.
Sites like WebMD, Mayo Clinic and Cleveland Clinic are packed full of good, reliable information, but that doesn't mean they should replace your doctors.
DIY advice: Leave the diagnosing to medical professionals. Use those medical reference sites to learn more about what your doctors tell you, and always consult with your doctor before beginning any medical treatment.
9. Don't drunk shop online
A survey earlier this year suggested that 80% of women shoppers admitted to making purchases online while under the influence. Apparently, drunk shopping is a billion dollar industry on Amazon. What do they buy? No surprise: 66% said they buy clothing.
DIY advice: Set up spending alerts with your bank. Most banks will allow you to set a dollar amount and if you go over that amount, you'll get a text message or email. That way, when you sober up in a few hours and check your messages, you'll have time to cancel your orders. As a bonus, if someone gets hold of your credit or bank card and makes purchases, you'll get alerts if they go over your limit.
10. Don't take quizzes online (especially on Facebook)
If you are logged into a website and take one of those tempting quizzes like, "Find out which Harry Potter house your dog belongs in," you're potentially handing over personal information about you. Most notorious infractions to date of this data mining happened in 2018 with the Cambridge Analytica Facebook breach.
When you take these quizzes, you're helping websites create profiles about you so they can sell your information and target you with advertisements.
DIY advice: Aside from the obvious "don't take a Facebook quiz," there are steps you can take to disable third-party app access to your personal information.
Going on vacation? Do this to scan for hidden cameras in your rental
In our previous DIY Security post, we talked about the hidden cameras in vacation rentals. You know ... those stories that make your skin crawl. Hidden cameras in hotels, Airbnb and VRBO properties are rare, but they're popping up enough to cause concern. Tap or click for a do-it-yourself software solution that helps you detect hidden cameras.