If I had followed my own advice, I would not have been scammed. Here’s what I advise businesses and home users to do to stay safe from scams:
- Interrogate Inbound.
- Emails Evil.
- Activate Antivirus.
- Powerful Passwords.
- Suitable Security.
- Preventative Procedures.
- Careful Companies.
- Begin Backups.
Treat everything inbound as a scam until proven otherwise. If a message, phone call, email, sms, skype call, letter, or anything else is inbound – i.e. you did not originate it, then do not trust it. Interrogate it. Don’t take anything it says on face value. Contact the organisation themselves – especially if the person asks you not to. And never, ever click on links in emails. Microsoft or your internet company will never call or email you to tell you there is a problem with your computer. Legitimate websites don’t automatically scan your computer and tell you that you have viruses. I followed this mantra so well one time that I didn’t believe it when the Australian Taxation Office really did call me – it worked out fine as I simply called the main ATO number and sorted it out.
The most dangerous component of cloud computing isn’t some evil hacker in a basement in Azerbaijan – it’s you. I’m not blaming you if you get scammed (I fell for one recently myself) – these people are very good at what they do and you are the victim here – I’m just saying that often it isn’t always your computer’s fault either. When a scammer convinces you that they are the police and you should send $200,000 to the UK, no matter how good your security software is, it can’t stop you. And your bank can’t stop you either – because it is really you asking to transfer the money. You are not the one to blame, but you can protect yourself. Start by interrogating anything inbound.
Emails are Evil. Never click on a link in an email. Never. If the email is from your bank, type in the address to the bank in your browser, and make sure you get it right. Or use your favourites. Don’t trust links in emails. Fake emails are getting harder and harder to spot. I fell for one. Don’t click on any links in any emails ever!
When I fell for a fake email scam, I was saved by my antivirus. Malwarebytes is the only one I trust. More info here. Anti virus software won’t stop an online application being hacked, or a scammer. But good ones will prevent websites from installing bad stuff automatically. This won’t stop all your problems, but it is one of the best things you can do for your online security.
If you make your password “password”, then you are just asking to be hacked – like leaving a car at night in the city with the windows down and keys in the ignition. No one acts surprised when that car is stolen, but they do when their account is compromised with the password 123456. Sound silly? Over 10% of the passwords from the 2013 Adobe hack were sequential numbers (like 123456789) or “password”. Here’s how to create powerful passwords:
- Use different passwords for each website. That way when say Adobe is hacked, the hackers won’t get your banking password.
- Long passwords. Use a sentence – like “ireallylikecustardandapplepie”. This is even better than messed up stuff like L$x@!T^rQ.
- Record passwords securely. Use a password program or keep a list in an encrypted document.
If the consequence is high, use high security.
Where possible, use two factor authentication. That means more than just a password. For example with gmail you can turn on two factor authentication and gmail then sends an SMS to you to allow you to log on. If someone guesses your password to gmail, they still can’t log in as you without your phone. Most banks force you to use some form of two factor authentication.
Especially in business. Go through your money procedures, and make sure nothing of significance happens from say just email. I knew someone who lost a packet after hackers compromised their email and pretended to be them, and instructed their finance broker to send a large sum of money overseas. Make sure your procedures have built in security – like needing a phone call to authorise large sums to a new account number. Go through your procedures and making sure they are safe from hackers.
Chose the companies you deal with carefully. Most Australian banks will repay any money lost to scammers. Same with Paypal and Mastercard / Visa. So if you want to be triple safe, use an Australian bank credit card through paypal when buying things online. I had my bank call me once after they detected a possible fraud on my credit card. They had already cancelled the transactions, cancelled my credit card and issued a replacement before I even knew my credit card number was making large donations to a dodgy religious organisation in the USA.
I say “begin” because you probably don’t have a current backup of all your data. Am I right? Start one now. A common scam these days is where hackers encrypt your entire hard drive, preventing you from accessing all your data – your photos, documents, everything. Then they ask for a payment to unlock it. If you have a current backup, you can just say “no thanks” and nuke and reinstall your PC. Also use some form of cloud backup for your most crucial files (like One Drive), and keep one backup off site (in case of fire or theft).
If you do all this, then you are way less likely to fall for a scam. Take responsibility for your online security. And stay safe out there.