The threat to your personal and financial data from fraudsters is an ever-increasing problem, and as scams get more complex and cyber criminals get even craftier, you need to be clever to thwart the threats.
Rarely a week passes without a household name – Twitter, Equifax, TSB, to name just three from the last few months – leaking your personal data, usually due to technological negligence or poor security practices.
Increasingly, our financial affairs are conducted online, offering up personal and financial data for hackers to potentially steal and use – but we often delay taking simple protections, even though the consequences can be severe, both personally and financially.
Here’s six effective ways of protecting yourself and your money online:
Regularly update your software and apps
Use two-factor authentication
Use social media carefully
Use a password manager
Check your credit report regularly
Be sceptical of every email you receive
One of the most straightforward steps to protect your computer, mobile phone or other devices is to regularly update installed apps and software, including your operating system (Windows, Mac OS, iOS, Android) and any anti-virus or anti-malware tools.
The most common way for a hacker to gain access to your device is through an old piece of software that has a security vulnerability.
If you have anti-virus or anti-malware software installed, make sure it fully scans your computer at least once a week.
Most banks recognise the importance of security – but, as regular reports of online banking fraud show, many still fail to keep your personal and financial data safe.
There are four main elements to online banking security that your bank needs to offer protection for: logging in; encrypting your data, so it can’t be intercepted by anyone other than you or your bank when it’s transmitted across the internet; securely storing your banking data; and the logging out process.
Ideally, you want your online banking service to use two-factor authentication (2FA), which uses two steps to confirm your identify rather than just one password that could be guessed or discovered. This makes it much more difficult for fraudsters to gain access to your account. From September 2019, all financial institutions must use strong customer authentication.
In some ways, mobile banking apps are safer than using a web browser on your PC because computers can run software from any source, while smartphone apps are usually checked by Google or Apple.
Alongside concerns about what social media sites are doing legally through data harvesting, they are also susceptible to hacking and fraud and there are ways for criminals to con you out of cash or financial details.
Ensure personal information like your date of birth, phone number and address can’t be viewed. They represent a stepping stone that, combined with other information, can lead to fraud. Check and review your security settings and use less obvious answers for security questions, particularly ones that may be repeated in your posts on social media such as your favourite football team, pet names or mother’s maiden name.
Be wary of what information or pictures you add to social media accounts when you are on holiday. Wait until you return home to post details or you could alert criminals to the fact that your house is empty.
Passwords are your first line of defence against online fraud – but, believe it or not, variations of ‘password’ and ‘123456’ are still the most commonly used passwords. While it might be tempting to use the same password for multiple accounts and services, you really shouldn’t – just imagine the havoc a hacker could wreak if they obtain it.
Instead, you should use a password manager. A password manager automatically generates secure passwords for services that you sign up for, and then encrypts and securely stores them until you next log in.
Ensuring the details contained in your credit report are accurate is another important strand of data security, though you could be forgiven for being cynical about credit reference agencies keeping your data secure after the massive Equifax security breach.
You should check your credit report to see if there are any unusual entries that not only impact your credit score but also suggest that someone has accessed your financial data or personal details and used them fraudulently. Checking your credit report can be the first sign that you’ve been hacked as any applications for credit show up there.
If you notice anything suspicious, contact the credit reference agencies and follow the procedure to get the entry removed, known as a ‘notice of correction’.
Many threats come via email, so be vigilant against opening links that could install malicious software (malware) on your computer. The same principle applies to attempts to solicit information through phone calls or text messages.
Always double check who the person or organisation is before clicking on a link or providing any personal information. Always ask yourself whether you’re expecting an email from that person – if it seems at all suspicious, don’t click any links or open any attachments. Remember, your bank will never ask you for your complete PIN or password by phone or email.
Malware can infect your computer through an email attachment or downloading a file from the web. Once malware is on your computer, criminals can track every action you take on your computer, including what sites you visit and the login credentials that you type in.
The equivalent attack on a smartphone, sometimes called “smishing,” comes via a text message. The fraudster sends a message asking you to call a number to discuss a security issue – and then they ask you for your account number and PIN.
If you’re hacked and lose personal data or suffer financial loss, contact your bank or financial institution.
If the identity theft or fraud causes financial loss from your bank, they will refund your money once it has investigated and decided you weren’t negligent and caused the problem. If, for instance, you’ve given out your PIN to someone, it might not refund the money.
If the fraud relates to a credit card, contact the card issuer and follow their advice.
If you’re a victim and a financial organisation rejects your claim you can appeal to the Financial Ombudsman.
There is lots more help available. You can get advice from the Citizens Advice consumer helpline on 03454 040506 or the Financial Conduct Authority.
Report the scam to the police through Action Fraud. It’s important to do this because it could help catch criminals and stop it happening to others.