by Dave Moore, CISSP, 04/25/2021
Have you ever had to explain to someone why email is the most important Internet account they have? Not banking, not Amazon, not Facebook, but email.
Well, I have, hundreds of times, and when I do, I ask them a question: “When you setup an online banking account, or Amazon, or anything else, what do they want to know from you? Why, they want to know your email address, so if anything goes wrong, or needs fixing, they can send you an email that allows you to fix the situation, whether it’s changing a lost password, or, whatever.
It works like this: you, for whatever reason, forget the password to one of your shopping accounts. After trying every ancient password you’ve ever had, and failing, you finally click the “I forgot my password” button. The account’s password recovery system sends you an email with a link in it; the email instructs you to click the link.
When you do, you are taken to a web page that allows you to set a new password. With your new password, everything is fine and dandy, now.
Or, is it? What if Internet criminals have hacked your email account, and locked you out? It happens every day. With control of your email, they can easily discover other online accounts that you have. What if they, instead of you, start visiting those accounts, and start clicking the “I forgot my password” buttons? Now they, not you, are receiving the password reset emails. Now, the criminals control not only your email, but your other accounts, as well.
That’s why email is the most important online account you have; that’s why it needs a strong password.
When I explain this fundamental truth of the Internet, you know what most folks say to me? “Huh. Wow. I never thought about it, that way. Nobody ever told me that.”
We have a very serious situation here. It’s as if most people driving cars today don’t know the steering wheel is one of the most important parts of the car. The majority of people using the Internet don’t know how to be safe on the Internet. That’s the sad truth of it. They just don’t know what the heck they’re doing out there.
They’re trying to do the best they can, clicking around willy-nilly, trying to figure stuff out, clicking on who the heck knows what they’re clicking on. They don’t really know how any of this works. They don’t know what a browser is, they don’t know what a network is; they sure don’t know what the Internet is. They don’t even really know what happens when you click a mouse.
You know why that is? It’s not because they’re stupid, or they’re too old to “get it,” or anything like that.
I work for a lot of very educated people; Brainiacs, high-end PhD’s, and they’re falling for phishing scams and victimized by identity theft the same as people who barely made it out of high school. It’s because nobody ever taught them how to be safe on the Internet. Nobody.
Internet safety training and education for the general public is virtually non-existent. What should be just another part of general life education, just like how to read, and write, simply isn’t there. My mission is to change that. Stay tuned to future columns, and learn how you, too, can be safe on the Internet.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or internetsafetygroup.org