To keep the lights on, we receive affiliate commissions via some of our links. Our review process.
With so many recent cybersecurity breaches (especially from reputable companies like Target and Equifax), it has become increasingly necessary to become secure online. With so many access points (via smart home devices, fitness trackers, etc.), it’s easier than ever to fall prey to a potential hack.
Breaches can happen to the best of us, not just your vulnerable average Joe. Hackers have sophisticated ways of stealing your identity and could be accessing your accounts as we speak. Unlike a house break-in where there is often evidence of a crime, it is a lot easier for digital theft to go unnoticed. Are you leaving the front door wide open for these new-age criminals?
- 7 Steps To Secure Your Online Shopping
- Stay Secure At Home Or On The Road
- Cybercrime Prevention For Students
- Cybercrime Statistics
- Learn To Prevent Identity Theft
Millions of Americans shop online every day. That’s a lot of credit cards swiped, personal data collected, and online transactions, resulting in substantial potential for identity theft. With an increase in online shopping and enticing offers around Black Friday and Cyber Monday, the holidays are an especially vulnerable time to get scammed.
Here are some tips to stay safe when snagging those online deals.
Whenever possible, avoid using location-based services that publicly check you into a location or apps that use your position to track your whereabouts.
- Turn On Two-Factor Authentication (2FA) – If a retailer offers it, this is an additional online security measure where a secondary device under your control is used to authenticate your identity. This is typically your smartphone, and common methods of implementation include receiving an email, text message, or phone call in addition to using your username and password to log in. This is also referred to as Multi-Factor Authentication (MFA), implying two or more devices. More on 2FA and MFA here.
- Check The “From:” Email Address – If you receive an enticing offer or sale via email, check the source of the email and examine the “from” email address. The name is often spoofed to look like a friend, but the email address will be bogus. This type of scam is known as phishing and is the most prevalent type of wire fraud. Caution – sophisticated hackers can also “spoof” the email address (fake it), so when in doubt, don’t click or open any attachments. It’s always best to go to the retailer’s website directly versus clicking on any links you receive via email or text message.
- Links In Emails – Check The Source Code – your best bet is always to visit websites directly (vs clicking links in the email). But if you’re curious, you can view the source of an email (making sure not to click on any links) to see the actual URL’s behind the anchor texts (link names).
- Update Passwords Ahead Of Time – It’s always a good idea to update your passwords regularly and make sure that each password is hard to guess and unique to that website or app. In anticipation of major holiday shopping events, reset the passwords for the sites you plan on shopping beforehand.
- If It’s Too Good Of A Deal, It Probably Isn’t Legit – Spammers are prone to targeting people who don’t know any better, especially children. So teach your kids not to click on shiny objects or fall for unbelievable deals.
- Only Shop At Secure Sites – Most retailers have switched to a secure connection (URL begins with HTTPS) by now but if not, buyer beware. Your browser should recognize sites that use a secure (SSL) connection and have a valid certificate, just make sure you’re using a major brand name browser (Safari, Firefox, Chrome, Internet Explorer, Edge, Opera) and keeping it up to date.
- Use A VPN During Check Out – A Virtual Private Network (or VPN) masks your IP address (or internet location) making it more difficult for intruders to gain access to your information. VPN services can be used on your computer and smartphone. We also have a step by step guide on how to set up a VPN on various devices.
Did You Know?
Click the icon in your browser’s address bar to the left of the website URL for information on the website’s security certificate. The latest website browsers should block those who don’t comply to the new standard for encrypting your data, but not all do.
How Many Of Us Are Vulnerable?
Nearly half of Americans have been exposed to some sort of cybercrime threat. How exactly do these hackers get access to our precious data? Our experts dig in to find out.
The traditional methods used to steal people’s identity (like dumpster diving and malware) are still in play, but nowadays your focus should be on the thieves you can’t see and the data you didn’t know they could access.
Here are some essential steps you can take to help prevent a personal data breach.
The days of using your pet’s name, or the numbers in your street address (or heaven forbid the word ‘password’) as your password are over. Use these guidelines to create a secure password:
- At least 8 characters randomly generated
- Should include alphabetic, numerical, and at least two special characters (*&@!#$%^).
- We recommend a service such as Dashlane to store your passwords so each one can be unique. Dashlane can also generate passwords for you.
