Your home network’s security is only as good as the configuration of your router or gateway. Leave it open or vulnerable, and you might end up with freeloaders that hog your bandwidth, at best. At worst, a snoop might take the opportunity to examine your internal traffic, hoping to learn sensitive information about you that can be exploited. To ensure that only approved devices are connected to your network, you can take a few simple steps to strengthen its security, which we explain below. If you can’t access some of these settings in your gateway (the combination modem/router provided by your internet service provider), consider switching off the router part of it and using a dedicated router instead, either of the traditional or mesh variety. Depending on your router’s age, you may need to change both the administrator password (which gives access to the management interface) and also the Wi-Fi password. Older routers usually default to ultra-simple passwords for the administrator account —think “admin” and “password”—and they’re easily found online. You may have also chosen a simple, crackable password when turning on encryption for your network. For both scenarios, choose a new, stronger replacement. The best way to do this is a built-in password generator in a password manager—they’ll be truly random and thus more secure, and the manager will ensure you don’t forget it. (Good free password managers exist, so solid online security doesn’t have to cost you a thing.) For newer routers, they often come with random passwords as default. It doesn’t hurt to change those if your router or gateway has that info printed on them though, particularly if you have less control over who might have physical access to the device. Just be sure to keep track of your new passwords, ideally in a password manager as mentioned. You should always encrypt your network traffic. These days, choose WPA2 for the best security. Older protocols like WPA and the ancient WEP won’t adequately protect you. If your router supports the newer WPA3 protocol, you can try it out—it’s an improvement over WPA2—but all of your connecting devices must support that protocol. Most people can stick with WPA2 for now, and then flip over to WP3 once all devices in the household can also make the leap. When setting up WPA2 encryption, pick WPA2 Personal if given a choice between that and WPA2 Enterprise in your router settings. Also, if you see TKIP and AES as different encryption options, go with AES as it’s much stronger. For older devices that cap out at WPA, consider upgrading your router at last. You’ll get better security, faster speeds, and more features for as little as $50 (or less if you wait for a sale). If you’re on an ancient router that only has WEP, replace it stat. You’re barely one step above having an open network. As for folks who leave encryption off because you want to share your internet with others: We salute your altruism, but don’t let that come back to haunt you. As mentioned above, no encryption means that people can spy on your internet traffic, giving them clues to your activities (including banking). That could lead to troublesome problems down the road. Name your network wisely. It should be something generic but not too common that doesn't reveal your address. A Service Set Identifier (SSID) is the name of a wireless network. That is what you see when trying to connect to a Wi-Fi network: Linksys616, D-Link2289, 555MainSt, We Have No Wi-Fi Here, etc. Because older routers default to ultra-simple or easily cracked passwords, changing the SSID to a non-identifying word or phrase helps thwart hackers looking for low-hanging fruit. Leave it as Linksys, and a savvy snoop may realize you’re running a much older Linksys router with “admin” as the password for router management. If you haven’t changed that password (and most people don’t), your home network is ripe for their exploration. As you move forward in time, many routers use a combination of the manufacturer name and numeric string (often the model number) for the SSID—making it even easier to look up the default admin password. Unless you have a modern enough router that issues random passwords as part of the factory settings, you could be even more vulnerable. So just change the SSID. (Don’t use your address for it, either. No need to make yourself more identifiable.) Note: Years ago, a common recommendation used to be to not broadcast your SSID: that is, keep it hidden from the list of available Wi-Fi networks in your vicinity. But trying to do security through obfuscation doesn’t really work here—it’s been proven that someone can easily discover hidden networks with a wireless spectrum scanner. Since disabling SSID broadcasting also makes it harder for people to join your network, you’re generally better off leaving it visible, using the strongest encryption available to you, and creating a very strong Wi-Fi password. Visit OUR FORUM to learn how to secure your wireless router.

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes daily, and apparently does little else with this access except for siphon gift card and customer loyalty program data that can be sold online. The data in this story come from a trusted source in the security industry that has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. For the past three years, the source — we’ll call him “Bill” to preserve his requested anonymity — has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world’s major email providers day. Bill said he’s not sure where the passwords are coming from, but he assumes they are tied to various databases for compromised websites that get posted to password cracking and hacking forums on a regular basis. Bill said this criminal group averages between five and ten million email authentication attempts daily and comes away with anywhere from 50,000 to 100,000 working inbox credentials. In about half the cases the credentials are being checked via “IMAP,” which is an email standard used by email software clients like Mozilla’s Thunderbird and Microsoft Outlook. With his visibility into the proxy network, Bill can see whether or not an authentication attempt succeeds based on the network response from the email provider (e.g. mail server responds “OK” = successful access). You might think that whoever is behind such a sprawling crime machine would use their access to blast out spam, or conduct targeted phishing attacks against each victim’s contacts. But based on interactions that Bill has had with several large email providers so far, this crime gang merely uses a custom, automated scripts that periodically log in and search each inbox for digital items of value that can easily be resold. And they seem particularly focused on stealing gift card data. “Sometimes they’ll log in as much as two to three times a week for months at a time,” Bill said. “These guys are looking for low-hanging fruit — basically cash in your inbox. Whether it’s related to hotel or airline rewards or just Amazon gift cards after they successfully log in to the account their scripts start pilfering inboxes looking for things that could be of value.” How do the compromised email credentials break down in terms of ISPs and email providers? There are victims on nearly all major email networks, but Bill said several large Internet service providers (ISPs) in Germany and France are heavily represented in the compromised email account data. “With some of these international email providers we’re seeing something like 25,000 to 50,000 email accounts a day get hacked,” Bill said.  “I don’t know why they’re getting popped so heavily.” That may sound like a lot of hacked inboxes, but Bill said some of the bigger ISPs represented in his data have tens or hundreds of millions of customers. Measuring which ISPs and email providers have the biggest numbers of compromised customers is not so simple in many cases, nor is identifying companies with employees whose email accounts have been hacked. This kind of mapping is often more difficult than it used to be because so many organizations have now outsourced their email to cloud services like Gmail and Microsoft Office365 — where users can access their email, files, and chat records all in one place. In a December 2020 blog post about how Microsoft is moving away from passwords to more robust authentication approaches, the software giant said an average of one in every 250 corporate accounts is compromised each month. As of last year, Microsoft had nearly 240 million active users, according to this analysis. “To me, this is an important story because for years people have been like, yeah we know email isn’t very secure, but this generic statement doesn’t have any teeth to it,” Bill said. “I don’t feel like anyone has been able to call attention to the numbers that show why email is so insecure.” Bill says that in general companies have a great many more tools available for securing and analyzing employee email traffic when that access is funneled through a Web page or VPN, versus when that access happens via IMAP. “It’s just more difficult to get through the Web interface because on a website you have a plethora of advanced authentication controls at your fingertips, including things like device fingerprinting, scanning for HTTP header anomalies, and so on,” Bill said. “But what are the detection signatures you have available for detecting malicious logins via IMAP?” Microsoft declined to comment specifically on Bill’s research but said customers can block the overwhelming majority of account takeover efforts by enabling multi-factor authentication. Read the detailed report on OUR FORUM.