Look, security is annoying and hard. Unfortunately unless you plan on moving to a cabin in the woods you’re stuck with dealing with it and it’s not going away. Right now there’s stupid amounts of scams going about so I’m going to give very very basic advice and try not to confuse anyone because it is confusing sometimes even to IT professionals. Feel free to forward to family & friends.
General important point – PEOPLE LIE AND SOMETIMES PRETEND TO BE OTHER PEOPLE! I know this is shocking but it happens. Do not take people at face value just because their website looks right and professional or they sound important. I know you think no-one you know would do that but some people do. Crazy huh?
- NEVER click on a link in email or text asking to change a password unless you’ve requested it. Scammers guess everyone has gmail or facebook (and many other things) and can send a pretty convincing façebook.com email with a fake link (you barely noticed that i didn’t type facebook above did you). If you need to change your password, go to the website manually and change your password that way.
- Related, if you can, enable two-factor authentication on things you care about. Don’t stop reading because it sounds technical! Two-factor authentication is just a fancy way of saying “If i’m trying to change a password get me to confirm this is from me a second way”. Mostly this means they send you a text as well. For Apple that means they may send you a code on a different device. It makes it a little harder for you but a LOT harder for scammers. Trust me, a hacked account is way worse than 1 minute extra time on password changes. There’s usually a setting in your account settings somewhere. (in facebook it’s under settings – security and login).
- Try and use different and complex passwords for different things. I know this one is tricky but if you sign up for facebook with the same email and password as “Joes dodgy special internet thingy” then you’re likely in trouble. There’s some good ways to remember different passwords and if you have a secret way to remember that’s fine. Personally I use a password manager so I don’t have to remember (1password is excellent but there’s others. Ask your tech friends).
- I MEAN IT!… use complex passwords and at least make sure the things you use every day and rely on are different from the rest. Also bank ones should definitely be different.
- I know this is old news but please don’t click on attachments in email unless you’re expecting them. If you’re not expecting a document/presentation/something else from someone DO NOT CLICK THE LINK till you’ve called them and checked it’s from them. And yes, this is also two factor authentication. 🙂
- If someone calls from anywhere (banks, whatever) and asks you to confirm your identity before continuing DO NOT GIVE THEM PERSONAL INFORMATION. Seriously, you’ve not confirmed their identity in any way. They just sound official. If your bank calls, ask what department they’re from and say you’ll call back from the main number then look up that number (don’t take the one they give you).
- I know this one sounds weird, but passcodes are NOT passwords. Passcodes are things bank people may know to ask you and are usually pretty simple. A password should be something complex and NOBODY should need to ask you them. Seriously, if an IT person is asking for a password then they’re dodgy. (Yes, nerds, there are exceptions. Shut up and go for the base level security here).
- Ask questions. One of the most common scams at the moment is “This is your bank calling – we have a problem with your account”. Ask “Which bank?”. Ask “What is my full name?”. Or better yett, just hang up and call your bank from the number on their website and say “I just got a call from someone claiming to be from your bank – can you redirect me to the person who called?” They have call records.
- Lock your phone! I know some of you never will… but if I find your phone in a taxi I can take control of pretty much all of your digital life nowadays including bank accounts, and where are they sending texts to confirm it’s you? At least an easy passcode or fingerprint. You can set the lock for a few minutes but make sure it does lock. Either that or go back to a dumb phone with no internet.
Last point – be skeptical. Someone contacting you does not imply trust, and don’t let them confuse you with technical terms. If you don’t understand ask someone else. This is the modern equivalent of snake oil salesmen in fancy suits and smart looking bottles. Don’t fall for it.
(note: IT peeps – Yes, Shut up. This is simplistic and there are many more ways to protect yourself. This is a basic starter pack. We can work on add ons later. Feel free to add comments below but be polite and offer suggestions)