Lock Down Your Network
Your router is the primary entrance into your residence for cybercriminals. Make sure your router password is unique and secure (we recommend at least 8 characters, randomly generated with at least two special characters. To take it a few steps further, you can also enable multi-factor login or better yet get a firewall for your smart home hub that acts as a shield to protect anything that’s connected to your WiFi via a wireless connection or your smart home hub or smart speaker.
Protect Your Devices
If you don’t have a password to unlock your phone and computer, stop what you’re doing right now and set this up. That will ensure no one can access the contents of your devices (like email and documents) if it is misplaced or stolen.
Device Location Finding Services
If you’re an Apple user consider turning on Find My iPhone (or Macbook, etc.) so you can track your device’s location. This can help retrieve it in the event of loss or theft. For a step up, consider the service Prey, a sophisticated security solution for locking down, tracking, and retrieving your device.
Don’t Pay Debit At The Pump
Have you ever pulled up to the gas station only to find every single kiosk says “see cashier” or “pay inside”? Sure it is an inconvenience but it may just save you from identity theft! Since gas station credit card machines are often unattended, it is fairly easy for savvy hackers to put card reading equipment (aka skimmer) on them. When you dip your debit or credit card into the reader, the skimmer swipes the data from your magnetic strip which can be used to replicate your data onto a new plastic card. Debit cards are particularly vulnerable, we recommend only using your debit card to withdraw cash from your ATM. Not for gas, not for groceries, and not at restaurants.
Consider An RFID Wallet
Skimmers aren’t just present at gas stations unfortunately. You card can be skimmed nearly anywhere, even from passers by on the sidewalk. RFID wallets can block skimmers and keep your cards protected.
And while the new EMV “chip” credit cards also provide a layer of protection, they contain a magnetic strip and can therefore still be skimmed.
2-Factor or Multi-Factor (2FA or MFA) authentication is an online security measure that involves a second device to prove your identity. Typically a code is sent to you via an authenticator app, phone call or text message. This code serves as a verification method upon login to ensure you are who you say you are and should have access to the account. It’s becoming more common to offer and encourage this extra layer of security. While it can be a bit annoying at times, the extra step can go a long way in keeping your personal data safe. You will want to start by adding two-factor authentication (2FA) to bank accounts, credit cards, email and other websites that have sensitive information (IRS, doctors office, stock trading, etc.). Then make a good habit to set it up whenever you create new online accounts in the future.
Two-Factor Authentication Vs Multi Factor Authentication
Two-factor authentication uses your password/username combination as well as a second factor (usually something that only you have access to) to authenticate your identity. The most common form of this is a unique code sent to your cell phone, which you then enter as a secondary check to access your device or account.
Multi-factor authentication includes the 2FA elements plus a factor unique to you. The most common form of this is a retina or fingerprint scan. Other factors can include location and time of day.
It’s important to take advantage of 2FA and MFA whenever you can because it can help prevent others from accessing your devices and accounts.
Why Are SMS And Email Not Secure Forms Of 2FA?
SIM spoofing is a method to get access to a 2FA code sent to your cell phone number via text message (SMS). The same vulnerability applies to 2FA codes sent to your email account with email spoofing. Malicious users use these methods to intercept 2FA codes from the real account holder. Our security expert advises that in general, 2FA sent over data networks can be exposed to interception. The way to properly do 2FA is using a code generation device on your smartphone, or physical USB key.
Yes, Google Authenticator is an app (with both Android and iOS versions) that will store your 2FA QR codes for free, however, it does not backup your codes (and only offers migration of codes to a new device for Google-specific logins), so if you migrate to a new device you may run into some troubles getting back into your services (we did). For this reason we recommend the Lastpass Authenticator, which does have a backup option. Lastpass can also save and store your logins.
Our own team members have some personal experience with password managers:
I like Dashlane (DL) more than LastPass (LP). I found LP not as user-friendly and would sometimes save multiple versions of a password. Therefore, when I’m logging in, I’m trying different options until one works. However, this has been resolved for the most part since I tested it and I have much fewer issues with this now. Dashlane I found to be much more user friendly. It offered better organization options from what I can recall. However, DL was more expensive than LP. I like LP’s free plan better than DL’s – with DL’s free plan you can only access the information on one device. – Kimberly A., Safe Smart Living
I only have experience with Lastpass and have found it an affordable, feature rich option to store passwords. Having Lastpass Authenticator to additionally store 2FA logins that are automatically backed up into the cloud (a feature I believe DL does not have) is a big plus. My gripes with LP include the inability to mass accept shared logins – I have to accept them one-by-one, which is tedious. Additionally, the LP interface has always struck me as slow and cumbersome. – Alex S., Safe Smart Living
Cybersecurity should start at a young age. Kids are using cell phones, playing video games, streaming music, paying for things with credit cards and engaging with smart technology at ever younger ages (and they are just as susceptible as their parents).
