How to safeguard your personal data
One click on a "phising" email link is all it takes to get "pwned" (owned by hackers). Many websites have been setup by malicious people to steal your identity, money, and secrets.
Here's how to protect yourself:
1. See if your email address appears on the "dark web" selling data extracted from a website you gave your email to.
Hackers use leaked emails to send you annoying and phishing emails that attempt to infect your computer to extract secrets you use to access your bank account and sites that have your credit card, points, etc.
With so many breaches, it's inevitable that your email address will also eventually appear on the dark web. So do what's on this page to protect yourself.
2. See if your (and your family members') age, address, and other personal information appear on a data broker website:
Don't give them your email and credit card number. Data Brokers make money by luring visitors into signing up for on-going subscriptions that are difficult to remove.
There are dozens of "data brokers" offering information for sale: spokeo, beenverified, ancestry, etc. Some will remove your information if you ask. However, new brokers crop up frequently.
3. Get a subscription for a service to continually identify and request removals for you, automatically. I have not evaluated them, but here are some:
4. Protect your search history. Google and other search sites sell to others the search terms you type in. Instead of using Google.com directly, get search results from Google by searching at
You don't have to do what they ask
5. Resist giving out your phone number. That's the number you use to reset your passwords. When required on a web form, give them a variation of Jenny's "867-5309". This passive-aggressive approach tells the requester that you consider being disturbed with spam calls and texts from that requestor to be a nuisance.
6. Install a call blocker app on your phone to block calls from numbers you don't know.
7. Get a VOIP (Voice Over Internet Protocol) phone number to give out to people. Such services enable you to automatically transfer calls to ring one or more on actual phone numbers (from a mobile carrier) of your choice.
8. To follow-up with people you meet, lookup the other person's LinkedIn.com profile and connect with them for messaging on LinkedIn. That way, you can block them later if needed. More importantly, LinkedIn has a way to prove that they are who they say they are, through their verification of work email addresses and government IDs, such as on my profile:
Before connecting on LinkedIn, click on "More", then "About this profile" to see how long ago that person joined LinkedIn. My example:
Connection requests can come from recently-created fake profiles from people who just want to sell you something.
9. Do not post your email address and zip code on profiles on LinkedIn, GitHub, etc. to be "harvested" by hackers.
I heard that almost anyone in the US can be uniquely identified with just an age and zip code.
10. Don't trust reviews on the company's own website. Research companies on known-good websites:
11. Stranger Danger: Be wary of communications with people you don't know, especially if it's coming from a public email such as gmail.com, outlook.com, etc.
Be wary of prize offers. Be especially weary if urgency is expressed, meant to make you not take the time to verify their identity.
Gmail now does not put an entry on your calendar unless it's from an email address saved among your Google Contacts.
Setup accounts safely
12. Set your email to not display images unless you click. Spammers use image URLs to tell whether an email address is valid. If you click on an image or link, they know it's valid. Malware can be installed when you click on a link or an image.
13. Setup a different email only for banking, insurance, credit cards, and other financial transactions. That way, if your regular email is compromised, hackers won't be able to reset your bank account password.
14. Apply for credit cards and phone plans using a different zip code than your home address because your zip code is an item of verification, such as when you use your credit card at gas stations.
BONUS TIP: Apply for a credit card (with a low limit such as $1,500) that you use in case your wallet is lost or stolen. That way, you won't have to wait for a replacement card to arrive in the mail. So keep that card in your suitcase zipper within an RFID-safe sleeve.
BONUS TIP: Charge something on that card occasionally so you don't get canceled.
BONUS TIP: In your suitcase and in your backpack, keep a list of phone numbers and companies to call when you lose your wallet. Don't put expiration dates on that card.
15. Gmail has a feature to add a "+" and a word to your email address. For example, if your email address is "[email protected]", you can provide "[email protected]" to a website. That way, you can tell if they sold your email address to spammers. Keep track of your aliases in your password manager.
Gmail also has strong spam filtering. But Gmail does sell your email address and contents to advertisers. So use a different email address for websites that you don't trust.
16. Provide fake answers used as secrets to reset your password. Generate a different answer for each website and save it on your password vault. Scammers have been known to use pet's name, where you were married, etc. to scam your friends and relatives.
