Online security: What you should avoid at all costs in 2018

The turn of the year is just around the corner and with it the time for good resolutions. Most people think about exercising more, eating healthier, or spending more time with their families - but who thinks about their online security? That's a mistake, because there are a few things users should definitely do without in 2018 if they and their mobile devices want to get through the next year well! The European security manufacturer ESET has compiled the three most important things you should do without for a safe new year.

1. (Re)use weak passwords

Do passwords like "password", "secret", "FIFA18" or "lassmichrein" sound familiar? Then you're not alone. "Far too many attacks are only successful because users use passwords that are too easy. Criminals now use fully automated tools that try out simple words or test different variants through so-called dictionary attacks," says Thomas Uhlemann, Security Specialist at ESET (see image).

If you also use the same password on different websites, you make it especially easy for cybercriminals - no matter how easy or difficult it is. "Unfortunately, it happens again and again that Internet providers are hacked and users' login data is stolen in the process," says Uhlemann. So anyone who wants to do more for their own online security in the new year should take these two tips to heart:

• Instead of words and abbreviations, use easy-to-remember but more complex phrases, such as "Here at Facebook, I like to log in!" - including upper and lower case letters as well as all spaces and punctuation marks. This makes it easier to remember the passwords and makes attackers' work more difficult.
• Additional protection is provided by the so-called 2-factor login, as offered by Facebook, Twitter or Amazon. In addition to the user name and password, a one-time code is required that is generated via SMS or app, for example. This makes the theft of login data useless for attackers.

2. outdated systems and programs are threats to online security

The longer a computer, smartphone or tablet is in use, the higher the chance that all kinds of programs are on the device, some of which have not been used for years. On the one hand, this can slow down the system, and on the other hand, every piece of software also offers a target for cybercriminals. - especially when forgotten tools and programs are no longer kept up to date with software updates. This means that known security gaps are no longer closed. This also applies to outdated operating systems like Windows XP or Vista. Microsoft recently discontinued support for both operating systems with program and security updates. "Take the time to check your devices for old software that you rarely or never use and consider disconnecting - i.e. uninstallation - has come," advises security expert Uhlemann.

3. do not call back unknown numbers

So-called "ping calls" are on everyone's lips right now. Here, criminals let the phone ring once and hope that the unsuspecting subscriber will call back out of curiosity. "The calling numbers are deceptively similar to those from Germany, for example. So in the heat of the missed call, you don't think anything of it at first. - but these callbacks are immensely expensive," warns Thomas Uhlemann. Anyone who does not know the number of a missed caller should stay on the safe side and check the number on the Internet beforehand and, if in doubt, not call back. If it's important, the caller will try again. But even beyond ping calls, you can get caught in the net of online criminals. "Another scam used by cyber gangsters are fake survey calls that ask targeted questions that with 'Yes' and 'Gladlye' - so clearly agreeing - answered and are also aimed at confirming or stating one's own name," explains the ESET expert. "Subsequently, those called receive expensive cell phone contracts or have made other purchases over the phone by having their answers edited into a sales pitch in a completely different context."

The expert tip: "If you are called and accept the call, start with a 'Hello' - usually you will be asked 'Is this Mr./Mrs. XY'. Do not answer here, but ask what it is about. In this short time and based on the answers, you can quickly find out the nature of the call. If it's a survey or an offer to optimize your cell phone rate, you'd better end the call with a 'No, goodbye!' Avoid 'Thank you' as in 'No, thank you,' as that can already be cleverly tailored accordingly."

More tips for more online security can be found on the German ESET blog WeLiveSecurity