younger man with older man and laptop
milan2099/Getty Images
It's a jungle out there. And by "out there," I mean in the online world, where scams, data breaches, and outright thievery are a depressing fact of life.
For those of us who have a reasonable technical background, it's usually easy to spot the markers of an online attack. But if you're like me, you probably have a thriving network of friends and family members who have never developed those skills and are about one click away from getting fleeced by some bad actor in East Scamistan.
You can help them get smarter and less likely to be fleeced by one of these scam artists. All it takes is a few heart-to-heart conversations. You can get the job done anytime -- in a family Zoom call, at a picnic, or even over the holidays. All it takes is a few minutes of real talk.
If you find yourself in one of those situations, here are eight phrases to help you get the conversation started and keep it going.
'It's OK to be suspicious.'
I always start with this one because it's at the core of our social experience.
Unless you were raised by wolves, you probably learned at an early age to be polite and cooperative with other people, especially authority figures. The most common forms of online mischief take advantage of this fact, using social engineering to dupe trustworthy souls into giving up information they really shouldn't.
Also:What is vishing? Voice phishing is surging - expert tips on how to spot it
As it turns out, the internet is absolutely filled with grifters, thieves, and ne'er-do-wells who don't deserve your trust. Encouraging a bit of healthy suspicion is a great way to get the conversation started, and the best way to do that is with a few examples of fraudulent emails and text messages that you've received.
I keep a folder filled with examples of phishing emails, fake invoices, and other scams I've received. It's helpful to walk through some of those examples to show what the scamsters were trying to accomplish.
'What's the worst that can happen?'
I love to ask this question because it helps emphasize how much we all have to lose if someone successfully takes over an important account.
Scenarios help here. What if someone could sign in to your online banking account and start transferring money around? What if someone broke into your Google Drive account and deleted all your photos? What if someone got hold of your credit card information and started making a bunch of fraudulent charges?
In some cases, those losses would be irreversible. In others, reversing the charges and undoing the damage might take days or weeks.
Telling those stories helps emphasize that this isn't something to take lightly.
'Here's your new password manager.'
Set up an account using whatever password manager you think they're best equipped to use. Are they all-in on the Apple ecosystem? Fine, use Apple's iCloud password manager.
Also:The best password managers
Can you add them to the family account for your password manager, like 1Password or Dashlane? That might save them a few bucks and also help you train them in how the apps work on each platform.
The point is to convince them to stop typing passwords and start using a modern tool that can keep them more secure.
'Please stop using that password.'
This conversation can get pretty awkward, but it's absolutely crucial. Most people have a favorite word, phrase, name, or date that they think of as "my password." When they're asked to create a new account, they type Rover1473, because that was the name of their beloved first dog and the number of their childhood home.
This is the point where you have to talk about two things: 1) the danger of reusing passwords, and 2) the importance of creating unique, random passwords that are impossible to guess.
Also:The best password generator
You probably can't convince them to change every password at that point, so let's do the next best thing. Use that brand-new password manager to find one of those weak, reused passwords and show them how to change it into a good, strong alternative.
'What are the 10 most important websites you use?'
This can be an enlightening conversation. You want to make sure they understand that some sites and services are dramatically more important than others. Their primary email account, their online bank account, credentials for the IRS and Social Security, and even their social media accounts -- those are all services that can open the door to catastrophic damage if they're compromised.
So, just to get started, change the passwords for all 10 of those accounts, save them in the new password manager, and walk them through the process of signing in on their favorite platforms -- PC, Mac, smartphone.
And make sure they understand what a huge step they just took.
'Things change...'
Some people who are technically challenged need a Post-It note they can stick to their monitor, one that walks them through each step of a common activity.
The problem with that approach is that security providers and website managers are constantly tweaking their user experience, and that can make a hash of step-by-step instructions if a new step appears or the wording changes.
Also:How to use public Wi-Fi safely: 5 things to know before you connect
Make sure your audience understands the why, not just the how. Little things can change, but if they know what the goal is, they can adapt.
'This is a judgment-free zone.'
Look, even the smartest, most technically sophisticated people can get fooled by a skilled attacker. There are countless examples of engineers, executives, and other experts who were tired, distracted, or just flat-out fooled by a skilled attacker.
If that happens, the goal is to repair the damage as quickly as possible. Don't roll your eyes, don't shake your head, don't tsk-tsk. It can happen to anyone, and you can bet that whoever got bit by this rattlesnake won't do that again.
Also:The best antivirus software
There are, of course, people who just can't learn from their mistakes. But yelling at them isn't going to prevent the next mistake. When that happens, the solution is to lock down accounts and remove privileges. But most people don't need that level of hand-holding after learning a painful lesson.
A little kindness goes a long way.
'I'm here for you.'
Security is a process. Be prepared to answer more questions, and don't be afraid to schedule a refresher course every year.