Posted on

Scams and Passwords

Based on the sheer numbers of customers who are approaching us with concerns, we thought we’d write a post with some basic pointers and guidelines that you may wish to embrace; never before has there been such reliance on the Internet for regular day to day things: banking, shopping, communications, telephones, study, research, work, meetings – the list is almost endless. Hand in hand with this modern day digital life so many of us participate in (albeit in varying degrees) is a proportionally growing cybercrime fraternity who target you – yes you – for their ill-gotten gains. I doubt there is a single person who reads this who has not been directly affected by a scammer. It’s an epidemic. Long, long ago in ancient digital history, let’s say the 1990’s, malware (we’ll call it that for simplicity, but virus would do just as well) was written to make mischief or mess up your computer. Compared to the sophistication that we see with contemporary malware this stuff was child’s play and hardly worth paying attention to. Not so today. Malware is now a industry. The fraud who calls you on a Thursday evening purporting to be ‘From Microsoft’ and eager to help you overcome an urgent PC malware attack that may ruin your life, kill your pets and crush your car (unless you pay them £250 [at least!] and spend long hours on the phone playing along with the charade) is not a shady balaclava wearing hacker who spent the first 18 years of his life learning the deep depths of advanced software development. No, no. This guy is probably wearing a shirt and tie. He drives to work, just like you. He takes annual leave and complains about the company coffee machine. He has a desk, probably with family photos alongside his computer screen and telephone. This is an industry and fraud isn’t going anywhere soon.

So in light of all this, should we all go and run to the hills, screaming for an end to the pesky digital revolution and the return of the Filofax?

You could, if you wanted. But there are some very simple ways to get wise to the criminals who prey on us via the Internet or over the phone; we made a list which we believe could help.

  1. Treat any stranger who claims to be from a company that you either contract with or that you don’t to be bogus. There are several ways you can deal with this. Take your phone number out of circulation by never entering it into a website. Just make one up and use that if a website registration requires it. Why would a rep from the train line booking website ever need to call you anyhow? Companies these days positively encourage all communications to be via a website or email. You could simply say “ah yes, Mrs. Smith you’re after? Bear with me I’ll get him for you” and casually pop the phone on mute before resuming the latest episode of Game of Thrones. They’ll hang up eventually. In our experience, this is a fast track to having them not call you back too. Remember, treat every caller as suspect because, sadly, they probably are. If you’re not sure, call them back on the number they sent you on correspondence or Google the number. Here is a link to the Ofcom website for more on this.
  2. Use unique passwords WITHOUT EXCEPTION. Wowsa, it isn’t often we use capitals, but this point really is worth it. Remember the train ticket website who you registered with and used your top secret password? Their site is pretty secure. Probably. The bank’s website is too and you used your top secret password there as well. But what about the forum you joined to comment on a complaint about something or other last year? Is that forum website completely up to date with all the latest security patches and updates? Does that forum keep an air tight lockdown on the customer registration database? Your top secret password is in that database. And you’ve used it on how many websites since 2004? It’s definitely, without a shadow of a doubt, been hacked on one or more of them. Someone, somewhere has it and you didn’t give it to them. They also have your email address, the one you used to register on the forum: how many sites can they now access in your name? Is Paypal one of them? OK so now they have access to your bank account too. Perhaps they’ll take a loan out in your name and buy their own coffee at work in future. It’s serious stuff. It’s really not something that only happens to other people. By the simple act of using a unique and strong password on each site you visit, you can avoid this happening to you. In terms of security, passwords are everything.
  3. Set up a second email address for use with website registrations. Try to keep your everyday email address out of circulation as much as possible.
  4. Set up two step authentication. It may sound like the name of a new dance move at a psychotherapist’s rave, in actual fact this is a simple procedure to lock your account down with a second step when logging in. This usually works with your mobile phone. You log in as usual with your email address and password on the particular website then the website securely sends out a ‘is this really you?’ message to your phone. You click ‘Yep, let me in!’ on your phone, the phone alerts the website you’re all good to go and the website allows the log in. This may sound like a lot of hassle – its really not and takes only seconds. It’s also very, very secure. See this site for more.
  5. Mobile phones – change your passcode. We recommend making your mobile phone as secure as possible. Never don’t use a passcode! Swipe patterns are better than nothing but passcodes regularly changed are good. If a fraudster who had all the registration info you supplied to the forum website got hold of your phone right now and guessed your passcode as your year of birth – what havoc could they reap? A simple and regular passcode change would protect you.
  6. Emails tell lies. Or rather, fraudsters tell lies in emails and send millions and billions of them flying out over the Internet right to our inboxes. In the cold light of day, how likely is it that you have inherited 10 Billion US dollars from a here-thereto completely unknown relative who just died in the republic of Congo? Phishing emails come in all shapes and sizes. They can be clever, and sometimes downright stupid; hook lines are ever more creative. They may even have some info about you that gets your attention – the email address and password from the forum website for example… They may be kindly, open hearted and gentle in their request to empty your bank account, or they could make a beeline for the jugular and open communications with a threat to send some dark personal secret to everyone in your address book. In the last month we’ve fielded several enquiries from worried customers who have had such a threat levied against them. Just delete the email. If the email uses some personal info about you in the text, think how this could have been obtained. Refer to point #2.

Here at Zen we’re very interested in keeping Internet security at tip top levels. It’s actually easier than most might think. Simple procedures to follow and savvy up to the threats very often neutralises the problem.

Strong security software on your Internet connected devices is really a must. We resell the Eset Security software so if you’re current anti-virus software is out of date or the renewal is coming up soon, please do get in touch. Please also feel free to call us if you have any concerns of queries about cyber security.

Really hope this article helps.

R

Leave a Reply

Your email address will not be published. Required fields are marked *