Written By James Steel

Keeping Safe Online

Keeping safe online

Introduction

It has never been more important to protect your details online. More and more services are asking us to give up our e-mail addresses and more in order to use their services. At best, you are opening your self up to a barrage of marketing emails. At worst, you are trusting that service to keep your information safe. There have been quite a few major data breaches over the last couple of years. TalkTalk and LinkedIn have both fallen foul, along with quite a few other major brands.

There has been a steady rise in the number of scam emails pretending to come from a popular service that you might use. These are known as Phishing scams. This is because they just blast out the emails and hope to catch a few unwary people.

You may also have received phone calls from people claiming to be from Microsoft. They claim your computer has a virus but they can fix it for a fee. They take you through some steps and get you to "check" some things on the computer to "verify" that it has a virus. What they show you looks scary, but is in fact the normal workings of Windows, and nothing to worry about.

In the rest of this article, we will go over how you can tell a scam email apart from a real one, and give some tips and tricks to help keep your details safe from fraudsters.

Scam E-Mails

If you have been using an email address for a while, then sooner or later you will get one of these. They come in many forms, and are usually a complete copy of a legitimate email, with some differences. The main one is that the buttons usually link off to the fraudsters website and is usually an attempt to steal a password. NEVER click on anything inside an email you suspect to be fake. Even if you did click it but didn't go any further, you have potentially let the scammers know that the e-mail address was still active. Expect more emails if you did this!

Here are our top tips for spotting a scam email.

  • This might sound obvious, but do you even use the service in question? If you don't delete it immediately.
  • Read the email carefully. Most of these emails come from countries where english is not the first language. If the english in the email just feels even a little off, treat it as suspect.
  • Around certain dates in the year, particularly as we approach April, there is usually a rise in Invoice scams and HMRC fake emails. If you get any XERO or Sage invoices around this time, it's quite likely to be a scam. Verify the name of the business that is sending you the bill to make sure it someone you have actually hired. Like wise for anything from HMRC - always ignore the instructions in the email and login to HMRC directly without using the links in the email. You should be able to verify any messages once logged in.
  • Check if the email is using the companies current branding. I've seen banking scam emails that are using outdated versions of logos and brand colors. Might seem sloppy, but people still fall for it.
  • Have they addressed you by your name? A dead giveaway usually is that the email is addressed to the first part of your email address, or just to Dear Customer. If it was real, it will most likely be addressed properly.
  • Without clicking on anything hover your mouse over one of the links in the email. After a second or two, it should pop up a little thing with target address of the link. Once again, do not click it but just read the link address that pops up. Does it seem wrong in anyway? Is it going to a Russian or Chinese domain name? Does the name of the domain just seem a little strange? I've seen things along the lines of "appleservice-europe.com". If it just seems not quite right, delete the email.

The golden rule for any financial e-mail is to ignore the instructions in the e-mail. This is especially true if it is trying to encourage you reset your banking password and change your pin number. Banks will never do this over email. The best thing to do is to either phone up your bank and query it, or to login directly to your online banking and look for messages. Most banks have a customer support chat facility inside the online banking site. If you are still unsure, just have a chat with them. They may ask you to forward the email to them so that they can take steps to stop more going out.

Lastly, the best thing to do for signing up to services online is to use a free throw away email address such as a gmail or outlook.com address. These services usually have very robust anti spam measures and will reduce the likely hood of getting emails like this in the first place. It will also keep annoying marketing emails out of your main inbox.

Passwords

As someone who builds websites for a living, I often need to ask clients for access to things like hosting accounts. You wouldn't believe the things people send me as a password! Here are some top tips for a great password:

  • Do not use dictionary wordssdf
  • Use a mix of letters, numbers and punctuation. Mix uppercase and lowercase as well.
  • Do not use something guessable like your date of birth, or your pets name.
  • Some websites have a gauge on it that tells you how good the password strength is when you set up an account. Keep going until it turns to the maximum allowed. It will usually turn green or say "strong". Even if it allows a weaker choice, go with the strongest you can think of.
  • Use a unique password for every online account. Usually, after a data breach, hackers will try your email address and stolen password against all major services like Google, Facebook, Instragram etc. just to see if they get lucky. If you use the same password for everything, then you have just allowed them to get into everything!
  • Use a password manager (more on this in a moment). This will help you keep track of your passwords.
  • Do not use anything like a National Insurance number, Passport Number or any other official reference number.

Use a password manager

As mentioned above, a password manager is a great way to keep track of your passwords and it means you only have to remember one password. The trick here is to make a password you can remember, but is very strong. We recommend using your cars licence plate. If that is too short, add the year it was made on the end. This should give you a complex password that most people should be able to remember. Another tip is to turn over your mouse, keyboard, or phone. There is usually a long serial or model number under there. Pick one that has a special character in it like a "-" or a "#" and use that.

We don't recommend using the password built into most web browsers. Whilst it might seem convenient, it's not terribly secure. Instead, recommend Buttercup password manager for this. It is completely free, and will work across all of your mobile and tablet devices. It is also heavily encrypted. Even if your vault got stolen, it would be very difficult to break into it and get at the passwords.

Buttercup Password Manager

You can setup multiple password vaults with it, which is great for splitting your personal accounts up from personal ones. It also includes a password generator which can will help you generate a very strong password without needing to remember it.

You can download Buttercup here.

Surviving a data breach

So the worst has happened and you have heard of a data breach in the news for a service that you use. The first thing to do, without delay, is to change the password for that service. Do this immediately. The second thing you can do is check if your email and password was actually caught in the breech. There are a number of services that will let you do this. A good one is provided by Mozilla.

Firefox Monitor

Just visit Firefox Monitor and pop your email address in. It will check for a match in all known data breeches. If you are unlucky to have been caught in one, change all of those passwords immediately, or even close down the accounts if it's something you do not really use.

If the breach included anything to do with financial data, like credit card details then we recommend that you also change your online banking passwords and card pin numbers as a precaution. You can also ask your bank to issue a new card if you want to be extra careful.

We hope you have found these tips useful. Stay safe!

Like what you are reading?

We would love to work with you. Get in touch today to see how we can help you grow your company online.

Contact us