With cybersecurity routinely in the news, one would think that criminals couldn’t fool anyone with their scams. However, one security firm, Atlas VPN, estimates cybercrime is a $1.5 trillion dollar industry—that’s 3 times the size of Walmart.
Given how successful cybercrime is, it must be impossible to stop, right? The reason cybercrime and scams are so difficult to stop isn’t because of the technical complexity of the scams themselves, it’s because they rely on good human behaviors with technology. Some of the most common tips you see are obvious as you’ve probably been told repeatedly “don’t click on suspicious links” or “hover over a link before you click”. Then an urgent email arrives from Amazon notifying you that your package has been canceled and before you know it, you’ve clicked the link without realizing it isn’t taking you to amazon.com, but instead you’re now on a Russian website made to look like Amazon’s login screen. My recent favorite, you get an email from someone you haven’t spoken with recently. Now, they’re sharing what looks to be an important file on Dropbox, so you click the link. Soon you’re being asked to enter your Google or Microsoft account credentials. Strange… didn’t I just click on Dropbox? Well, I better enter my Microsoft password to access the file. It’s that easy, and now not only is someone ordering from your Amazon account and emailing all your friends and customers, but they are also using that same email and password across hundreds of banking, social media, travel and utility websites. Hopefully, you didn’t reuse a password.
How can you prevent these bad things from happening to you? Recently KnowBe4, a leading cybersecurity company focusing on phishing testing and training, published a Top 10 list of Cyber Security Awareness Tips.
- Don’t click on direct links in emails, text messages, etc., especially those that are asking you to enter sensitive information. It’s best to go directly to the source.
- Don’t overshare on social media. These details can provide hackers with your location, ammunition to craft spear phishing attacks and answers to security questions. Think before you share!
- Don’t go “out of bounds” for communication. For example, if you’re buying something on eBay, do not negotiate with the other party via email instead of the bidding system.
- Never reuse passwords between any website or service.
- Always be skeptical of payment requests such as any unexpected invoice or request to get or pay for anything by using gift cards.
- Never truthfully answer authentication recovery questions Unfortunately, that means you’ll have to write down each question and answer for each website that requires them, but you’ll be far less likely to have your account hijacked.
- If it’s coming from someone you know, communicate with the sender (outside of the original correspondence form) to confirm an email sender’s request to transfer that $30,000 by the end of the day, even if it is your boss. Better safe than sorry.
- Know who to report any suspicious emails to at your workplace. Don’t delete the email – report it.
- Invest in a password management tool – ain’t nobody got the time to remember all those passwords!
- Be vigilant with suspicious SMS messages. Your bank will NEVER ask you to access your account from an SMS.
This top 10 list might sound difficult to follow (especially number 4), but if you leverage a commercially available password management tool like LastPass, Apple Keychain or any other reputable software. Not only will remembering dozens or hundreds of passwords be a breeze, you’ll be able to log into websites faster, automatically complete online forms and overall save yourself some time on the internet. The choice is yours. Would you like to change the way you create passwords and authentication questions? If you’re up for the challenge you’ll forever protect your digital accounts, including your personal and family identities. Taking 20 minutes now could save you dozens of hours in the future trying to recover your accounts, dispute charges and prove your identity.