In fact, the National Cyber Security Alliance (NCSA) reports that kids ages 8-18 spend 7 hours and 38 minutes per day online. That’s nearly 1/3 of their day! This is why it’s vital for younger generations to stay informed and guarded against digital dangers.
- Get them started on the right foot – Before unboxing or passing down a device to them, set it up with all the security settings and parental controls to ensure they aren’t opening up a can of worms when they power up.
- Even the playing field for parents and kids – Share that the adults are following the same rules. This will make them feel they are not being punished or called out for having to adhere to special guidelines.
- Think before you click – Similar to stranger danger warnings that are taught from a young age, the same applies to the internet. Don’t click on links that look suspicious, don’t open an email from someone you don’t know and don’t respond to texts from unknown numbers.
- Make cybersecurity fun – Have them come up with something silly and equally safe for things like passwords (e.g. $illy$ally), screen names and usernames (e.g. Sk8boarding4fun) and use analogies so they can better relate to cybersecurity (e.g like spies trying to unlock a treasure chest). And once they’re ready and capable, introduce them to a higher level of security with a password service such as Lastpass.
- Encourage them to learn – STEM (science, technology, engineering and math) skills help students think more analytically about computers and better understand the importance of digital security.
- Beware of coffee shops, libraries and other public spaces – The coffee shop might have yummy Lattes, but their free Wifi can be an invitation for cybercrime. Using a public network can save you money, but it can be dangerous if you do not use precautions. Read our tips for using public WiFi, an easy reference guide for how to protect yourself next time you surf on a public network.
- If it’s too good to be true, it probably is – Spammers are prone to targeting people who don’t know any better, especially children. So teach your kids not to click on shiny objects or fall for unbelievable deals.
Another method cyber thieves use to get at your personal information is by posting fake job listings. They know that employers often ask for sensitive information like date of birth, email address, and cell phone number on employment application. Job seekers with the goal of obtaining an interview are often not in the same “data protection” mindset as say someone doing an online banking transaction.
Things to look for? Before submitting any information to them, do your due diligence on the employer, as well as the person interviewing you. Search for their names on the internet, on LinkedIn, see if they have a website and social media pages, etc. If they ask for bank account or direct deposit information, consider that a red flag. When in doubt, do your research, and if it seems too good to be true, it probably is. Work at home jobs and secret shoppers are examples of postings that are commonly used for this tactic.
Unfortunately, identity theft is happening more and more frequently in the modern, digital age. Before you know it, you might become one of the next identity theft victims (if you haven’t been already). We’ve been tracking the history of the biggest data breaches since 2012, and in our ID theft statistics article you’ll find 20 alarming statistics for 2020, including the places identity theft is most commonly happening and what you can do about it.
October Is Cybersecurity Awareness Month
Did you know that there’s an entire month dedicated to cybersecurity awareness? Yep! October is officially the month dedicated to bringing attention to this issue. Created by the National Cyber Security Division (NCSD) of the United States Department of Homeland Security and the NCSA back in 2004, National Cybersecurity Awareness Month (NCSAM) was set up to encourage protection among all internet users across the country. However, you shouldn’t just “celebrate” one month out of the year. Practice these tips year-round!
Watch this quick three-minute video from former President Obama as he explains how the growth of digital networks has increased the need to invest in online security and the steps you can take to protect yourself from online threats.
Hackers are working hard behind the scenes to steal your identity for their personal gain via identity theft. Learn more about ID theft, how it happens and how you can stay out of harm’s way in our all-encompassing identity theft guide.
Unfortunately, nearly everything is a cybersecurity threat today. Whether it involves connecting to Wifi or sharing your data to the cloud, you’re in danger. The important thing is to remember to always be as safe as possible when using your connected devices. Or just take a break from technology, go for a walk and grab some fresh air!Tagged With: Cybercrime