By: Ashley Avery, First Florida Credit Union
When the World Wide Web launched in 1991, no one could say with certainty what the world of the web would look like in 2020. They only knew it was going to change the world.
Our ability to connect and explore has grown exponentially. And so have the opportunities for our lives to be digitally hacked. We’re now operating daily on a platform that offers up our personal data, and we’re still learning how to protect it. Personal data theft is now so prevalent; it’s not if, but when.
In 2018, there were 1.4 million fraud reports submitted to the Federal Trade Commission (FTC). The most common fraud and scams are:
- Imposter Scams
- Debt Collection
- Identity Theft
- Phone Fraud
- Credit & Debt Recovery
- “Free” Trials
- Fake Charities
- Fake Lottery & Sweepstakes
First Florida has a dedicated team of IT security personnel, elite security software, and highly trained staff that take all precautions to protect our members’ data. But what if you’re a regular Joe who uses the internet like everyone else without a team of professionals by your side?
There are two easy ways you can take action today that will greatly increase your chances of avoiding fraud.
Learn to Spot Malicious Emails
Have you heard of social engineering? It’s a term you’re likely to hear again. Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Malicious emails are a prime example of social engineering. Believe it or not, they are still an effective way for hackers to get your personal information or even tap into your personal accounts. When you receive an email that looks suspicious, first look at the domain. The domain is anything that comes after the @ symbol in the email address. This is usually the first indicator that the email is malicious. There is usually something that indicates it is different than legitimate emails you may have received previously, such as an extra dash or a misspelling.
Look for other signs in the body of the email. Often malicious emails will solicit you to take some form of action, using language that creates a sense of urgency, such as asking you to verify a purchase or enter your payment information to complete a transaction. These emails can be scary because they can closely mimic emails you may have received before. Instead of clicking on the link, if it’s a provider you use, contact them directly and verify the email was sent to you.
Practicing Good Password Hygiene
Online transactions are a part of our everyday lives, too, which makes practicing good password hygiene imperative. But how? For starters, you can safeguard your passwords or passphrases by ensuring they are:
- Unique between websites and services
- Never shared
- Stored in a password manager
It can be inconvenient at times, but when the password is the only thing separating someone else from accessing your accounts, perhaps making a little more effort is an acceptable tradeoff.
Most people have several online accounts, and chances are the same password has been used across at least one of those accounts. This practice increases the risk that your account will be compromised. The risk-scenario is most often realized when any one of those services or websites has lost control of its own passwords (commonly known as a breach). Those lost passwords include your password. When this happens, the set of credentials lost (which you may also use at two or more locations) will be sold, traded, or posted publically. It is only a matter of time when the credentials on a list are tried against popular sites and may match the login for your accounts. The term for this technique is called “credential stuffing” and is incredibly successful!
So, how do you defend against this real risk?
- Never reuse passwords across websites or services. Change your accounts to have unique passwords now! First Florida recommends using unique passphrases, phrases that are complex, but are easier for you to recall.
- Be aware of where you type your credentials. Logging in after clicking a link from an email requires an abundant amount of caution. Remember that credential theft is one of the primary targets of phishing emails.
- Use a second factor to login when it is offered. This goes by many names – Multi-Factor Authentication (MFA), 2-Factor Authentication (2FA), or two-step authentication. This will require you to enter a separate, one-time code that is usually sent to your phone to obtain entry into your online account. First Florida Credit Union offers this security service for members.
- Never use easily found information for a password. Avoid using words or phrases in your passwords that are easily found on your public social sites, such as your pet’s name, where you were born, your birth date, or anything similar.
Adequately securing your accounts online should be as important to you as locking your home or vehicle. It does not guarantee protection, but it is an easily managed safeguard against intruders.
Cyberattacks occur in many ways. Taking action today with the tips above could prevent you from being the next victim. We always remind our members that First Florida will never call, email, or text you to ask for your personal information. Any credible institution or business should never ask, either. Always keep this in mind. If they do, it’s probably a scam.