17. Install a password manager app to store your passwords and other secrets in an encrypted vault. That way, it can tell you which password was used more than once. That way, if one of your passwords is compromised, hackers won't be able to use it to log into your other accounts.
领英推荐
It also generates new unique ("strong") passwords for each website. That way, you won't be tempted to use the same password for multiple websites, which is one of the most common ways people get hacked.
18. Use your password manager to generate strong passwords for you. That way, you don't have to remember them. And you won't be tempted to use the same password for multiple websites, which is one of the most common ways people get hacked.
PROTIP: 1Password 7 can store secrets locally. The "1" in "1Password" is because you only need to remember one password to unlock it. It's available for Mac, Windows, iOS, and Android. Note that 1Password also assigns another code used to recover your vault if you forget your password.
19. Provide 1Password credentials to your "digital executor" -- someone you trust (such as a lawyer) to take care of your digital assets when you die or are incapacitated. That way, your family won't have to deal with the hassle of figuring out how to get access to your accounts when needed.
20. Install the Authy app (from Twillio) on your mobile phone to generate one-time codes for MFA (Multi-Factor Authentication). It's also available as a Chrome extension. It works like Google Authenticator. One unique feature is its data can be backed up so you can use it on multiple devices.
21. Enable MFA on all your important accounts, such as email, banking, insurance, credit cards, etc. It does take an extra bit of time, like opening doors for people who visit instead of leaving doors open for anyone to walk in.
MFA is important because when your password is compromised, MFA blocks hackers from logging into your account.
PROTIP: When creating a new password with 2FA/MFA, copy the back-up passwords to your clipboard and save it in your password vault so that your credentials can be recovered if your phone is lost or stolen.
Such storage would also enable your "digital executor" to recover your accounts without your biometrics used by "passwordless" Passkeys with Google/Chrome, Apple/Safari, Microsoft/Edge, etc. See:
Regular Habits for security
22. In public (in bars, etc.), beware of people and cameras watching from behind you when you type in your password or PIN. Once a criminal knows your PIN, they can grab or steal your phone and obtain your banking info for making withdrawls before you have time to change your password on a friend's phone.
23. Along with something you do every day, such as taking medicines, making coffee, brushing your teeth, etc. add safety activities:
24. Make changing passwords on important websites part of your monthly routine. That way, if your password is compromised, hackers won't be able to use it for long.
25. To make it easier to get everything back when you lose your laptop, buy an external USB hard drive to backup a full copy of your laptop and phone. Frequent backups allow you to "Time Travel" to any time in the past (perhaps before particular files were "corrupted").
If you're using a Mac, use Apple's Time Machine app to backup your computer to an external hard drive.
If you're using Windows, use "File History" to backup.
PROTIP: Write down each step to recreate your phone and laptop. Such a document (what security pros call a "Playbook") can be the basis for automation.
26. While scheduling appointments when you'll be leaving your house, also schedule time before you leave to take a backup. That way, if your computer is stolen, you won't miss any gaps in changes made.
27. Setup your computer to ALSO backup automatically to the cloud. That way, if your computer and external hard drive are stolen, you'll still have a backup.
28. Resist clicking links, buttons, and images in emails and SMS texts. They may take you to a fake website. Even if it's a business you know, instead of action on the email or text, go to the website directly, using the web address you know is correct because you saved a bookmark to each website you frequent.
Browser extensions for security
29. Instead of clicking on links in emails, right-click to copy the URL (web address) to see what various investigators say about it on Google's website stored among your browser bookmarks:
The free service (from Google) aggregates various reports of viruses, worms, trojans, etc. found in websites and files. It also scans files.
30. To have URLs checked automatically when you click, install
It warns you if a website you're trying to visit is suspected of phishing or malware.
31. Install a VPN (Virtual Private Network) app to encrypt your internet traffic. That way, when you're using a public WiFi network (such as at Starbucks, airports, etc.), hackers can't intercept your traffic and steal your secrets.
Popular VPN services available for Mac, Windows, iOS, and Android include NordVPN, ExpressVPN, etc. Beware that some VPN services are scams that capture everything you type and do, so research before choosing one.
32. Install a browser extension that blocks ads and trackers. That way, you won't be tracked by advertisers, and you won't be exposed to malicious ads.
CAUTION: Browser extensions have been known to become malicious.
The above are just some of the tactics.
If you think of more, please let me know so I can add it here.
// Wilson