The internet is not a place apart from our reality, it’s part of it. Just one facet of the way we learn of things, and how people know us. I’ve said in other places, that the reason we’re still susceptible to so many dangers is because it’s still fairly new and no one ever “taught us” what is safe and what isn’t.

This list I am putting together isn’t just for newbs or vets, it’s for everyone, including your children. It’ll hopefully help protect you and those you know by keeping them safe in the internet out at home.

E-Mail Security

It is not wise to use your name in your personal e-mail address. It is also not wise to use your “real name” for your e-mail “name.” For example, if my real name was Dimebag Darrell, and my e-mail address was dimebag.darrell@ghettobsd.com, I would get spam that looks like “Hi Dimebag, remember me?” Or “Congratulations Mr. Darrell, you won…” Now for unsuspecting people, they might actually think the e-mail is from a person they know or that they’ve actually won something.

But what if you give your e-mail to only your friends and family? They’re the ones likely to get you spammed in the first place! Don’t you love getting those e-mails that tell some random story? Have you ever seen how many peoples e-mail addresses are also sent when they’ve been forwarded so many times? Now complete strangers to you will also get your information once your e-mail has been forwarded once or twice more.

There is also another way “people” get your e-mail address, by ‘bots’ that ‘harvest’ e-mails. Are you signed up anywhere using your e-mail address? FaceBook? MySpace? Twitter? People write programs that go to those and MANY more sites (anything that has a forum or blog for example) just to look for e-mails to add to their list.

So if instead, for my name I put in Ghetto Bsd, and made my e-mail address ghetto@ghettobsd.com, the spammers will still some how get my address, but this time they’ll send out e-mails looking like this: “Hi Ghetto, remember me from school?” “Dear Mr. Bsd, update your bank information.” So right off the bat I KNOW they are fake. This is only one way of protecting yourself.

Online Account Security

If you are active on the net, you’re going to have at least a few different logins & password(s) for the sites you regularly visit. They can be someone’s blog, a banking website, facebook/myspace or a forum that you post on. In the past, it would be normal to have one username and password for all your sites – this made it easy for you to login across many disconnected web sites. But as time has gone on and web site security has not been perfect, I would advise against having only one user name & password combination.

On almost all web sites you’ll ever sign up for, you’ll be asked for some basic information besides your email address. Things like your name, age and address are the most common. But with this information, I advise against using your ‘real name, age and address.’ When websites are broken into (specifically their data bases) all of that information is stolen, potentially opening an avenue of attack against you. Using false information can help prevent you from being scammed in some way. The only time you should use your real information are on sites such as your banks, credit cards and if necessary, social networking sites.

For sites you rarely visit or probably won’t visit again, it would be ok to have a weak password. This would be your ‘throw away’ password. These are the types of sites that you wouldn’t care if someone broke into their system and stole your information because no real information but an email address was provided.

For sites you frequent, a more difficult password should be used. This should be something that’s easy enough for you to remember, but something that others can’t guess. It shouldn’t be a name, date, possession or favorite anything. It should be a combination of letters/words/numbers. For example, if I drive a Ford vehicle, my password shouldn’t be mustang. But something else you could use is unicorns288212. Who would guess that? Also avoid using your employee ID and SSN as passwords, these are some of the most common passwords and are easily obtainable.

For sites that have all of your real information, such as banks, department stores and credit cards, you want to use a password that might not be the easiest for you, but would be difficult for someone else to guess. Maybe you could use something like uni4corns1. The types of sites this sort of password should be used for includes but isn’t limited to your phone and mobile phone accounts, internet, payroll, work related and many more sites – all that have your real information.

For those of you who would like to be even a little bit safer, you should have at least two email addresses, one to handle all of the accounts that don’t have your real information, and another to handle all of your official business. You can go even further and have different email accounts for different things such as 1) forums/web sites, 2) social networking sites, 3) bank accounts\on-line transactions, 4) employment related, 5) mailing list.

That way whatever shows up to your 3) bank account\on-line transactions email, you can be somewhat confident that the sender really is sending you legitimate email. But if someone emails you to 1) forum/website account and says something like “hey remember me? We went to school together…” then you can be sure that it’s probably a scam email and you don’t have to open it.

Finally, you should be aware of the consequences of both yours and others actions. When you blindly open all emails without even seeing who it’s from, you’re exposing yourself to a possible attack including immediate infection of your computer. There are several ways you can be hurt 1) your computer is used as a ‘bot’ to perform things for other people, 2) your computer can observe you for specific activity (such as logging into banking websites), 3) the infection might try to cause harm to your files, software or hardware causing you to lose functionality of your computer. These aren’t the only things that can happen to you though. One type of infection is a scam that says you’re infected, but if you buy a program, download it and run it it’ll fix your computer right up!

The problem is that there is no 100% safe way to open an email. You can get infected through the free services provided by Hotmail, yahoo mail and gmail – though they all have worked very hard to try and stop it. You can get infected by opening email through Outlook (probably the most attacked type of email client). Those are by no means all of the email providers and clients available; there are a lot of them around. And over time, their vulnerabilities will be found – hopefully by their programmers first.

So what is the best way to protect yourself online?

1)      Protect your identify.

Don’t be so fast to give out all of your real information to just any site. Make sure the site you’re giving your info to really needs to have it. Understand that if that site has its information stolen, what the consequences could be for you.

2)      Have some sort of security scheme.

If you have a lot of accounts with a lot of information, login at your convenience and start making changes. For new accounts you create, have your email addresses, user names and passwords ready to go to avoid confusion. For existing accounts make changes to fit your security needs.

3)      Understand that information you give to websites could hurt you.

All of the information you give to myspace/facebook and other sites can be “mined” or collected for data. People can find out a lot about who you are and possibly use that against you when looking for employment, or to specifically target you for a scam.

4)      Don’t be surprised when a website you’re signed up at has been cracked and their information stolen.

Over the past year alone we’ve had major websites have their entire user community’s information stolen and subsequently, everyone had to change all of their other accounts that shared the same email address and passwords. So be prepared to change any/all accounts that share the same username/email/password  as the website that was attacked.

5)      Don’t think that it will never happen to you.