Scammers love anyone that doesn’t understand the following ’10 ways to stay safe online’, so instead of saying “oh it will never happen to me”, why don’t you say “F**k you scammers, you can try but I know what to look out for”. Please pass this message on.
For those of you who don’t like to read, we’ve put a tl;dr shortened version at the end of the post.
Email
Bank/card details
Name & address
Passwords
Social profiles
Your computer
Tracking your stuff
Spot a fake website etc
Phone numbers
Back up your data!!!!
► 1) Email & two step authentication
Your email account is your last line of defence against scammers, if a scammer gains access to this then they ‘could’ wipe you from the majority of your online accounts, goodbye Amazon, YouTube, iTunes, Facebook, Twitter etc. Oh and lock you out from your phone, computer or even worse. Sounds like a ridiculous example…. haha you would be surprised!
We highly suggest you all setup double authentication on your email account + important social networks (similar to the card readers you get for your bank but using your phone instead), this basically means that whenever you logon to your email system from a new computer, you get sent a unique code to enter on the website (via text or via an app), this ensure that you know your secure password + have your real phone to hand (i.e. it should actually be you trying to access your account).
Google > https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic
Apple > https://support.apple.com/en-gb/HT204152
Facebook > https://www.facebook.com/note.php?note_id=10150172618258920
Twitter > https://blog.twitter.com/2013/getting-started-with-login-verification
Dropbox > https://www.dropbox.com/en/help/363
Evernote > http://blog.evernote.com/blog/2013/10/04/two-step-verification-available-to-all-users/
Microsoft > http://windows.microsoft.com/en-gb/windows/app-passwords-two-step-verification
Steam (gaming) > https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519
Full list of sites: https://twofactorauth.org/
Don’t believe that doing the above is important? Read this it will change your mind: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
► 2) Bank/card details
- Scammers want your money and they’re willing to test many different ways to try and get your details
- We all know never to enter card details on websites that are untrusted etc but the best strategy [albeit some will think its overkill] is to setup another bank account for any transactions that you’re not 100% sure about. Always keep £10-£15 in the account & then when you’re going to buy something ‘big’ (from somewhere you’re not 100% comfortable about) transfer the correct amount of money to this new account. This ensure that if your card details were sold on etc then you would only be risking a small amount of money (not all your main account balance).
- Keep your pin secure
- If you’ve got a credit card ensure you use it for all orders over £100 as it adds extra protection to your purchases (even if you split the cost, i.e. £99 on debit card and £1 on credit card) BUT YOU MUST MUST MUST MUST MUST not use a credit card for the wrong reasons (i.e. to spend money you don’t have) as they’re the worst things in the world if used incorrectly.
What about cash machines?
Always be extra vigilant when getting cash out especially from machines that are in areas that are secluded however even in our local town in the middle of the highstreet they found a card cloning device (fake touch pad that records pin & card skimmer).
Don’t allow staff to take your card away
Although less common make sure you always know where your card is, if staff insist on taking your card away ensure you follow them.
What can someone do with my bank details?
If they have your sortcode and account number they can’t really do much however if they combine these details with other details they could start identity fraud so these details are best kept close to your chest.
They could however setup a direct debit from your account as the famous and extremely security conscious TV reporter Jeremy Clarkson had done to him when he challenged readers of his Sun column back in 2008
Online banking
- Never click a link to your online banking, always go direct to the banks website address.
- NEVER repond or click ANY link from ANY email that is from your bank (99% of the time it won’t be your bank).
- Avoid public computers. Avoid public free wifi spots (or even public paid wifi), you do not know if they’re secure.
- Ensure you logout before leaving your computer
- Don’t be an idiot and write down your passwords for others to find
What if I find a transaction that wasn’t me?
If you think there has been an unauthorised transaction on your account, you should tell your bank or building society immediately. This should be no later than 13 months after the transaction. It’s extremely important to inform them asap as you will not be liable for any unauthorised withdrawals after you have told your bank or building society, unless you have acted fraudulently or been negligent. An example of acting fraudulently or being negligent would be if you kept your pin number written down with your card.
It’s extremely important to keep on top of your statements and check them at least twice per month
► 3) Name & address
Whenever we sign up for a freebie or to a site we don’t completely trust etc we will use an alias name, so we know if post arriving at the door is really for us or is just a sales letter etc.
Only issue with this is when you’re paying for someone and then later need a refund but using the below example will still work. Obviously don’t do this for companies that legally need your real name.
What is an alias name?
Example: Muhammad Ali (the boxer) is actually Cassius Marcellus Clay (the boxer) but he uses an alias/stage name to ‘change’ his identity. So think of a name that all sites/companies you don’t trust can contact you on.
Or alternatively put in an alias middle name e.g. Joe JohnWestSalmon Bloggs – Then if John West Salmon sell our details on we will instantly know when post arrives. However be careful as this could be classed as fraud in some countries so check your local laws.
► 4) Passwords
Quite frankly if you’re still using the same password from several years ago you’re an idiot, these days you need capital letters, symbols, numbers & the more digits the better.
Use this checker: http://howsecureismypassword.net/ (hint: don’t actually type your full password into the site just type something similar etc) to see how secure your password is.
But I can’t remember my phone number, let alone a super complicated password!?
OK, try a password like this ‘I;really:like!eatingCh3ese’, it’s very secure and not that difficult to remember. Basically creating unique sentences instead of single words/phrases or combinations of letters/numbers is far superior
How do I remember all my passwords?
Using techniques like the sentences above with characters instead of spaces is ideal as they’re fairly simple to remember
Or use password management apps like 1Password or LastPass the beauty of these is that every website you visit can have a different password, only problem is if someone manages to hack those apps (however supposedly they’re extremely secure, better than your bank secure).
