When it comes to protecting your online information, it pays to be vigilant.
More recent data from the Australian Competition and Consumer Commission shows financial losses from phishing schemes, which trick people into giving out personal information, are up 261 per cent in 2021, compared to last year.
With the pandemic increasing our dependence on the internet to work remotely, access services and communicate with others, how can we protect ourselves from these kinds of cyberattacks?
Here are our tips.
1. Be social, but with care
Your personal information on social media can be used for targeted online scams, so be careful about the kind of information you share publicly.
For example, if you post your pet’s name or your mother’s maiden name, you might inadvertently reveal the answers to two common security questions.
Check your privacy settings on platforms such as Facebook, Instagram and Snapchat, so that you know exactly what information you are sharing with whom.
Also, only accept friend requests from people you know.
Don’t include your date of birth, address or other sensitive information on your social profiles and be careful about revealing your location.
These details can be used for targeted phishing attacks. To appear legitimate, scammers will often send you a personalised email with information like your name, personal details and interests.
2. Don’t get caught in a phish
Phishing is how cyber criminals steal confidential information. They do this by sending a fraudulent message.
The messages can come from organisations you trust, so that they appear to be legitimate. Previously used examples include the police, utility providers, banks, telecommunication services and even government departments like the Australian Taxation Office.
You may receive them via email, SMS, instant messaging or social media platforms. Often there will be a link to a bogus website, where you are encouraged to provide confidential information.
The Australian Cyber Security Centre suggests taking the following steps to protect yourself:
- Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know.
- Be especially cautious if messages are very enticing or include threats to make you do something.
- Before you click a link, hover over it to see the actual web address (usually shown at the bottom of the browser window). If you do not recognise or trust the website, try searching for relevant key terms in a web browser. This way you can find the article, video or web page without directly clicking on the suspicious link.
- If you’re suspicious, talk to a friend or family member about the message, or check its legitimacy by contacting the relevant business or organisation (using contact details sourced from the official company website).
- Use a spam filter to block deceptive messages from even reaching you.
- Be aware that your financial institution and other large organisations would never send you a link and ask you to enter your personal or financial details.
- Use safe behaviour online. Learn how to use email safely and browse the web safely.
- Stay informed on the latest threats by signing up to ACSC Alert Service or checking Scamwatch regularly.
3. Think like a scammer
Knowing how scammers operate will help you spot a scam. Clues to look out for include:
- A dodgy email address
- Spelling and grammatical errors
- Requests for money or information
- Clickbait tactics such as appealing to your sense of curiosity or creating urgency.
4. Know how to respond
If you suspect a scam, don’t do anything the email or message asks and don’t reply. If you’re at work, notify your IT desk straight away.
If it’s too late and you’ve already revealed financial details, contact your financial institution immediately.
You should report the scam to Scamwatch. They can provide information about where to get help if you have been scammed.
5. Be clever with your passwords
Using the same password across multiple accounts is a big no-no! Be sure to mix up your passwords and to change them regularly. Choose multi-factor authentication where possible.
The longer and more complex the password, the better. A strong password should contain a few capital letters, numbers and a symbol. It’s a good idea to use passphrases of 12 or more characters (for inspo, click here).
If the idea of remembering multiple passwords gives you a headache, consider using a Password Manager. These programs help you to generate complete passwords and store them in an encrypted database.
We hope you found these tips handy. Remember, your cybersecurity is important, so be proactive and help protect yourself today.