H6. Think twice before trusting

Description: Many attacks such as phishing only work because user trust sources they should not, such a emails pretending to be from friends, online retailers, banks or others. Just as you wouldn’t trust just anybody or anything in the real world, take the same care online.

Threats: Trusting untrusted sources can help attackers install malware on your devices or steal personal data.

Impact: Data loss, reputation loss, financial loss, data breach, credentials stolen, bank accounts lost, loss of domains or social media accounts, installation of unwanted software, malware, viruses, or other exploit kits and banning from the Internet if your IP becomes associated with illegal activities.

Recommendations:

Consumers should focus on:

1. Password protect your systems, devices, accounts, etc.
2. Question emails, even from friends and family and do not click on links from unknown users
3. If something doesn’t seem right, ask the source directly or do some research (via Google or some other means) before taking any action

Tech-savvy users should also:

1. Don’t leave your systems unattended, use lockout screens
2. Use software from official websites and app stores, do not give applications excessive permissions
3. Verify downloads against checksums

Example: We all get emails with links from people we know with broken English and a context that doesn’t make sense. Or links to “Win a free iPad” or “Get your free $50 Amazon gift card.” Don’t click on them.