Protecting your identity from cyberthieves
Visualize yourself in the following scenario:
Your alarm goes off, time to wake up.
Your daily routine starts by checking your email inbox.
What’s this? An email from your “bank” with a subject line: “Problem with your Direct Deposit.” Wonderful. Pay day is tomorrow and you want this resolved, quickly.
At a glance, the source looks legitimate. So, instead of calling your bank, you take matters into your own hands and open the email. In it you find a nonthreatening message politely asking you to “reply with your online banking username and password to reactivate your direct deposit.”
Sounds easy and legitimate enough, right?
So, you type, type, type, and send.
A few hours go by without a confirmation email, so you call your banker.
Your banker responds: “There was no issue with your direct deposit.”
Uh-oh … [For your reassurance, please know that Park Bank would never ask you to send confidential information directly via email.]
Cyberattacks come in a lot of different ways, but their end use is the same: to cause damage. That damage can take the form of financial gain, disruption, revenge, and even cyberwarfare. And with remote work and digital banking surging, cybercriminals are on a rampage.
So, how do you thwart these cyberthieves? Here are 10 tips to protect your identity:
- Two heads are better than one
Turn on multifactor authentication (MFA). MFA is an authentication method that requires you to provide two or more verification factors to gain access to a resource such as an account, application, or a VPN.
- Don’t link to the wrong chain
Don’t click on links from untrustworthy sources. This may seem obvious, but cybercriminals are constantly honing their craft and it can be easy to get fooled. Be sure to examine addresses before clicking links within emails. Misspellings and poor grammar are a couple of tell-tale signs an email was constructed by a hacker.
- Attack of the typo
Typosquatting is a cyberattack that can happen when you mistakenly make a typo directly into a web browser. Fraudsters pay to obtain the rights to misspelled domains and hope you’ll make a mistake. These fraudulent URLs can take you to unsafe web locations. Your best bet is to type into a trusted search engine, rather than your browser.
- Software, the added defender
Make sure your network defenders are updated on all your devices. Turn on automatic software updates when they’re available.
- Add muscle at home
You should bolster your home network by using a strong encryption password and a virtual private network (VPN).
- You like to read 1BLOG!
When constructing passwords, think “passphrases.” A passphrase should be a phrase or saying that makes sense to you in a meaningful way. For complexity, use multiword phrases with capitals, punctuation, and spaces. While expert opinions vary, a good passphrase generally should be at least 12 characters. Typically, the longer the passphrase, the better — so long as you can remember it. A password manager is a helpful tool for remembering and storing your passwords (and much more secure than writing them down). Example: I eat 3 pizzas on Friday, Saturday, and Sunday!! = Ie3pofSaS!!
- Stay humble on your keyboard
Going on vacation? It’s best to not let the world know you’re gone until you get back. Save posting oceanfront photos for when you return home. If word that you are away travels to the wrong person, it could spell trouble.
Have an account at “_________.com”? If the company’s database has been hacked, you should immediately change your password for that account. If you use that same password for other accounts, change those too.
- Cut out the junk
When it comes to email, remember: When in doubt, throw it out. Use good judgment. If something sounds too good to be true, it probably is. What if it’s legitimate though? You can hover over an email address to see if it’s spelled correctly and has no spaces, commas, and all the @s, dots, and domain extensions are correct.
- OK, you totally ignored this article’s first nine tips and you’ve been hacked — now what?
If you know you’ve been the victim of a cyberattack at work, contact your IT department immediately and report it to your supervisor. If a personal account was hacked, change all compromised passwords, create fraud alerts for your credit, and monitor your accounts closely. Report the attack to appropriate authorities such as the FBI Internet Crime Complaint Center and the FTC.
Vice President, Information & Cyber Security