So I have a very well educated but not computer savvy mother who has two good qualities for me to test my security advice on:
- She's a good listener.
- She will actually follow advice
If your target audience does neither then they're going to need more help than computer literacy can offer. Given that my mother in her late 80's I tend to focus my security advice more on the social engineering / phishing aspect of computer security. What's good about giving advice in these areas is that the technique used in these schemes transcends the computer age and both are really founded in more traditional fraud or confidence scams. The advice I give her centers around the following themes and applies to all forms of communication that people typically use. It is:
- Never believe anyone is who they say they are unless they are known to you personally and you can speak with them.a. Email can be spoofed, websites can be spoofed, just because someone calls you from your “bank” and knows a little bit of information about you doesn't mean they are from your bankb. Never give your any personal information to someone who calls or emails you. If it's really your bank you can look up their phone number which is printed on your bank statement and call them. If it's a charity you can go to their website and donate online. If it's someone at your door they can give you information but why would you give them your credit card or money. If it's someone at your door trying to sell you a magazine subscription of any kind they you should read this about magazine crews.
- Caller ID can be spoofeda. Caller ID is trivial to spoof, don't think it means anything. If the person on the phone points out to look at the caller ID then you know they are lying as no one would ever do that.
- If your checking account or credit card is ever used for fraud make sure you change your credit card number or bank account numbera. While your bank or credit card company will almost always offer to reverse a charge, many times they however won't suggest for you to change your account number in event of a single case of fraud. In the event of a single case of fraud you MUST change your account number. Fraudsters get your information from shared databases of accounts if one fraudster has it then you can be guaranteed that multiple fraudsters have it.
- Add your phone numbers to the national do not call registry: https://www.donotcall.gov/
- If someone calls you that you do not know immediately ask them to add you to their “do not call list”a. If you still get calls then ask the caller to add you to the do not call list. They are required by law to comply with your request.b. Just to note telephone surveys are not covered by the do not call list. Still why would you ever answer a survey on the phone and give out a bunch of personal information to someone you don't know?
- Never click a link to go to a website. Always type it into your browser yourself.a. Really this only applies to sites you're going to do commerce on or transact business with but if you get an email indicating that it's from anyone you do business with don't click a link in it. Just type the address yourself in your browser.
- Never, never, never, ever open an attachment to an email unless it's from someone you know and you're expecting it.a. Even in this case make sure you run some AV software on your desk top (Microsoft Security Essentials is a good one and is free) and that you're set up to get daily virus updates. This won't protect you 100% by any means but it's better than nothing.
- Never, never, never, ever, ever open an executable attachment to an email (if you know what this is)
- Never, never, never, ever, ever, ever install software unless it comes from what you're sure of is a reputable producer or source.
So I think 1-6 is pretty good advice 7,8 and 9 are ones where at my mom would never do anyways as I know she doesn't know how to install a piece of software and she never reads email so I'm safe from threats there.Yes, this list is pretty draconian but yes you should follow this advice. There are tons of scammers out there and they love to go after older people. If you ever run into a situation where someone is aggressive toward you in any manner about doing something hang up or walk away. There's never a valid reason to treat another person that way.