Protecting Your Identity – Cyber Thieves
Posted On: October 3, 2022 in: Security
Visualize yourself in these two scenarios.
Scenario 1
You’re working from home and an email from “your boss Sheryl” hits your inbox with a subject line: “Address”.
It looks authentic – you open the email.
It states: “Hi, please reply with your home address. I will be sending you a gift card for all your hard work.”
Wonderful! Some recognition from the boss.
Without thinking or bothering to check “Sheryl’s” email address, you promptly reply with your address.
Later, you’re on a call with Sheryl and you thank her in advance for the gift card. She responds: “What gift card?”
Just like that, you’re in full-on panic mode.
Scenario 2
Your alarm goes off, time to wake up.
Your daily routine starts by checking your email inbox.
What’s this? An email from your “bank” with a subject line: “Problem with your Direct Deposit”.
Wonderful…Pay day is tomorrow and you want this resolved, quickly.
At a glance, the source looks legitimate. So, instead of calling your bank, you take matters into your own hands and open the email. In it you find a non-threatening message politely asking you to “reply with your online banking username and password to reactivate your direct deposit”.
Sounds easy and legitimate enough, right?
So you type, type, type…send.
A few hours go by without a confirmation email, so you call your banker.
Your banker responds: “There was no issue with your direct deposit.”
Uh-oh …
(For your reassurance, please know that Park Bank would never ask you to send confidential information directly via email.)
Cyberattacks come in a lot of different ways, but their end-use is the same: to cause damage. That damage can take the form of financial gain, disruption and revenge, even cyberwarfare.
And, with remote work and digital banking surging, cyber criminals are on a rampage.
So, how do you thwart these cyber thieves?
Here are 10 Tips to Protect Your Identity from Cyber Thieves
- Two Heads are Better Than One
Turn on Multi-Factor Authentication (MFA). What is MFA? It’s an authentication method that requires you to provide two or more verification factors to gain access to a resource such as an account, application, or a VPN.
- Don’t Link to the Wrong Chain
Don’t click on links from untrustworthy sources. This may seem obvious, but cyber criminals are constantly honing their craft and it can be easy to get fooled. Be sure to examine addresses before clicking links within emails. Misspellings and poor grammar are a couple of tell-tale signs an email was constructed by a hacker.
- Attack of the Typo
No, it isn’t some dual-purpose workout designed to strengthen your legs while you respond to emails. Typosquatting is a cyberattack that can happen when you mistakenly make a typo directly into a web browser. Fraudsters pay to obtain the rights to misspelled domains and hope you’ll make a mistake. These fraudulent URLs can take you to unsafe web locations. Your best bet is to type into a trusted search engine, rather than your browser.
- Software: The Added Defender
Make sure your network defenders are updated on all your devices. Turn on automatic software updates when they’re available.
- Add Muscle at Home
Again, not workout advice. You should, however, bolster your home network by using a strong encryption password and a virtual private network (VPN).
- You Like to Read 1BLOG!
When constructing “passwords,” think “passphrases.” A passphrase should be a phrase or saying that makes sense to you in a meaningful way. For complexity, use multi-word phrases with capitals, punctuation, and spaces. While expert opinions vary, a good passphrase generally should be at least 12 characters. Typically, the longer the passphrase, the better – so long as you can remember it. A password manager is a helpful tool for remembering and storing your passwords (and much more secure than writing them down on sticky-notes). Example: I eat 3 pizzas on Friday, Saturday, and Sunday!! = Ie3pofSaS!!
- Stay Humble on Your Keyboard
Going on vacation? It’s best to not let the world know you’re gone until you get back. Save posting those oceanfront photos for when you return home. If word that you’re away travels to the wrong person, it could spell trouble.
- Breach-Watch
Have an account at “_________.com”? If the company’s database has been hacked, you should immediately change your password for that account. If you use that same password for other accounts, change those, too.
- Cut Out the Junk (Email)
When it comes to email, remember: When in doubt, throw it out. Use good judgment. If something sounds too good to be true, it probably is. What if it’s legitimate, though? You can hover over an email address to see if it’s spelled correctly, has no spaces, commas, if all the @s, dots, and domain extensions are correct.
- OK, You Totally Ignored This Blog’s First 9 Tips and You’ve Been Hacked – Now What?
If you know you’ve been the victim of a cyberattack at work, contact your IT department immediately and report it to your supervisor. If it’s a personal account that’s been hacked, change all compromised passwords, create fraud alerts for your credit, and monitor your accounts closely for a while. Also, report the attack to appropriate authorities such as the FBI (via their Internet Crime Complaint Center) and the FTC. The FTC offers an advice site with full details on how you can proceed.
Let’s Get to Next, safely!