If you’ve ever had your identity stolen online or been a victim of fraud, you’ll know just how stressful and financially destructive it can be.
But even though the consequences can be severe, both personally and financially, making sure you’re protected against fraudsters online is still something that is often pushed aside to ‘do another day’.
Cyber attacks are unfortunately now commonplace and recently Twitter warned its 330 million users to change their password after a bug was discovered in its IT system, which stored passwords and usernames in plain text.
By looking at your photos or videos, fraudsters can also figure out where you live and work
Meanwhile last month the headlines were full of potential threats of state-sponsored hacking attacks from Russia and lead to a joint warning from the UK’s National Cyber Security Centre, the FBI and the US Department of Homeland Security.
Large-scale cyber attacks are thankfully quite rare yet we regularly hear from individuals who have fallen victim to online fraud.
We asked a number of cyber security experts for their top tips for avoiding becoming a victim and here we’ve made a list of the best.
1) Be careful with the information you share on social media
Social media can be a treasure trove for fraudsters, especially when it comes to finding personal details and potentially conning people out of their cash.
Therefore it’s important to make sure personal information, such as your date of birth, phone number or address, isn’t shared here. Similarly if you regularly leave updates on your social media accounts when you go on holiday, this can be a tool for criminals and will let them know when your house will be empty.
Lisa Baergen, director at online technology firm, NuData Security, said: ‘By looking at your photos or videos, hackers can figure out where you live and work.
‘They can find your spouse’s name and who you socialise with – even the name of your pet that you may use as an answer to stronger security questions – even your mother’s maiden name, a favourite data point used by creditors and financial institutions to verify your identity.’
A password manager is free to use and generates secure passwords with a combination of letters, number and special characters
To protect yourself on your social media feeds, review your security settings so you know who can access the details you share. Make sure your security settings are on the highest possible setting and use less obvious answers for security questions – such as the name of your pet, which may be easily obtained from your profile.
2) A password manager will encrypt and store all your passwords
You’ve probably been told a thousand times to change your password regularly and to have a different one for each account you use. However, remembering eight or nine different passwords (if not more) and changing them on a regular basis can be a real hassle and take a lot of time.
Instead a password manager can do this for you. They are free to use and generate secure passwords with a combination of letters, numbers and special characters. These are then stored in an encrypted account and when logged into the password manager, your username and password will be filled in automatically when you’re asked for them.
Adam Brown, spokesperson for online technology firm Synopsys, explains: ‘Users have hundreds of online accounts these days and if one of those is breached, and the password data leaked along with a linkable identifier like a username or email address, then that user’s password is often no longer confidential due to the common but bad practice of reusing passwords.
‘Anything linked to the user should be avoided, along with dictionary words and variations. Targeted attacks use reconnaissance to gain intelligence about the victim; social media or even public records can reveal friends and relatives names and dates etc.
‘Ideally a unique string with numbers, letters of mixed case and special characters should be used; and sentences can help increase the complexity of a password while keeping them memorable.
‘A reputable password manager gives users the opportunity to use non-guessable passwords (which also tend to be non-memorable) with their online accounts. It may seem like putting all your eggs in one basket but they have very strong security controls and in fact a good password manager never actually stores your password, just a super encrypted version of it that only you with the key (the password manager app and password) can access.’
3) Install up-to-date virus software
When you connect your computer, mobile phone or tablet to the internet, you’re potentially opening it up to catch a virus which could steal private information from you.
To prevent this happening, install an anti-virus programme and make sure you regularly update it. This includes completing regular full virus scans and downloading any updates sent by the provider.
There are a number of free anti virus programmes available, such as Windows Defender (free to those with newer versions of Windows), Avast Antivirus and Avira.
Social media feeds can be a treasure trove for fraudsters, especially when it comes to finding personal details
4) Patch your operating system
‘Patching’ your operating system simply means completing the regular updates from whatever system you’re using.
Large companies, such as Apple and Microsoft, send these out to make sure users of their systems can fully update their computers with the latest software to attack viruses and remove them.
This is especially important when it comes to cyber security as these patches will often include details to protect your computer from recent online viruses.
5) Use a VPN connection when looking at private information online
A free wifi network can be a godsend if you’ve run out of data or simply don’t want to burn through your data while using the internet. However, it also can be used by hackers as a way to steal personal and financial information from people using the network.
Open wifi networks aren’t as secure as private ones so try to avoid using online banking or entering your payment or personal details when using one.
If you are, a VPN, or virtual private network, connection can give you an extra layer of protection.
These allow you to remotely connect to a private network and encrypt your internet connection and any data you send, so no one can access this – including the internet service provider or a potential hacker. There are several VPNs available for free online and a number of apps you can download.
6) Check your credit scored regularly for suspicious payments or applications
Often your credit score can be the first place you find out you’ve been hacked, because any applications for credit will show up here. Therefore it’s important to check it on a regular basis and to contact the credit reference agency if you spot anything strange.
James Jones, spokesperson for Experian, comments: ‘If you’re unlucky enough to be targeted by a fraudster, the sooner you discover it and raise the alarm the less time and effort will be needed to set the record straight.
‘All three main credit reference agencies (Experian, Callcredit and Equifax) offer free support to fraud victims to limit any distress and inconvenience, including liaising with the lenders involved on your behalf. We also offer paid-for web-monitoring tools that can scour the web and alert you if your personal information is found somewhere new online.’
A VPN, or virtual private network, connection can give you an extra layer of protection
7) Never open links from people you don’t know
If you’re contacted by someone you don’t know, be it in an email, phone call, text message, via social media or even in a WhatsApp message, always double check who the person or company is before clicking any links within the message or handing over any of your details.
If there are links or attachments within the message, don’t open these until you’re confident you know the sender is genuine. If you know the sender, double check with them to make sure they intended to share the link and it’s not a virus.
Ryan Wilk, vice president at online security firm, NuData Security, says: ‘Most fraudsters will first try to contact you with an email pretending to be from your bank or financial institution, or perhaps from a trusted merchant brand. Be very wary of any emails received from these sources – it is highly unlikely that any bank will contact you via email.
‘Unfortunately, emails from brands are standard routine (sometimes, all-too-often) and have become extremely realistic and sophisticated. If an incoming, unsolicited email is asking for your personal and/or financial information, do your research and/or pick up the phone and call the sender organisation directly.’