Saturday, November 21, 2015
Hackers are actively decrypting passwords to access your online bank account
Worryingly, hackers are now finding ways to decrypt passwords and usernames stored on the KeePass password manager, which has long been touted as one of the most effective platforms for computer users to keep their personal information safe.
Use a 'combination' password to reduce the risks
Avoid choosing a password that is a common word, such as a name or a colour, and refrain from anything that is too obvious, such as your place of birth or favourite team. Instead, consider a password that has at least eight characters comprising a combination of letters and numbers, and, if possible, one or more punctuation symbols, such as a hyphen or underscore. If you would prefer to store your passwords, a good tip would be to write them down and keep them stored in a lockable drawer. Of course, the most risk-free approach is just to keep them in your head.
Avoid unsecured Wi-Fi networks
Unless it's an emergency and you have to access the internet, don't use unsecured Wi-Fi networks. Even though it may be tempting to link your device to a free Wi-Fi network, you could be exposing your personal data to a cyber criminal sitting just metres away connected to the same network. The biggest mistake you can make is entering confidential information, such as credit card details or bank log-in information, through these networks. Indeed, many free Wi-Fi providers will advise their customers to avoid entering confidential information in this way.
Never open any suspicious-looking e-mails or texts
Think of opening up an e-mail as opening up your front door at night. Unless you're expecting someone, or you can verify who the person is, don't open it. Phishing e-mails often contain attachments that are infected with viruses, and many also request personal information, such as bank account details or card numbers, in an attempt to steal your money.
Look out for obvious – and not-so-obvious - errors
Often, e-mails will have unusual titles, which could range from a 'cleaning bill invoice' from a cleaner you've never met, to a special 'tax demand' from HMRC, even though you're expecting a rebate. Another useful clue to determining whether something is fraudulent is to consider the quality of the grammar. Most of the time, the title will have some kind of grammatical error or will be phrased in an unusual way.
Look at the details
For example, 'cleaning invoice nu. 282' should read 'No. 282', and 'HMRC tax Demand' should not have lower case for the word 'tax'. A substantial proportion of these cyber criminals do not speak native English, and many use translation apps. Would your bank ever describe you as a 'cherished customer'? Would you receive a 'final notice' demand for payment without having received any previous reminders?
Keep your mobile safe
StaySafeOnline, a website pioneered by the US's Cyber Security Alliance, recommends that everyone should have a different password for different mobile accounts, and this personal information should not be stored anywhere on a computer. Users should also change their password several times each year, and authenticate their account with multi-factor or two-factor authentication technology, which require additional identification in the form of a security code or voice recognition.
Alex Viall is the Director of Mustard IT Support Services, a London-based company that offers professional IT support to businesses across London and the Home Counties.
Image credit:License: Image author owned