Nobody is unfamiliar with calls, emails, and SMSs that are spam, we get these unsolicited calls or messages from unknown numbers and addresses. Common trend is usually to just ignore it, and move on. Others unknowingly open themselves up to potential social engineering attacks when engaging in conversation with strangers.
Here are a few things to consider when someone is trying to defraud you online:
They will always gain your attention with a sense of false urgency, and pretend to be from your bank or some financial institution. The urgency can be created by implying that you’ve been hacked, or that there has been fraudulent activity on your account and you need to verify your identity and hand over sensitive information so they can further assist.Giving into this false urgency will cause people to hand over personal information, and even credentials required to access your accounts.Social engineering involves trying to confuse you with technical jargon – if someone over the phone, or WhatsApp, is asking you to “send me the OTP I sent you so I can confirm I’m talking to the right person”, then alarm bells should be going off in your head, and you should be avoiding it at all costs. Chances are, by giving them this OTP ( a one time password), you’ve handed over one of your social media accounts, your WhatsApp messaging account, or even worse – your bank account access.
Online Scams – Guarding Against Social Engineering
Always consider verifying who you are talking to over the phone. If it is your bank calling you and it feels like you can’t trust if it is a legitimate call, simply ask for a reference number and insist that you call your bank. At this point, you will get the contact number of your bank from a trusted source like their official website. Even if the reference number checks out and it was a legitimate call, it takes 2 extra minutes to confirm, whereas falling victim to a fraud scam would have a more severe impact on your finances and online safety.
Insist on verifying who you are speaking to, and always insist on initiating the call yourself instead if you are discussing and handing over sensitive information on the call.
This applies to not only online banking but any form of communication that could potentially compromise your work or personal online accounts.
Always consider the following at all times when engaging with unsolicited or unknown callers:
Ensure that you do not do anything that could potentially compromise your access to any online banking or other accounts.Ensure that you protect your identity, and do not hand over sensitive information without first establishing that who you are communicating with are who they claim to be.
Bad Password Habits – Wide Open to Compromise
“Password123” and “FluffyKittens” belong in the realm of fairy tales, not as the password to protecting your identity, or assets. These passwords are easily cracked either through brute forcing or through rainbow table lookups.
Always craft complex, and unique passwords, for each account, employing a potent cocktail of upper and lowercase letters, numbers, and special characters. Passphrases, which are a combination of random words, or a sentence, have been known to result in strong cryptographic passwords.
The more complex your password, the more difficult it is to brute force, and the less likely it is to be in an existing rainbow table.
To help you manage these complex passwords, consider using a password manager. And no, a notepad on your desktop is not a password manager.
Embrace Multi-Factor Authentication – An extra minute can protect you from Fraud
Multi-factor authentication (MFA) adds an extra layer of defense beyond just passwords, requiring a secondary verification step like a fingerprint scan or one-time code sent to your phone. These codes are typically time-sensitive. Even if a hacker manages to guess, or crack, your password, your account remains protected by your second layer of security.
It’s your defense against having your password potentially compromised. This is why it’s imperative never to share OTPs and codes with anyone else. If you know you did not log in to a website or app and you got a multifactor notification – change your passwords immediately, and ensure you are not using the same password for multiple accounts.
Do not treat multi-factor authentication as optional, if it is available, use it. Get a trusted app like Google Authenticator to generate your security codes to use on various platforms. Ensure your mobile device is password, pattern, or biometric-protected to avoid unauthorized access to your device you use for multi-factor authentication.
In situations where security is critical, consider the use of a hardware security device.
Backup your data
While proactive measures like strong passwords and vigilant awareness form the first line of defense against cyber threats, even the most robust systems can face breaches or unexpected data loss. In such scenarios, data recovery becomes your safety net, retrieving lost information and minimizing the impact of the impact.
Ensure your data is regularly backed up, to a location that is disconnected from your device and network. Cloud Solutions such as Google Workspace, Google Photos, and Google Drive are great candidates for storing personal information in the cloud.
Utilizing cloud services gives you peace of mind that in the case of a data breach, you can recover your data.
Concerning multi-factor authentication, ensure you have secure backups of your recovery codes, to prevent loss of access to critical online services due to a compromised multi-factor authentication device.
Update all the things
It is easy to overlook the importance of software updates and end up deferring them to a later date (which can often be weeks, if not months later).
However, it is critical to remember that software is riddled with security vulnerabilities, they just haven’t all necessarily been found yet.
Engineering teams are constantly working on identifying, and patching these security vulnerabilities. Their work is wasted when you do not apply the patches.
Regularly update operating systems, applications, and firmware across your entire network, ensuring your identity, finances, and personal assets remain safe.
If you get official communication around a possible data breach, do not wait for a notification to say that your account was potentially included in the data breach – be proactive and update your passwords. Rely on automatic updates where possible, and make a habit of periodically checking if your operating system and browser are up to date.
Utilize the operating system’s automatic update features, you can even schedule these for a time that is convenient for you.
About Author
Deen Hans- Director of Security Operations at Deimos
Deen Hans is the Director of Security Operations at Deimos, he has been a driving force behind the company’s success since December 2022. He is an engineer focused on Application and Infrastructure security with a strong background in architecting and building secure, scalable systems across various domains. Deen has more than 15 years of work experience in the field of security. Throughout his career, Deen has consistently demonstrated a passion for building secure, scalable, and innovative solutions while fostering teamwork and collaboration within engineering teams.