My PayPal account is disabled, my Amazon account is suspended, there has been suspicious activity on my IP address so my router will be barred… I am either flat broke (and I know I’m not) and can’t pay my bills or there is a problem with the provider, so I must click on this link to see what I need to do to sort it out…
Within the last 10 days I did get each one of these notices, 2 were emails and 1 was actually a phone call to my unlisted landline! (yes, I still have a landline).
What is a fact is that each one of these was a phishing scam. Now, I have worked in IT for almost 30 years so you would expect I would be sceptical and wise to these attempts, and I am, but there are many people who are not; like my 70+ year old next door neighbour that calls me every-time she gets a phishing email and is visibly upset thinking something is actually wrong.
With COVID-19 and a large part of the population working from home, isolation, reliance on home broadband (as opposed to the it being the IT departments problem) and a general sense of nervousness means a lot of people are more open to falling for these scams. These criminals are psychological experts at placing doubt in your mind, so don’t let them!
But then again, I have anti-virus, a firewall and encryption so I am OK. Wrong again! In our now totally connected world, while all of these security measures do offer a level of protection, they are not a silver bullet – a panacea for all security needs.
The fact is quite a lot of security breaches are as a result of an issue between the keyboard and the back of your chair….. that is You! Your digital identity is what these criminals ultimately want. And they will have ingenious ways to try to get it. However, you can take some basic and simple steps to secure your identity, these include:
- Be vigilant. No provider of a service ever asks you to verify anything by email. You can do two things to set your mind at ease when you receive a phishing mail. The first is look closely at the sender address to see if it is genuine. For example, double click it (depending on your mail client) and you might see something like firstname.lastname@example.org – you can be pretty sure Amazon don’t use yahoo mail. Otherwise you could telephone them, or login to your account (not by clicking the mail link you were sent, but by accessing it how you normally would) and verify everything is OK.
- Whatever system you are using, Google, Office 365 etc – all of these providers offer “Multi-Factor Authentication”. This is where, in addition to your password, you are required to verify your login with a pin code or automated call to your mobile. If you have not enabled this service, do it! This means if a criminal does get your password, they still cannot access your system – as they don’t have your phone.
- In addition to Anti-Virus on your device, install specialised anti-malware. Anti-malware service providers provide real-time protection scanning thousands of websites looking for malicious activity, so if you click on a link that may be taking you to a site that could damage or encrypt (with crypto-virus) your machine you will be prevented by the anti-malware.
- If you get an email from a colleague looking for account information, a banking transfer etc – unless you expect the mail, don’t do it! Call that person and verify the request.
- If you get a phone call asking for information, hang-up and call the provider on their listed number for support. Never give information to someone on the basis of an unsolicited call.
- Finally, make sure you have a backup of your data. Google Cloud, OneDrive, whatever is your preference, set it up and set it running.
These are basic steps; they should seem obvious and I hope for most reading this they are. But for the non-techies out there that do get “hacked” every day, these simple steps should help prevent it happening to you!
Author: Jason Boyle, Operations Director, Aspira.