Tips to Avoid Getting Scammed at Home, School and Work

Let’s cut to the chase: scams are everywhere out there today, which makes it important that you are aware of how to avoid them. Let’s run through a few basic tips we always recommend.

Don’t Click on Links or Open Attachments You Didn’t Expect

If you receive a link or an attachment that you weren’t aware was coming—regardless of whether it comes in through an email, an instant message, or a text message—you should always reach out to the apparent sender through a different means of communication to verify that the link or attachment is legitimate. This is something you should do even if you expected this information, or at least proceed with great caution.

If your bank (or literally any other account or entity) sends you an emergency message about your account, don’t tap the link. Instead, log into your account like you normally would and look for the issue from there. It never hurts to change your password either.

Use Strong, Unique Passwords All the Time

According to NordPass, “123456” was the most-used password in Belgium. And in Chile. And in Estonia. And in Lithuania. And in the Philippines. And in Taiwan. And in the rest of the world.

I think you see the point I’m getting at…certain passwords are both horribly insecure in how often they are used, and relatedly, in how easy they are for a cybercriminal to therefore guess. That password, 123456, was found 103,170,552 times, and would presumably take less than a second to crack.

This is what makes it so important that you come up with sufficiently secure passwords—ideally, passphrases (random words chained together with some characters added in and switched, like c0un+rys!de+++func+!0n+++asser+!ve), to protect the various accounts you have.

Relatedly, Don’t Ever Use the Same Password on Two Accounts

Before you go and change every password you have to that new, clever, secure password you just came up with. It is also important to consider what would happen if one of your accounts was involved in a data leak. If you used the same username and password for all of your accounts, that means that all of your accounts are now undermined.

One way to fix this is to use a different password (or passphrase) for each account you have—and before you even have a chance to argue that it’s way too much to remember, that’s what a dedicated password manager is for, as a piece of software that securely stores your passwords and provides them as you need them.

Always Use Two-Factor or Multifactor Authentication

Unfortunately, passwords aren’t as effective as we might hope they are, which makes it prudent to rely more on the alternative identity authentication in addition to the password alone. Two-factor or multi-factor authentication (2FA or MFA) are effective means of this, as it requires another proof—like a biometric signature or randomly-generated, time-sensitive code—before access is granted to an account.

Learn to Spot a Phishing Attack

Phishing attacks are meant to fool you. Fortunately, there are many warning signs that you can look out for to counteract their attempts.

• Carefully hover (don’t click!) over links and see if they go to a legitimate URL. If the email is from PayPal, a link should lead back to paypal.com or accounts.paypal.com. If there is anything strange between ‘paypal’ and the ‘.com’ then something is suspicious. There should also be a forward slash (/) after the .com. If the URL was something like paypal.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a general rule of thumb:
  1. a. paypal.com - Safe
  2. b. paypal.com/activatecard - Safe
  3. c. business.paypal.com - Safe
  4. d. business.paypal.com/retail - Safe
  5. e. paypal.com.activatecard.net - Suspicious! (notice the dot immediately after PayPal’s domain name)
  6. f. paypal.com.activatecard.net/secure - Suspicious!
  7. g. paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

Remember, these tricks are designed to be subtle and easy to miss! Pay close attention to what you are clicking on!

• Check the email in the header. An email from PayPal wouldn’t come in as [email protected]. Do a quick Google search for the email address to see if it is legitimate.
• Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious. If the email shows up out of the blue with an attachment, even if it is from a sender you trust, it doesn’t hurt to ask them if it is legitimate.
• Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious. 
• Spread phishing awareness! There is no shame in being overly cautious! If you show those that you work with that you are mindful of these threats, they may adopt similar practices. In the long run, it makes email much safer for everybody!

Businesses Need to Restrict Access

Let me ask you something—would you allow everyone in your business to have free access to all of your business’ documents, including the financial records and HR files? No? Then why would you keep your network and all the data on it open for all of the business to see?

It’s really the same thing. Plus, reducing the number of people who have access to different directories reduces the number of people who might be scammed into giving it up.

Keep PCs, Laptops, Servers, and Networked Devices Updated

Software updates are largely intended to fill security gaps and holes previously left in the programming. Thereby, with fewer devices left unattended to or updates neglected on your network to serve as security holes, your network and everything on it is left more secure.

This includes running Windows updates, sever updates, keeping the software and firmware on your network devices up to date, and any other applications you have installed should be checked and updated regularly.

Businesses Should Have Their Network Audited Regularly

We can help businesses do just that. Reach out to us for a network audit and consultation, along with assistance in ensuring your operations are secure. Give us a call at (512) 343-8891 to learn more.