The majority of Americans, 63%, have been scammed online. 54% have had their social media account(s) compromised, and 49% have been victims of a data breach. Cyber criminals are becoming smarter and more professional; scams are often targeted and scammers impersonate companies or people you are already familiar with to gain your trust and take advantage of you.
Ultimately, online crooks are after your data and money. Financial institutions are some of the most impersonated companies online. PayPal and Bank of America are both in the top 10 most impersonated in online phishing attacks. Not everyone knows how to be security-conscious with their data and information online, even if you do consider yourself more tech savvy.
How to protect yourself
1. Use multi-factor authentication.
Any type of authentication that requires more than one factor of authentication (for example, you have to do more than just enter a password) is called multi-factor authentication. The more factors you can use, the better. Many websites will require you to enter a password, a code from an authenticator app, and will show you a so-called secret image of your choice so you know you are on the correct website.
If you have the choice, an authenticator app is generally considered more secure than text message verification. Cyber criminals can redirect text messages to different devices using a process known as SIM swapping (and all they need is your phone number and last four digits of your Social Security number). Hackers may also reroute messages through companies that provide text rerouting services or use a technique known as “listening in” and spy directly on carrier networks.
Codes from an authenticator app are generated only on your phone, which means a hacker would need to have physical access to your device to gain access to your account. These codes are temporary and expire very quickly, making them more secure. A couple trusted, free authenticator apps include Google Authenticator and Microsoft Authenticator.
One more note about authenticator apps: if you are upgrading your phone, it is much easier to transfer the authenticator app over to your new phone before you erase your old one. If you trade-in your old phone before setting up your new one, you could potentially lose access to your authenticator apps and need to contact providers to reset your accounts.
2. Use a password manager.
Password managers not only keep track of all of your passwords so you don’t need to store them in plain text, they also generate secure passwords. You should also routinely update your passwords, in case they are exposed in a data breach. Password managers make it easy to update your passwords, and most managers also show you when your password was last updated.
LastPass and 1Password are two of the top password managers that work across a wide range of devices. Both managers have apps that work on Android and iOS, and have plug-ins for most major web browsers. 1Password comes with a free 14-day trial, while LastPass has a free version you can use indefinitely (but it is fairly limited).
If you use primarily or solely Apple devices (such as iPhones, iPads, and Macs), Apple’s built-in (and free) iCloud Keychain could be worth considering. Passwords are encrypted and protected with two-factor authentication, and iCloud Keychain automatically suggests strong passwords and checks to see if they have been exposed in data breaches. However, anyone who has access to login to your device will have access to your passwords (as opposed to LastPass and 1Password, which are protected with master passwords). This isn’t necessarily an issue, but if you are considering using iCloud Keychain, you need to ensure that all devices with access have secure passwords.
3. Freeze your credit if you aren’t using it.
If someone has access to your personal information, including name and Social Security number, one of the first things they may try to do is open new lines of credit in your name. Freezing your credit prevents anyone from accessing your credit without your consent. You have to contact each of the three major credit bureaus individually to freeze your credit, but it is free to freeze and unfreeze. To freeze and unfreeze your credit, you may need all or a combination of the following:
- Your Social Security number
- Date of birth
- Address, and in many cases proof of address
- Copy of your passport, driver’s license, or other form of ID
- Copy of financial documents, which may include bank statements, utility bills, or tax documents
Unfreezing your credit can be done in a matter of minutes, so don’t hesitate to freeze it if you aren’t going to be using it anytime soon. This extra layer of security can protect your finances even if your information were to be compromised.
4. Best practices.
While some security best practices may seem like common sense if you deal with cybersecurity regularly, many people just don’t know how to keep themselves, and their information, safe online. Here are a couple general safety tips to follow when online.
Don’t click on unfamiliar links or open attachments from unknown senders.
One of the most common ways cyber criminals attempt to gain access to your information or your accounts is by email. Phishing emails these days can be very sophisticated and often appear legitimate at first glance. If you are ever unsure about whether an email you received is authentic, do not click any links or open attachments. Double-check the sender’s full email address to make sure it came from who you think it came from. An email may say it is from “Apple Support,” but when you view the full email address, it may be from “[email protected].”If you are unsure about links in an email, you can hover over links to view the URL it directs to. Pay attention to the root domain, which comes right before the “.com,” to make sure you aren’t being directed to a site you do not want to visit. If you find yourself on a website you aren’t sure is legitimate, it’s better to be safe rather than sorry and not enter any of your personal information.
Never use unsecured public WiFi, especially if you have sensitive data on your device.
If someone with bad intentions were connected to the same unsecured WiFi network that you were, they could potentially access any information from your web session. This could include usernames, passwords, card information, and more. Attacks may even be able to access other information on your device over the shared network.
It is best practice to avoid unsecured WiFi networks altogether, especially if you have sensitive information on your device – and these days, who doesn’t? Your phone and computer likely contain passwords, credit card information, names, addresses, phone numbers, emails, and more. If you have no other option, make sure to use a VPN if you connect to a public network. The VPN offers a layer of protection between your device and the network, although you may not be as safe as when on a private network since your VPN may not always be on.
Financial crooks come in many forms, and those that try to access your information online are just one type. We cover the three worst types of financial crooks, and how to protect your finances, in this episode of the show.
Get Daniel’s newsletter in your inbox a week early by signing up for FYI by FTE.