2. Follow Password Best Practices
This won’t be the first time you read this and it won’t be the last, so instead of listing everything you might already know about password best practices, here are a few important reminders:
- Use a unique password for every account. If that’s too much, then at the very least, use unique passwords for your most important accounts (e.g. bank and email).
- Turn on two-factor authentication. The most popular way to do this is to have a code sent to your email or phone with every login attempt.
- Don’t use words or numbers in your password that friends or family could guess (because chances are that hackers could guess it too).
- Change your passwords every three months. Again, if that’s too much, then at least change the ones for your most important accounts.
Password managers are also a popular way to make, use, and store complex passwords. The risk with these, however, is that if the password for your manager gets stolen, then you’ve lost all your other passwords with it. So using a manager is never an excuse to slack on following password best practices.
3. Know the Red Flags of a Fraudulent Email
We all know not to trust a mysterious prince with our money, but fraudulent emails nowadays are often much harder to spot. For example, you might get what looks like an official Amazon email that has an official-looking address, contains Amazon colours and logos, brings you to what looks like the Amazon login page, and even lets you actually login to the real Amazon – but not before stealing your account info. Here are some red flags to watch out for when you get an email that asks you to enter your personal/account info:
- The email address ends with “@gmail.com,” “@hotmail.com,” or another public domain.
- The email doesn’t directly address you by name (i.e. it uses something like “Dear Customer”).
- The email has a strange-looking URL link (you can check without clicking on it by just hovering your mouse over the link).
- The email tells you to act quickly if you don’t want to lose something.
- The email has spelling or grammar errors.
Whenever you’re not sure if an email is fraudulent or not, don’t click anything on it, but contact the sender directly by going to a customer support page or by calling them. And when you get an email asking you to change your password, don’t click anything on it, but instead go to the account page yourself on a fresh browser and change your password from there.