December Update: 17 Tips On Staying Safe Online

We are constantly bombarded with messages about spam and fraud. In a single day, most of us probably receive several spam emails, a few bogus texts or WhatsApp messages, and several spam calls.

While we may not fall for a spam email or phone call, there are also hidden dangers waiting whenever we access the internet, enter our passwords, or use online technology.

If you are like me, a Millenial, I tend to think these dangers are for my parents and the Boomer generation. So I was surprised when I read several studies in the past several years where research shows Millenials and Gen Z are more likely to fall for online scams!

The good news is with some basic training and tools, we can avoid most of these dangers. In this update, we’ll cover 17 tips for you and your team to implement to help keep your business (and personal information) more secure.

But first, three quick points if you or someone you know is scammed or hacked:

1. Remember you are human, and it’s OK to make mistakes.
2. Know that many scammers prey on our emotions and desire to help others.
3. Work with others and the necessary people to move forward; such as resetting passwords, getting new credit cards, calling your bank, etc.

Keep Passwords Secure

When it comes to passwords, our lead dev Ryan likes to use this illustration: imagine you live on a busy street in NYC, and every few seconds someone tries your doorknob to see if the door is locked. How important would a good lock be in this situation?

Spoiler alert - very important!

Similarly, the internet has millions of bots that are constantly “wiggling the doorknob” of various accounts to see if they are secure. Having a strong and secure password is the best way to keep them out! 

What not to do:

1. Use the same password on multiple sites
2. Use generic passwords like “p@ssword123”
3. Use short passwords

What you should do:

1. Use a password manager. There are quite a few good options including Bitwarden, 1Password, KeePass, or Apple’s recent Password App.
2. Create unique and long passwords for every site
3. Check your passwords here to see how secure they are: https://bitwarden.com/password-strength/

Multi-Factor Authentication (MFA)

More and more sites require MFA, which is the process of needing an additional code via text, email, or an app to log in. While needing the extra code with an email or text might be annoying at times, it adds an important second layer of security.

Essentially, if your account is hacked (hello password123 😀), MFA helps ensure whoever hacked the account can’t go further until they prove they have permission via the code.

What not to do:

1. Ignore prompts to set up MFA on critical accounts (bank logins, client data systems, etc)

What to do:

1. While text and email MFA is a good start, using an authenticator app is even better. There are a variety of authenticator apps available, and I personally use Google’s Authenticator App on my phone.

Use Common Sense

Using common sense is one of your greatest allies in not falling prey to a hacker or scammer, no matter where it comes from.

What not to do:

1. Fall into the “act now” trap. Spammers and hackers use the lack of time as their ally, and their messages almost always contain the message of “act now before…”
2. Send any money through gift cards or online portals - unless you initiate it. A common request from spammers is to send gift card codes online or enter payment info into portals (see the story and image later).
3. Give any personal information over the phone unless you initiated the call. Banks and government agencies continually emphasize that they will not call and ask for information over the phone.
4. Click on any links unless you are sure it is a trusted source. Example: if you requested a password reset for your bank, then it makes sense to receive an email with a password reset link. But if you get a password reset link without asking for it, then alarm bells should be ringing!

What to do:

1. Take time to breathe. If you are in a high-pressure situation and you suspect a scam, take a few minutes to breathe.
2. Get a second opinion. Not sure if an email or text is legit? Ask a coworker or someone in the office to take a second look to make sure you aren’t missing something. In fact, many scammers tell you NOT to talk to others for this reason.
3. Verify information. In the age of AI deepfakes, it is frightening how AI can be used to sound like a loved one over the phone. If you get a phone call from a “loved one” needing your help, verify that it's really them. This comes in a variety of ways, including asking them several personal questions, texting/calling their number to see if it's really them, checking with someone close to the person to see if it's true, etc.
4. Enter a website by typing the address instead of clicking a link. Example: if you get a link from your bank, but you aren’t sure if it is a scam, don’t click the link. Instead, type in your bank address directly to access your account.
5. Test your knowledge and keep learning. Think you know how to spot a scam? I thought I was knowledgeable, but I took an online test and got one wrong! I have the test linked below, and I promise it’s not spam 😉.
   • https://www.banksneveraskthat.com/scam-quiz/
   • If you take the test, I’d love it if you’d send me your score. Drop it in a message here and let me know if you beat me, tied me, or lost to me!

Two quick stories:

Story 1:

My wife’s Grandma (whom they call Mummy) received a spam call from her “granddaughter” asking for $10,000 for bail money to get out of jail. The grandma was thinking of running to the bank to wire the money, but she couldn’t figure out why the granddaughter was calling her instead of the immediate family - especially her own husband! 

Another flag was the fact that the female caller kept calling her “Grandma”, but in reality, the grandchildren all called her “Mummy.”

These two flags made Mummy want just a little more proof before running to the bank.

"Before I send any money, tell me what your husband's name is," she asked.

The scammer promptly hung up the phone!

This story happened about 10 years ago, but with AI deepfakes becoming more prevelant, I’m starting to hear more of these stories happening.

Verify - verify - verify!

Story 2:

Recently Cliff and Trina took an anniversary vacation. Partway through their vacation, several LifeX team members received a text message from “Cliff” stating he had a new phone number and needed us to do a few tasks for him.

This seemed suspicious, and yet it had a thread of plausibility. After all, maybe Cliff had an emergency on his vacation that required a new phone and number.

I’m posting a photo below of how Ryan handled it. He posted this photo in our team Slack channel, and several of us were just starting to come on to see if others had received the message.

By verifying the information and checking with the team, it was clear this was a fake. Plus, the request for gift cards was a major red flag!

And in the 0.0000001% chance this was a legit request from someone reading this, then we sincerely apologize 😀…