How to keep your email account safe
Australians lost nearly $300 million to online scams in 2016 – that's based on a combined 200,000 reports to the ACCC & ACORN – many scams do not get reported due to embarrassment etc.
Emails continue to be a popular choice for hackers & criminals. They use scams, phishing & malicious software (malware) to target & trick you. While scammers are often after your money, they’re also trying to steal your personal information, which is just as valuable.
It’s extremely important to safeguard your personal details online the same way you would your wallet
These threats work as follows:
- You receive a message that contains an appeal or threat – the message tries to convince you to do something
- You assess the characteristics of the message, decide that the appeal is legitimate and take the requested action.
- The action – which might be clicking a malicious link, opening a malicious file or sending sensitive information like credit card details – This results in a bad consequence for you as the receiver of the message and some kind of illegitimate gain for the sender of the message.
The top three scams that people are most likely to encounter online are:
- Often delivered via email, scammers will pretend to be from well-known businesses and government departments or other business you regularly deal with, asking you to update or verify your details to con unsuspecting victims out of their personal information and money.
For example they might say they’re from Apple and you need to reset your password for security reasons, or they may offer you a gift voucher to a major supermarket for completing a ‘survey’.
In the past the email or text message may not have addressed you by your proper name, and may contain typing errors and grammatical mistakes however this is not so common anymore as the scammers have come a very long way.
It's rare to see poor spelling and grammar now, because these scammers are using original logos and content that appears to be real as the scammers have “copied” the look of the legitimate site.
Some common ones appear to be from Australia Post, Fed-Ex, Australian Taxation Office, Australian Federal Police and the list goes on!
- Scammers will pretend to be from a utility provider such as your phone or energy company and send you a fake bill. These scams can be very hard to pick as the fake bills scammers send look authentic.
Buying and selling
- Scammers also work by tricking people who are looking to buy or sell goods online. For example, they may set up a fake online store that sells well-known brands at seemingly too-good-to-be-true prices; or they may set up a fake listing on a classifieds website.
Some simple techniques that you can employ to avoid being stung by a scammer online.
Following these steps takes some discipline and is a little more time consuming however in today’s internet, it’s worth this inconvenience to keep your identity, money & online life safe.
- If you receive fake emails like these, delete them immediately. Never click on links or open attachments in an email unless you are sure of the sender.
In general, the best defence against phishing is to be suspicious of what you receive whether it shows up in email, a text message or on the phone.
- If you decide you want to look further into it, instead of taking action on what someone sent you, visit the site directly.
For example, if an email says you need to reset your Paypal password, don’t click the link.
Open a new browser tab and type in www.paypal.com/au/home yourself. Next check the actual address that you’ve been taken to looks correct.
- The website address does not look like the address you usually use and is requesting details the legitimate site does not normally ask for.
- You notice new icons on your computer screen, or your computer is not as fast as it normally is.
- When you sign up for an online account or service be aware of default options to receive additional email about other products and services- only give the minimum amount of information required.
- Delete messages in your spam/junk folder without opening them. If you think that a legitimate message has accidentally been flagged as possible spam & sent to your spam/junk folder by mistake you should check the legitimacy before opening it; try the following:
If you do want to follow the link, best way is to hover over the link then right click.
- Now select “Copy link address”
- Next open a new tab and right click in the address bar, click “Paste”
- The link will now be pasted in the address bar, have a look at it to see if it appears legitimate, if you’re happy to continue, hit enter.
Another way is to go straight to a new tab and enter the main/top level part of the link ie www.centralcoastwebdesign.com.au to go to the site, then search the site for the article that you’re after.
Be especially wary of “Special” offers when you’ve purchased something.
Let’s say you've just bought concert tickets where it offers you at the end the chance to win $1000 or take up an offer for discounts etc. What you will actually be doing is giving your email address out to many 3rd parties that may sell your email address onto others who may in turn spam you. A good rule to follow is to avoid any add-on's & offers completely (Yes they do sound enticing however that's how they get you!)
If it seems too good to be true, it probably is – Be extremely wary of any “GREAT Offers”
- Protect your email accounts with two-step verification, it's more difficult for someone else to sign in to your email account.
If your email provider, banking institution, government services etc. offers two-step verification (also known as two-factor authentication) for extra security of account data.
MAKE SURE THAT YOU SET THIS UP as it works by employing a two-step identification process that has to be passed before you’re authorised to access an account. For example, you might need to provide a password as well as a second form of identification, like a code sent to a mobile phone that is registered with your account.
Even if someone finds your password, they would be stopped from getting into your account unless they have the second form of identity which is usually a mobile phone number.
- Instant messaging protection and email spyware protection are also available with many security software products, as are personal firewall tools, which come with the operating system and with many security suites.
- Keep your computer/device security up-to-date & ensure that you have scans running regularly and that threats are removed if they are found. Some computer threats will take you to a different website than you were intending – if you ever see this happening, don't enter any of your details – Get your computer or device fixed ASAP.
- If you receive a phone call from your bank, don’t dial any number that the person may have given you. Look up the banks phone number & call them directly.
Banks generally, do not call customers direct. Log into your account online & then look in your “Messages” to see if there are any notifications for you there.
- If you’re ever contacted out of the blue, particularly via email, by someone asking you to pay a bill, complete a survey or update your passwords, it pays to be VERY sceptical.
- Make sure you use a spam filter, and scan your email attachments. Research has shown that nine out of every ten viruses that infect a computer reach it through an email attachment.
- If you’re unsure about the legitimacy of something online like an email you receive, a store or a classified listing, do you own research because quite often people who have been stung by scammers will often post warnings to help warn others.
- If a message seems suspicious, contact the person or business separately to check if they are likely to have sent the message. Use contact details you find through a legitimate source and not those contained in the suspicious message. Ask them to describe what the attachment or link is.
- Don’t share your email address online unless you need to.
- Have a complicated email address, not so you will forget it, but so no one else can guess it through your name (it should contain a number – for example, John023@xxx.com)
Avoid email addresses that could give away your real information ie adding your birth year is NOT wise. email@example.com
You have just given out your full name and your year of birth, possible scammers now only need to work out your day and month.
- You give out your email address all the time; it's not really private information.
That being the case, the only thing protecting your account from misuse is the password – It MUST be strong, especially if you use a web-based email provider like Gmail or Yahoo mail to avoid being hacked.
Try using a phrase & modify it – use an address book to keep a record of the information. 'June School Holidays' can be modified to 7un3Schoo1Ho!id@ys
More info on password security is available on our blog
- Open a separate email account to use specifically for shopping and online forms.
Only enter the compulsory information required & consider using some fake details like your birthday etc. so your “real” information isn’t available if the email account is compromised.
Beware of using Public computers.
If you check your email at a friends house, school, on a public computer in a library or Internet café
First, you have no guaranteed that the computer is protected; it might be riddled with viruses or afflicted with a keylogger.
Second, you could be leaving behind traces that could give the next user too much information about you and your online session.
Be absolutely sure you've logged out before leaving.
A good resource is available at the Australian Governments Stay Smart Online website and sign up to receive the warning emails that they send out as soon as a known threat is detected.
For more information, have a look at www.staysmartonline.gov.au
Don't forget to keep an eye out for Central Coast Web Design’s next Tech Tips explaining Updates & Upgrades.