Beware the Surprise Login

Bad guys are trying to trick you into giving away your login usernames and passwords. And once they have those, they can get other information stored with those online accounts.

One way this happens is when you’re searching the web or reading an email as usual when suddenly a little window pops open asking you to “confirm your login” to a service. You weren’t expecting this, but the named service is one that you use, so you dutifully check your username and fill in your password. And just like that, your account information has been stolen.

It turns out that the little window wasn’t really from the service that it named, but was, in fact, a “social engineering” trap. This is one type of ploy, among many, that bad guys use to trick you out of your login credentials. Social engineering, in the computer security sense, refers to tricking folks to manipulate them into breaking security habits and divulging private information – like login identities and passwords.

Some tricks are as simple as the little pop-up window on your computer, tablet, or even your phone. Some are more elaborate ruses, like false error messages, or fake emails that appear to be from friends or relatives. To be safe from these things you need to be constantly on the defensive. Suspect it is a bad guy first, then figure out if it isn’t. For example, perhaps you receive a message – a pop-up window, or an email – that tells you to log in to an account immediately.

First, decide if you think it’s important. If you’re sure that it isn’t significant, then ignore the message and close the window. Just move along and forget it. Protection done! But if you’re not sure if it is important, then Do Not Login with any link in the message. Instead, open your web browser to a new window and then manually type in the address of the website or service that is asking for the login. (Or manually open the program on your computer, if that’s what seems to be asking.) Manually enter the login information yourself. Once logged on this way, then look to see if there is actually a message for you or an action that you need to take. By doing it this way, you have effectively gone around any would-be bad guys trying to socially engineer you. Always be suspicious of surprise login requests!

Do this even those for sites or services that you don’t consider to be important. If the bad guys get your login info for those sites, that moves them a big step closer to getting into sites and services that are important to you. (Many, many people use the same or similar passwords over, and over again. Bad guys love this bad habit.) Finding your private information for one website can provide useful information for getting into other sites, too.

Mike Pepper, The Computer Guy, has been providing software and hardware support in New York and Connecticut for more than 35 years. He can be reached at (845) 855-5824, or