Did you know that the average person uses the same three to seven passwords to log in to over 170 online accounts? In addition to being reused, these passwords are often weak and can be easily guessed by cybercriminals. If cybercriminals guess these passwords, they could access the majority of their victim’s online accounts. Even worse, the victim may not know that their password has been compromised for several months or years. To keep your passwords squeaky clean and safe from cybercriminals, follow the tips below:
Create Strong Passwords
Creating strong passwords helps prevent cybercriminals from gaining access to your online accounts. Your passwords should be as long, complex, and random as possible. While many websites only require passwords to be eight characters long, we recommend making your password at least 12 characters long. You should also include a combination of lowercase and uppercase letters, numbers, and symbols in your password. To keep your accounts extra safe, you can use password phrases, or passphrases. However, when you create your password or passphrase, make sure that you don’t use any personal information that a cybercriminal could guess.
Don’t Reuse Passwords
Reusing passwords for your online accounts may be convenient, but it’s also risky. If you reuse passwords, you could be at risk of having multiple accounts compromised at once. If a cybercriminal guesses your password, they could access multiple accounts instead of just one account. Cybercriminals can also sell passwords or make them available online. Creating a unique password for each online account reduces the risk if one of your passwords is compromised.
Use a Password Manager
You’re probably wondering how you are supposed to remember long, complex passwords for all of your online accounts. The answer is a password manager. You can use password managers to securely store all of your passwords. Instead of having to remember passwords for every online account, you only have to remember one password for your password manager. In addition to storing your passwords, many password managers can also generate passwords for you based on specific criteria.
Use Multi-Factor Authentication
You can also use multi-factor authentication (MFA) to secure your online accounts, if available. MFA requires multiple forms of authentication, such as a password and a code from your smartphone or a USB smart key. By requiring you to use multiple forms of authentication, cybercriminals will have a harder time gaining access to your account, even if your password is compromised.
Nobody wants cybercriminals to guess their passwords. To keep your passwords squeaky clean and safe, remember to create strong passwords, avoid reusing passwords, and use a password manager or MFA, if possible.
In this week’s scam, cybercriminals are targeting Verizon customers. Verizon is a cellular service provider that recently experienced a major network outage. You receive a text message that appears to be from Verizon, claiming you have expired reward points to redeem. The text includes a link and urges you to select it immediately to claim your points. You may think this message is related to the recent network outage and be tempted to follow the instructions.
However, this is actually a smishing, or text phishing, scam! Cybercriminals are exploiting the recent news stories about a mobile outage to trick you. If you select the link in the message, you will be taken to a fake website and asked to enter your financial information to redeem your reward. But if you enter your banking details, the scammers will steal them!
Follow these tips to avoid falling victim to a smishing scam:
- Never select links in unexpected texts, even if the message appears to be from an official source, such as your mobile carrier.
- If you want to check whether you really have an account credit or reward, open the official Verizon app on your phone or log in to their official website.
- Be very suspicious if a website asks for your credit card number or bank details to issue you a credit or reward.
In this week’s scam, you receive text messages that say someone is trying to log in to your Apple account without your permission. Then, you get a call from someone claiming to be an Apple support agent. They tell you that your account has been compromised and that they have opened a support ticket for you so they can help you secure your account. You even receive an actual email from Apple support that contains your case number.
The Apple support email you received is genuine, but the support ticket was initiated for you by cybercriminals, not by Apple. They’ll pretend to help “fix” the issue with your account and ask you to give them your security code so that they can close your support ticket. However, if you give them the code, they can steal your Apple account!
Follow these tips to avoid falling victim to a phishing scam:
- If you receive unexpected text messages from Apple, don’t reply or select any links in the message. Instead, visit the Apple website to confirm that the message is legitimate, or call their official customer support line.
- Cybercriminals often try to trick you into acting impulsively by creating a sense of urgency. Always be cautious if you receive a text message that instructs you to act quickly!
- Remember, real support agents will not ask you for your passcode or password. Scammers request this information so that they can gain access to your accounts.