Sometimes it feels like every other week we learn of another high profile cyber-attack or data leak. Unfortunately, cyber-crime has become a lucrative business, and financial sites are among those on the front line of attack. Fortunately, there are certain things you can do to protect your accounts and to minimise the chances of cyber theft.
Keep Your Computer Up to Date with Patches
We all hate Windows updates. They always seem to lock up your computer just at the worst time. However, they have an important security purpose: to keep your computer updated with the latest security fixes. Once a vulnerability becomes public hackers will start to use it to create new attacks, so it’s a race against time to build software patches to close these doors. Many of the high-profile attacks we’ve seen in recent months have exploited vulnerabilities in end-of-life software which is no longer patched.
Use a New Password on Every Service
One of the easiest ways for a hacker to access your account is if you use the same password on multiple websites. If you reuse passwords, it just takes a data leak from one of these sites and your details leaked onto the internet (or ‘darkweb’) for you to have a much larger problem. Popular websites like LinkedIn, Myspace, Adobe, Dropbox and Yahoo have all had a data breach at one point or another. Although these sites would have encrypted your password, it is still relatively straightforward for a hacker to unencrypt it.
Troy Hunt is an Australian web security expert who runs a website called ‘Have I Been Pwned’. This site collects data on historical data-breaches: to date over 200 sites covering over 3.8 billion accounts. You can enter your email address into the website, and it will search his database of leaks for your details. If you do find your email address listed in a historic breach, it’s essential you change passwords for all of your online services which may share that password.
Consider Using a Password Manager
It can be challenging to create unique passwords across many different websites. One solution is to use a ‘password manager’ such as LastPass or Dashlane. These can store unlimited numbers of passwords, auto-complete online forms and even employ multi-factor authentication.
Be Careful What You Post on Social Media/ Investing Groups
With P2P lending a number of online community groups have started where investors share tips, ask questions and discuss investment performance. If you are sharing screenshots of your investment dashboard on these groups, first put the screenshot into a photo editing package like Microsoft Paint to black out any personal details. It’s very easy to forget to take out your account username before showing off your investment profits! Try not to post too much personal information, to avoid becoming a target of a phishing attack.
Be Very Aware of Phishing Scam
Phishing emails are carefully designed scam emails which try to steal your personal details and ultimately, your money. Cyber criminals can trick you into downloading a document with malicious code. This could be an innocuous looking attachment in an email.
Another technique is to send a carefully worded email which prompts you to enter your password or personal details. These emails may create a sense of urgency and lead you to a portal which looks identical to your investment platform. Then, once you enter your email and password, it will pass these details to the hacker.
So, for example, a scam of this type could be a website with a slight misspelling of viainvest.com (for example viainvestt.com or viaimvest.com). The email could warn that a significant withdrawal has been made from your account and has a link to log in to your account to stop the funds’ withdrawal. The link would take you to a similar login screen, but instead of logging you in, it would steal your details. As peer to peer investment sites is still less commonly used, it’s perhaps less likely that hackers would create such an elaborate campaign. However, it is still important to be aware of the risk.
To avoid these scams be very critical of incoming mail and any links or attachments in emails. If you receive an email asking you to log into your account, it is often safer to manually type the known URL into a web browser rather than clicking on links in emails. Microsoft has released some guidance on avoiding scams of this kind. If you notice anything suspicious, report it.
Use Trustworthy Internet Connections
Always check that your investment sites use an SSL security certificate, most notably with the ‘https’ at the start of the domain name and the green lock in the web browser. Believe it or not, you do occasionally see some peer to peer lending websites which do not use an SSL certificate or let them expire! This is important as it encrypts the data between your browser and the web server. If the data is not encrypted it theoretically allows third parties to ‘listen in’ to the data in transit.