This article covers the following;
Good practices for keeping all of your accounts safe
Good practices for keeping all of your accounts safe
1. Using strong and unique passwords on each of your accounts is a great way to minimise the risk of someone else accessing them. Have at least 12 characters in your password including; uppercase/ lowercase letters and number or special characters.
This is especially important when it comes to your email account as cyber criminals can use your email to access many of your personal accounts, leaving you vulnerable.
The National Cyber Security Centre (NCSC) encourages the use of password managers or combining three random words when choosing your passwords.
Avoid the most common passwords that criminals can easily guess (like ‘password’). You should also avoid creating passwords from significant dates (like your birthday, or a loved one’s), or from your favourite sports team, or by using family and pet names. Most of these details can be found within your social media profile.
2. Turning on 2-step verification is another great way to add an extra layer of protection to your accounts.
2-step verification (2SV), which is also known as two-factor authentication (2FA) or multi-factor authentication (MFA), helps to keep cyber criminals out of your accounts, even if they know your passwords. Have a look at this guide to learn more about how it works and why is it important to have.
3. Update the software and apps on your devices regularly as they often include protection from viruses and other kinds of malware, as well as improvements and new features.
You should apply updates to your apps and your device's software as soon as they are available. If you receive a prompt to update your device (or apps), don’t ignore it. Applying these updates is one of the most important (and quickest) things you can do to keep yourself safe online.
4. Do not share sensitive information such as passwords, one-time codes, PINs or bank details with anyone.
Cyber criminals can now clone the phone numbers of organisations they want to impersonate or use very similar email addresses and fake websites to gain access to your personal details or try to intercept on-time passcodes.
It is always better to type in the website address in the browser yourself and if you’re calling a company back, find the number yourself and don’t use the number they supply.
Using the 159 service is the safest way to contact most UK banks after a supposed fraud call.
Spotting a scam
Spotting a scam
Emails and texts can be written to look like they’ve come from a trusted company or individual when in fact they haven’t.
By pretending to be reputable companies and making the situation sound urgent, hackers will try to trick you into revealing your sensitive information – either by entering it into fraudulent sites or sending it to them directly. Alternatively, they will attempt to trick you into downloading some malicious software that will attempt to farm sensitive information from your device.
If you have any suspicions that the message could be fake, you should never click any links, submit any sensitive information or download any software contained within the message. In this situation, it is always better to type in the website address of the company yourself and navigate to the relevant section that way.
Signs of a scam
Ways to tell if an email, text or call might not be genuine:
It contains spelling mistakes
There’s a generic 'dear customer' header
It asks for sensitive, personal or financial information and passwords
It asks you to call a number you don’t recognise
The sender uses an urgent tone, telling you to act now
There’s a name in the header with extra letters, numbers or substitutions. For example, a fraudulent email trying to imitate giffgaff might replace the letter ‘i’ with the number 1
Remember:
Don’t click on links unless you’re 100% sure they’re genuine
Trust your instincts. If it looks suspicious or too good to be true, there’s probably a catch
Don’t give away any of your personal details
If you’re worried about an email, text or call, get in touch straight away.
Phishing
On the Internet, "phishing" refers to criminal activity that attempts to fraudulently obtain sensitive information. There are several ways a fraudster can try to obtain sensitive information such as your driver's licence, credit card information, or bank account information, often luring you with a sense of urgency.
Sometimes a fraudster will first send you a benign email (think of this as the bait) to lure you into a conversation and then follow that up with a phishing email.
At other times, the fraudster will just send one phishing email that will direct you to a website requesting you to enter your personal information such as User ID and Password.
Smishing
Just like phishing, smishing uses cell phone text messages to lure people in. Often the text will contain an URL or phone number. The phone number often has an automated voice response system. And again, just like phishing, the smishing message usually asks for your immediate attention.
In many cases, the smishing message will come from a "5000" number instead of displaying an actual phone number. This usually indicates the text message was sent via email to the cell phone, and not sent from another cell phone.
Do not respond to smishing messages.
Pharming
Pharming is another scam where a fraudster installs malicious code on a personal computer, phone or server. This code then redirects any clicks you make on a website to another fraudulent website without your consent or knowledge. Be especially careful when entering financial or personal information on a website. Look for the ‘s’ in https and the key or lock symbol at the bottom of the browser. If the website looks different than when you last visited, be suspicious and don’t click unless you are absolutely certain the site is secure.
Vishing
Unfortunately, phishing emails are not the only way people can try to fool you into providing personal information in an effort to steal your identity or commit fraud.
Fraudsters also use the phone to solicit your personal information. This telephone version of fraud is sometimes called vishing. Vishing relies on “social engineering” techniques to trick you into providing information that others can use to access and use your important accounts. People can also use this information to assume your identity and open new accounts.
Please note that giffgaff will never call you or ever ask for personal information such as passwords, verification codes, one time passwords or bank details.
Reporting a scam email, text or call If you receive a suspicious text, please forward it to 7726 as it won’t cost you anything. If your phone supports SPAM reporting then press the SPAM button to automatically forward the message to 7726.
Information shared to 7726 will be available to all mobile operators, the Information Commissioner’s Office and various approved organisations that are involved in criminal investigations, to enable them to identify the senders.
You can also report your phishing experiences to report@phishing.gov.uk. The information provided lets law enforcement organisations remove fraudulent sites.
Other handy advice to help you stay safe online:
Take Five to Stop Fraud – information and advice about payment fraud
Action Fraud – the UK’s national reporting centre for fraud and cybercrime
Get Safe Online – factual and easy-to-understand information on online safety
Which – advice on scams
Did this solve your problem? If not, pop over to our friendly community for a quick response. Or ask one of our helpful agents for an answer within 24 hours.