2.1 Account Security Questions

The account security question (often referred to by other names) is simply a twostep authentication method and account recovery method, used by most email service providers and other network providers.

Because of this, malicious individuals can use this method to gain access to your account by resetting the password, if they can easily decipher the answer to your security question.

When it comes to actually choosing a question and answer, you have to put some thought into it.

The reality is that any honest answer that you choose, may be posing a security threat to your account.

Whether it’s Facebook, Twitter, Google+, LinkedIn, or another network, or maybe even someone that knows personal information about you in your life (vindictive relationships that end, etc).

All of these factors should ultimately play into the question and answer you choose.

With that said, it really is a lot easier for you to come up with an exclusive and safe account security answer, than it may sound. Most times, you will be forced to choose from a standard set (list) of questions – and most people would then just enter the honest answer.

That’s where the danger exists. The Internet and those with malicious intent, have many ways of digging up information about you.

In other cases, you may be able to choose your question and the answer. This is where you can send any potential “hackers” for a confusing loop. Instead of using a question, use a phrase that reminds you of something else. Then choose the “something else” as the answer.

Obviously, the above is just an example, but it should spark some creative ideas that allow you to really secure your email account from any potential break-in attempts, via guessing the account security question’s answer.

There may also be rare instances, where you can bypass the creation of the security question. Whilst this may seem convenient, it can lead to disaster later on down the road – especially if you end up forgetting your password.

It is strongly advised that you take the extra time to choose a security question and an answer at the creation of your account, so as not to end up forgetting later on in the future.

2.2 Emergency / Recovery / Secondary Accounts…

It doesn’t matter what they’re referred to, they all direct to the same thing – a backup email account.

When registering a new account, whether it is for an email account or a random website, you will often be asked to provide a backup/emergency email account.

This could be used for a number of instances…

• Account/Password Recovery
• Password Reset Process
• Accessing from another location (multi-step authentication)
• Changing important information about your account (password, security question, etc.)

Regardless of the scenario in which you need to use this account, there are a few things you need to keep in mind, when creating or choosing an emergency/backup account.

Firstly, what is the relationship of the secondary account, to your first account? Does it share any of the same credentials, such as password or security question answer? Do they link to each other (for backup accounts – also a terrible idea)?

Ideally, you need this secondary account to remain a complete secret. Don’t use it to sign up for things – and don’t link it to multiple accounts. Above all, don’t use the same credentials for the account. It should have no relation to your main account (the account for which it’s serving as an emergency/backup).

This is an account that you will need to always remember the login details for – and keep heavily safeguarded.

In the event that disaster strikes, you need to be capable of quickly accessing this backup account and/or try to use this account to reset the compromised account details (password, security question, etc.).

By ensuring that these two accounts have no relation, other than one being used as the recovery to the other, you greatly decrease the risk of having your main email account compromised, permanently, as you will be able to reset and gain access to the account, but request reset details to your backup account.

2.3 Adding Your Mobile Number…

If your email provider, or even any website with pertinent information on it, allows you the opportunity to connect your mobile phone number as an extra level of security for your account, it is highly recommended that you take advantage of this option.

Whilst you may be wary about sharing that personal of information with a service provider or website, there is a main reason why you don’t usually have to be. When a company offers this feature, in terms of account security and a layer of protection, they generally have extremely safe methods for storing and protecting your mobile phone number.

Your account should be confirmed and connected to your mobile phone number, after that (general) process.

On top of that, you can often use your mobile number as a means to reset, or gain access to, said (connected) account, in the event that you happen to lose access, your account is stolen or compromised, or you simply forget your password.

Any time you have the opportunity to add or connect a mobile phone to a pertinent account, you should definitely consider doing so.

2.4 Monitoring Your Account(s)…

Aside from regularly logging into your email account and 2-step authentication, there are a couple of other ways to check up on activity (suspicious, or not), within your email account.

To start with, you should, of course, have the mobile notifications enabled for any email account that you use, or even own. You should already have a mobile number attached to your account, for security purposes – as mentioned earlier.

This is just taking it a step further, to let you know any time something may happen on your account. Often, this is located in the settings page of any email service provider that actually supports it.

Another thing to keep in mind… Some email services (and even other websites, like Facebook) allow you to monitor the recent log in activity on your account. This will display the IP address and location of the last few connections/logins to your email account

Lastly, you should always check your “Sent” messages folder, at least once a week. This is to ensure that there are no suspicious messages being sent out, which would insinuate that someone may have access to your account and be using it carefully.

2.5 Recognising Phishing Attempts & Scam Messages…

You’ve probably seen them before.

You’ve received a payment from an ancestor you never knew of and it’s being held in some bank in another country. You just have to click this link, or confirm these details, or send a small payment.

It doesn’t really matter what kind of message you’ve received, or that you’ve heard of, they are all mostly considering phishing – and they are all scams of some sort. Sometimes, they may just be asking you for personal information and, in most cases, most people would immediately close the email, or not even open the email to begin with.

Other times, there may be a link in the body of the email.

This is how hackers use a “backdoor”, to gain entrance to your computer, or accounts.

There are all kinds of ways for scammers to attack your email inbox, whether it’s just a request for personal information, or a “small” fee, or sending you a malicious link. It is important that you learn to avoid all of these scenarios, by keeping an eye out and getting in the habit of recognising spam messages. Whilst you may think that this topic is trivial, because most people should already know this information, you would be flabbergasted at the amount of new email users that ends of falling for these scams and spam.

2.6 How To Vet Both Links And Emails

Ordinarily, when you receive a link, you can hover your cursor over the link and a tooltip will display, with the target URL.

This allows you to be certain that the link you are clicking really is sending you to that location.

When it comes to email, senders are able to embed a link that points to another target URL. They can even use link cloaking/forwarding services, to disguise their link.

Because of this, you don’t always know where you could be sent, when you click on a link. This can potentially be very dangerous.

Fortunately, there is a way to “vet” links that you receive, to determine if they are malicious or legitimate.

It’s not a difficult task to quickly check a link and see if it’s malicious. Firstly, you should already know that hovering over a link will display a tooltip with its true location.

Beyond that, the nature of the email should really tell you a lot about the intent of the link found within the message. If the email seems suspicious, then the link is most likely suspicious as well.

Additionally, you shouldn’t click the link just out of curiosity. Believe it or not, some individuals have done that and it can yield disastrous results. So, don’t take risks!

Often, the email address that sends you a malicious link or message, will have a strange address. They frequently have a strange subject line – and the formatting of the message is suspect as well.

There are a number of free services, which can take it a step further and really scan a URL, to check if it’s safe or not.

• http://scanurl.net/ – This is an excellent and fast resource, to quickly scan links.
• https://safeweb.norton.com/ – Another free link/website scanner – from Norton.
• You don’t really have to use these services, for every single link that you encounter. However, you should save them for times when you are just not sure – perhaps when a friend sends you a link and you believe their account may have been compromised and so on.

None of this is very complicated or difficult and you can easily get in the habit of recognising bad links and messages. Eventually, you won’t even have to open the emails to recognise they are spam, just from the subject line

2.7 Using Avast Free Antivirus To Scan Your Emails

One of the many features offered to all users of the Avast Free Antivirus software is a fully functional email shield.

When enabled, the program will scan all incoming and outgoing messages, for viruses and other types of malware that may be hiding as attachments.

You can both enable and configure this feature at any time, by using tools already available to you in the main Avast Free Antivirus program window. No additional software downloads are required, to get this feature off the ground.

Many individuals have this enabled, to add another additional layer of security to their accounts.

[Tweet “I just completed Module 2 of the Online Security Course”]