When was the last time you changed your password for Amazon, eBay or even your own bank? And when did you last back up your files or update antivirus software? Feeling sheepish? Then read our 17 tips to ward off the scammers.
You wouldn’t stick a note to your front door listing your mother’s maiden name, your credit card details, date of birth or password. But every time you sign up to an e-newsletter or shop online, you’re increasing who has access to this personal information and losing control of its security. If the data falls into the wrong hands, you’re opening yourself up to theft, identity fraud and other scams.
It’s time to take action to take as much control as possible. We’ve outlined 17 of the best ways to protect your accounts, devices and money online in 2017.
1. Test your passwords
No matter how clever you think your password is, the technology hackers use could be smarter.
A way to test the password’s strength is via website howsecureismypassword.net. It’ll give you an estimated time it would take a computer to crack your password, from nanoseconds to a trillion years-plus, and offers hints on how to improve it.
2. Use a password manager
It can be a nightmare to remember all your different login details. Writing them all down is itself a security risk if you were burgled, as is keeping them in an email account. This is where password managers, such as LastPass.com and Dashlane.com, can make a huge difference.
These online accounts store all your log-in details and protect them with a single master password. You can also automatically change your existing passwords to a random series of symbols, numbers and letters without having to visit the sites in question.
Both have plug-ins for Chrome and Safari browsers, and apps for mobile devices, to quickly input the complicated passwords you’ve created – once you’ve entered your master password.
These two services are free, though Dashlane requires a premium subscription (US$39 a year – about £32) if you want to synchronise across multiple computers and phones.
3. Double up on the most sensitive accounts
You can set up double authentication on many websites, adding an extra layer of security. You’ll be familiar with this if you bank online, as many require a code generated on a phone or separate device to log in or authorise payments.
Although this can add a minute or so to your signing in, it will be well worth it if the consequences on a security breach were dire.
You should also make sure the most important accounts have an alternative email address or phone number registered in case you are locked out and need to regain access.
4. Set up alias accounts
Many email providers, including Yahoo and Gmail, allow you set up alias email addresses. For example, if your email address is Andy@yahoo.co.uk, you could create email@example.com for any newsletter you sign up to. Those emails would still arrive in your inbox, but your real email address won’t be shared out to marketeers and any potential hackers.
5. Password protect your devices
You need to ensure every bit of tech you use to access the internet is as secure as it can be. Even if you’re the only person who uses your computer or phone, you need to add a password or passcode to use the device. Treat it as you would your PIN, meaning don’t share the details with friends.
6. Keep your software up to date
Hackers hunt out vulnerabilities in the operating software of your devices and try to expose them. Companies such as Apple and Microsoft will release patches when they are made aware of dangers, so it’s important you update software when prompted – just ensure you check it’s a legitimate source asking you to do so.
7. Scan for viruses and spyware
If you have Windows 8 or above you’ll have Windows Defender, while Windows 7 and Vista comes with Microsoft Security Essentials. You can buy premium antivirus software, but if you want a free one PC Advisor magazine recommends Avira.
Apple Mac computers are generally thought less vulnerable to viruses. This is partly because Microsoft Windows is used by a lot more people than the Apple Mac OS. Because more people use Microsoft Windows, it is a much better target and makes it easier for viruses to spread. However, as Apple Mac computers gain market share, virus infections are becoming more common than they used to be.
8. Back up to beat a ransom
A recent threat to your computer is via ransomware software. If this makes its way on to your computer, you could be locked out – unless you pay a ransom. To protect against this, back up your computer regularly. Having an up-to-date portable hard drive available will allow you to restore all your information from scratch should the worst happen.
9. Ignore suspicious email attachments
If you aren’t expecting an attachment, don’t open it. Avoid clicking on any links too. This isn’t just through email. You could receive them via messaging apps, such as WhatsApp or Facebook.
Be especially wary of emails that claim to be from your bank or official bodies, such as HMRC.
10. Watch what you download
One popular scam is for a person to cold-call your landline and claim they’re from Microsoft or TalkTalk. They’ll claim your computer has been hacked and direct you to download a file, which will allow them to help you. This is, of course, nonsense. The downloaded file will actually give the scammer access to your computer and the details held on it.
11. Know the signs of a safe site
It is relatively easy to make a professional-looking website, so you need to look a little closer to ensure you’re on a legitimate site. In the address bar, check for the letters ‘https’ at the start, and for a padlock symbol. This means you’re on a secure site.
Also check the URL is correct as copycat websites can take advantage of misspellings. If you’re unsure, look for the legitimate sites via search engines.
12. Avoid public computers and unsecured wi-fi
Checking the football scores in the Apple shop is fine, but it’s a bad idea to enter any passwords or financial data into computers that don’t belong to you.
You should also watch out for free wi-fi in cafes and shops. It might not be secure, meaning hackers could intercept anything you type.
13. Always log out
Once you’ve finished with a website, remember to log out. If you use a shared computer at home or work, always lock it when you’re not using it.
14. Double-check before transferring money
There has been an increase in fraud where the email account of a solicitor or builder is hacked and new invoices are sent to clients. Everything looks legitimate except for one small change – the bank details. Unfortunately, there is little protection if you move money to the wrong account, so clarify the details before you transfer money online.
15. Don’t save card details
It is easy to click the box “remember my details for next time” when shopping online, but you need to weigh up just how important one click shopping is to you. Putting your card details in each time will only take 30 seconds. A worthwhile trade when you consider the consequences.
If you do want to store card details, there is one trick to protect yourself. Use just one credit card for every site. If an online account is compromised, you know you only have one card to cancel.
16. Make payments within the site
If you are using middleman sites, such as eBay or AirBnB, you might be asked to pay outside of the main website. This would mean avoiding charges, but you’ll also lose protection if something goes wrong.
17. Find out if you’ve already been hacked
From TalkTalk to Yahoo to LinkedIn, we’ve seen some high-profile companies hacked and details made public. If you’ve used the same email and account for a number of years, there’s a good chance you’ve been caught up in one of the attacks.
To find out for sure, enter your email address into the website Haveibeenpwned.com, which searches details of 179 hacked websites.
What to do if you’ve been hacked
If you find your details have been hacked or leaked, the first thing to do is to change your passwords. If you’re locked out, you may need to reset access first.
Then keep an eye on your financial records for any purchases you didn’t make and check your credit report for any applications that are made in your name. If money is taken, contact your bank immediately and alert Action Fraud.
How I mastered my passwords
I’d been guilty of having a few variations of the same password on most accounts, but a few high-profile hacks finally forced me to take action.
The passwords on my emails, social media, banking and a few other accounts had already been changed last year, but I’d often forget what they were.
So I signed up for LastPass and began to enter my main accounts. My master password seems secure – Howsecureismypassword.net says it will take four billion years to crack, and there is a plug-in that prompts me to save details each time I sign into a new account, and it’s easy to cut and paste passwords from the secure ‘vault’
I’ve put in around 30, but there are still dozens that need to go in, and plenty I’m sure I’ve forgotten on top. However, I’ve covered all the most important accounts, and I’ve easily changed each of the passwords through LastPass.
It’s a little annoying that I now can’t remember all the details, but at least I know my details are safe.
The master password becomes the only password you need to remember as once you use it to open your password manager, you can access any other log-in details you have saved there. Just make sure you never use this master password for any other account.