*Updated 6 August 2014: A Russian cybergang has stolen as many as 1.2 billion user names and password combinations. They injected malicious code into 420,000 websites to gather this data. This is one of the largest yet. You can register at http://holdsecurity.com to see if your password/email has been compromised.
I’ve been getting emails from friends and family about random websites to visit, or even worse, I received an email from a close friend saying she was stuck in Europe and needing me to send money. I have received emails from Nigerian princes, an email that I had a package from UPS to be picked up, and last week I received a text saying I won a $1,000 Target gift certificate. To claim it, I just had to give my credit card to them!
Hackers, scammers, and phishers (someone attempting to steal information by masquerading as a legitimate entity) have been using more sophisticated means to infect our computers with a virus and/or steal our personal and financial information.
- These attackers will send you an email impersonating well-known web-sites and give a link that will lead to a website that is an exact replica. They will even put a warning and privacy information on the website to fool even the most careful person. I once received an email stating that my account had been compromised at a bank and to click on the link to change my password. I was about to click on the link until I realized I didn’t have an account at that bank!
- Once you are on the website, they will ask you to verify your log-in information where the hackers will steal your information. Some sites will download a virus or an attachment that gives them the ability to access everything on your computer.
With these hackers becoming more advanced in their methods, how can you avoid falling prey to these scams? Here are some tips to protect your password.
- Be aware and do your homework. Never respond to unsolicited email asking for personal information. Most scams are exposed on the Internet. If something seems fishy, Google it and do your research. Also call the company from where the supposed email came. They will be able to tell you if it is a scam or not. Several years ago, I forwarded an email I got to the company it supposedly came from and received an immediate response that it was not legitimate.
- Check the addresses to the websites. In many cases, the web address is slightly different from the real web-site. I recently received a Twitter message that someone was spreading bad rumors about me and to click on the link twittr.com. Do you see the difference? Those in a rush wouldn’t catch it, but by changing the website very slightly with one letter, they can get any person to their website.
- Download up-to-date anti-virus, anti-phishing, and anti-spyware software. A good rule of thumb is to not download anything unless you are expecting the email, or run anti-virus, anti-phishing, and anti-spyware software on your system. Regularly scan your computer and automatically download the most recent software updates.
- Create strong passwords and security questions and answers. The top passwords used in 2011 were “password” “123456″ and “abc123.” With passwords as easy as this, hackers can get into any account. Create a strong password with different characters, upper and lower case, numbers, and symbols. Try not to create actual words and change them regularly. Also for security questions, do not use things that can be easily answered by Googling you.
- Separate Social Media and Financial Account Passwords. Don’t use the same passwords for every account. Mix it up, especially ones like your social media accounts and your bank, credit card, and other financial passwords. This way is one of your passwords are stolen, they don’t have access to all of your sites! Be careful to not share it with people and store in safe places.
- Stay Informed. It seems every several months or so their is a breach at companies, passwords stolen, or new online scams. Check out the latest breaches and see if you are affected. I recommend changing passwords every 90 days if possible
- Use Software to Remember Passwords. I have at least a hundred different username and password combinations across all of my sites. It is impossible to remember them all, especially if you want to make it difficult for people to hack it. I use a password manager program called Password1 to track each of the combos plus other additional information. You can check out LastPass, Keepass, and Yubikey.
These simple steps can prevent hackers, scammers, and phishers from getting their hands on your valuable information!