Cybersecurity Awareness Month is a fantastic time to review a few long-standing threats to the safety of your personal and financial information online. Let’s get started!
The perils of repurposing passwords
Passwords are now used to protect access to an unprecedented number of websites. In 2021, the average person uses between 80 to 100 passwords; reusing them is a tempting snare over the relative inconvenience of securely storing passwords. Therein lies the threat. Using the same password for your online accounts increases your risk of experiencing identity theft and online account compromise. Identity theft can take days—even years—to fully resolve, and unauthorized access to your digital banking account can wreak long-term havoc on your credit score.
Cybercriminals steal or buy passwords from other cybercriminals and then attempt to use those passwords to gain access to a countless array of online websites requiring a password. The risk of your info being stolen and abused rises steadily with the number of online passwords you reuse. Don’t repurpose your passwords!
- Use a different password for different online accounts, especially sensitive accounts such as your online health care (telehealth), banking, retail sites like Amazon, and tax preparation websites.
- Consider using a password theme—for example, passwords related to baseball, cooking, Bigfoot, or science, to make frequently used passwords easier to recall.
- Use a password manager application to securely store your passwords and remove the need to recall any of them!
The interminable threat of phishing
Social engineering involves an individual tricking another person into divulging information that otherwise would not be divulged. Social engineering via email is called “phishing.” Phishing remains the most enduring and effective method used by cybercriminals to steal your sensitive information. No lure (or aptly called a phishing “hook”) is too shameful—including COVID-19 misinformation, extortion, fake security tools, disaster relief; or anything to elicit fear, garner sympathy, or kindle your curiosity. Don’t get hooked!
- Don’t click on an attachment or link within an email that comes from someone you don’t know, especially if the language is extortive (blackmail), creates a sense of fear or urgency, or asks for sensitive information.
- Examine any email in your inbox with extra scrutiny during the approaching holiday season.
- Suspicious of an email? If a company name is mentioned, find that company’s official website and call the number to verify the legitimacy of the email.
- Scammed? Victim of identity theft? Report it at FTC.gov.
Social engineering and the ugly duckling romance scam
In September 2021, the FBI reported that a massive spike in online romance scams sadly caused Americans to a lose an estimated jaw-dropping $113 million since January 2021! Scammers use fake online identities to gain a potential victim’s trust on a dating or social media platform, or simply via email. After the victims are lured in, criminals take advantage of the crafted illusion of a romantic relationship to manipulate victims into sending money and/or financial information. The predictable human psyche, not an extraordinarily sophisticated cyberattack, is seemingly the most powerful weapon in a criminal’s arsenal when it comes to romance scamming. Don’t fall for it!
- Never send money, trade, or invest per the advice of someone you have solely met online.
- Do not disclose your current financial status to unknown and untrusted individuals.
- Do not provide your banking information, Social Security number, copies of your identification or passport, or other sensitive information to anyone online or to a website you do not know is legitimate.
- If an online investment or trading site is promoting unbelievable profits, it is likely … unbelievable.
- Be cautious of those claiming to have exclusive investment opportunities and urge you to act fast.
Whether you’re creating a unique password for a website, scrutinizing your emails for suspiciousness, or hitting the online dating scene, SELCO urges you to remain vigilant so that your information (and your heart) is kept safe! And be sure to check the Cybersecurity & Infrastructure Security Agency (CISA) website periodically throughout October for additional information about protecting your information.