I am an IT professional, and I was recently the victim of a cyber-attack. There I was, standing in line at the cleaners, when I absentmindedly pulled out my phone to check my mobile banking app. As I opened the app and clicked on my account, I began to see transactions posting from a food delivery app. One after another, after another… As I watched this happen in real time, I shouted “NO!” and the entire line turned to look at me. 18 charges in all, and none of them were for items nor services I had purchased. I ran out to my car and called the number on the back of my card, which was sitting in its slot in my wallet. Within minutes, I had cancelled the card, but not before all 18 charges had gone through. $873 in charges! The next business day, I had to take time off to fill out paperwork to dispute the charges with the bank. I had to get a new card and then painstakingly figure out who I paid automatically each month with that card, i.e. the gym, lawncare service to change the payment info. I had to go onto PayPal and Venmo and make adjustments. Two days later, the money was back in my account while they investigated the fraud. It was a time consuming process to get my world right again, and it felt so violating to be a victim!
As I delved into the theft of my banking information, I realized that the failure was a breach inside an app for a restaurant. I use the app weekly on Taco Tuesday, as their food is “teenager approved” in my house. The hacker got my banking information through the app and placed orders throughout California, 18 orders in all.
With the ease and convenience of carrying a smartphone (a mini computer) in your pocket at all times, it is even easier for online predators to steal your information! In our increasingly wireless and interconnected world, you can never be too safe. Many cyber-attacks happen through social engineering, when users are manipulated to give up their usernames and passwords to hackers, scammers, and other cybercriminals. These techniques range from malware links, phishing websites, phone calls, and more. In light of my cyber theft, I have put together some “tech tips” for staying safe while online. These aren’t just tips for your elderly parents…this is real info I hope you’ll use to stay safe as our lifestyles evolve.
· How you get to the internet matters! Hackers exploit the vulnerabilities of public Wi-Fi. If you’re on a shared Wi-Fi network, your information is in more jeopardy than on your home network or cellular network. Most of these networks, like those at coffee shops, airports or gyms, lack necessary security measures, have no security protocols, and if they even have one, weak passwords. Any hacker hanging out on these unsecure networks can intercept your info and use it later on. If you have no choice but to use public Wi-Fi in a pinch, never conduct any online banking or activity that involves sensitive data!
· Pump up those passwords! Smart passwords containing upper and lower case letters, numbers and other characters are harder for hackers to figure out. You should also use a variety of passwords for your accounts. Studies show that two out of three people use one password for all of their online accounts. Avoid being part of this statistic by shaking things up! Apps called “password keepers” are available to help keep track of your passwords and can even randomize them for you. Also, change your passwords regularly. Lastly, in case your smart phone is lost or stolen, make sure it has a code required to unlock it. (and make it challenging!).
· Put a deadbolt on the door to your accounts. Another layer of security that is offered on most websites and mobile apps that house sensitive information is multifactor authentication (MFA). MFA is when you are prompted to enter a code that is sent via text or emailed. Opt for a text, if possible, because while email accounts can be accessed from anywhere, text messages come right to your phone. This makes it harder for any hacker to get in. The more hoops to jump through, the better!
· Beware of phishing scams! Legitimate emails and text messages from reputable companies will never ask you for personal information like account numbers, passwords, and social security numbers…but hackers will! Scan emails with links carefully, as well as all emails from those you are unfamiliar with. Hackers are good at masking their identities, but there are invariably misspellings or errors in the email address that they are sending from, the header/footer, or body of the email. Never click on links or open attachments from an email address you can’t verify. Another common form of phishing includes pop-up warnings about security deficiencies on your computer. The pop-up warning typically advises you to download software to fix these so-called deficiencies. If the warning is not coming from antivirus software you have installed on your computer, don’t open or download those attachments! The attachments may contain viruses, spyware, or other malicious software.
These are just a few tips I felt compelled to share in light of my recent experience. Use these tips to stay safe while online and share them with your family and friends. The only way to stay cyber safe is to stay cyber aware, pay attention to emails and links, be smart about where you are accessing the internet from, and add an extra layer of security on all accounts you access that include sensitive data. Be smart with passwords and keep those hackers guessing! For more cybersecurity tips or for more information about our layered security approach, please click here for more info!