► 5) Social profiles
- First of all stop telling everyone that you’re not at home. Don’t post check-ins, photos of you on holiday/out for the evening etc.
- Learn more about How to break into an empty house + more importantly how to avoid someone doing it to you!
- Cull the apps you’ve approved to gain access to your social media
For instance on Facebook go to https://www.facebook.com/settings?tab=applications to revoke access - Be careful what apps you grant permission to
► 6) Your computer
Keeping it safe when away from it
The obvious password on your computer will put off the most basic of thieves however ensuring you leave your house, room etc secure is a common reason why devices get stolen.
Locking it whilst away from it
Kensington locks are very popular but other brands are available, this should stop the majority of chance thieves.
Remote wiping, please remember to have multiple backups
Less common compared with mobile phones but it is possible to remote wipe your computers.
However a better solution is to use Full disk encryption however if you’ve just got a few essays etc this is probably overkill
Think before leaving any device
Often computer & phone theft happens near transport doors (a train or bus door) so they can escape quickly, in coffee shops or stores where you leave your devices/bags unattended. So be alert.
► 7) Tracking where your stuff is
- Turn on ‘Find my Mac‘ and/or install one of these device tracking software Hidden App or Prey Project (PC & Mac)
- Turn on phone tracking (iOS / Android / Windows) and make sure you know how it works if your phone/device does go missing
- If your phone does go missing be very careful going all Jack Bauer on it whilst trying to hunt it down, speak with the Police and inform them of the exact location
- Make sure you keep receipts of the purchase of your phone + a photo next to this receipt for added proof
- Make sure you write down your phone, computers serial numbers and unique identifies (e.g. Dial *#06# on your phone and the unique IMEI number will be displayed on your screen).
- Look into mobile phone insurance and see if you actually need it
- Buy a decent GPS trackers, ideal for cars/trailers etc (with battery) or (needs car battery)
- Use/buy an old phone, install software like Prey (or use built in tracking features) as a DIY tracker + plug into an external battery or even better a solar panel and you have a device that can last several days to several years (example)
► 8) Websites, emails, shared posts etc and how to spot the fakes/scams etc
Spotting a fake website
- Do a quick Google search e.g. is thesite.com a scam? 9/10 if it is then others will have reported it
- Failing that search on http://www.hoax-slayer.com/ (this is ideal if you get a spam email as well or one of those viral text posts all your friends start sharing)
- If you still find no info, you should run a quick Whois check, this should tell you the name of the person/company who registered the domain name (e.g. http://amazon.co.uk registered to Amazon Europe Holding Technologies SCS)
- We generally use http://whois.icann.org/en (type in website address into form). Just remember people can fake this information or use blocking info.
► 9) Phone numbers
We have several phone numbers main mobile numbers for real people, alias/competition phone numbers for orders from untrusted websites or competitions etc & fake number for freebies, possible scams etc, this number is a number that would never be a phone number 077100000000.
► Are you sick of Spam texts?
NEVER REPLY TO THEM! STOP DELETING THE MESSAGES & START REPORTING EVERY TEXT!
+ you can block them on iOS / Android
Forward any spam texts on to 7726 (most networks)
Or 87726 for Vodafone customers.
Or 37726 for Three customers
Save that number into your phone as a contact NOW!
Whilst this technique doesn’t block them, in the long term it will make it more difficult for companies to do it because more complaints = higher expenses = “lets stop the spam texts they don’t work anymore”.
More details on: http://10ws.co/1jOfPRj & with Ofcom
► Spam phone calls
For spam phone calls report on >http://10ws.co/1jOi1Zl
+ you can block them on iOS / Android
Works for UK companies but most spam calls are from outside of the EU these days unfortunately so the ‘best’ technique is to simply say [in your polite phone voice]: “Thank you but I will not buy anything from you or any of your companies now or in the future, please can you remove me from your database”.
Remember there is generally a real person at the other end of the phone, that person is probably regretting their job decision but they deserve to be spoken to nicely + if you’re rude they’re more likely to add you back on the system or to simply not remove you at all. #AlwaysThinkLongterm
► 10) Back up EVERYTHING that is important!
– Your phone contacts
If we had £1 for every time we got a message about some ‘idiot’ losing their phone for the 5th time and needing all of our numbers we would probably have about £9-£15 😉 No but seriously it’s really annoying for everyone involved & that’s why we beg you all to back up your phone contacts.
Learn how to backup your phone
– Your computer files
How many times have you heard a friend moan about how their computer crashed and they lost all their work (or maybe that was you), for everyone involved it’s a pain in the arse so just get back up sorted & then you will never have to worry.
Learn how to backup your computer
– Your paperwork
Get a scanner and go through your old papers a scan anything of importance, if you and your mates/family are feeling extremely geeky then buy one of these scanners to speed up the process.
►tl;dr – This post was too long, so I skipped to the bottom:
Cool, we do the same all the time, here are the key points for staying safe online:
- Your main email address is you last line of defence, hold it at all costs. Use two-step-authentication for all accounts you really want to keep secure.
- Keep your main bank details/card details secure at all costs, use secondary smaller accounts for untrusted sites.
- Use alias name for any freebies, untrusted orders etc so when the post arrives you know which post is genuine or where your details have been sold on
- A decent password is priceless. Creating one like ‘I;really:like!eatingCh3ese?’ is your best bet
- The things you put on social networks can haunt you for the rest of your life
- Computers need to be kept secure wherever you’re
- Get all your expensive items trackable
- Do a whois search, check reviews, search the phone number, find the website owners name and check that out.
- Report all spam texts you get & get a secondary sim card for all freebies etc
- Back up everything that is important to you, it’s a horrible feeling knowing you’ve lost something forever