Stop making it easy for fraudsters and hackers to steal your logins and passwords, especially if you’re sending sensitive details by email to those you work with.
In 2017, I discovered that cybercriminals worldwide had raked in a staggering $450 billion for the previous year. If that hasn’t boggled your mind, let me hit you with the latest stats: cybercrime is expected to have cost the entire world 8 trillion in 2023.
It’s got to the stage that whatever currency is being talked about barely matters, since the amounts of cash being stolen is so astronomical that it’s all become abstract beyond comprehension. 😬
More recently, BBC Radio 4’s Money Box reported on cyber attacks hitting home sales and charity bank accounts.
Here are my thoughts on how businesses can protect themselves when engaging the services of web designers, developers, marketers, etc…
Safeguard Your Life with Stronger, Harder-to-steal Passwords
While cybercriminals employ sophisticated methods, including phishing, guessing, and brute force attacks, one of the simplest yet effective measures you can take is to fortify your password strength. 🧩
We’re in a very different place to where we were twenty years ago. Your “digital” life and “real” life are the same thing now.
Our lives are encapsulated by passwords. It’s got to the stage that even the village milkman is probably operating some kind of digital subscription requiring a login and password.
When there’s so much to remember, just how the hell do you do it?
Fraudsters, Scammers and Hackers Bank on Your Mistakes
Most people write things down on bits of paper or try to use easy-to-guess passwords, or basically let their guard down long enough for the predator-in-waiting.
If your business is being actively targeted (it could be for any number of things, such as identity theft in order to apply for loans in your name), the person staking you out will do their homework and a have a lot of patience.
How These Bastards Actually Get Your Password
Cybercriminals will aim to compromise the authentication mechanism for an account (bank, email etc) often using a socially-engineered situation, with passwords being a crucial component. ♟️
Social engineering is just another way of saying: people will try to manipulate situations and scenarios to trick you into doing something that benefits them. It doesn’t have to be all that technically clever, because it depends on exploiting your feelings to get you take certain actions.
By the way, I once fell for a bogus cancer charity scam which had nothing to do with passwords and everything to do with emotional manipulation. 😐
1. Phishing 🥸
Phishing involves tricking users into willingly divulging their passwords through scam emails and fake websites.
This is the social engineering component. Vigilance is crucial here, because even emails that seem to come from Netflix or Amazon or Facebook and any other brand can be hidden traps, ready to decapitate your judgement and tear down your digital security.
Scammer Impersonated a Builder Using a Similar-Looking Email Address
I know of someone who was having building work done on his home, and a scammer managed to find out about this, and actually created a new email address that closely resembled that of the email address belonging to the builder.
The scammer was able to create a new thread of conversation with the victim and steal thousands of pounds after simply asking to “borrow” some cash.
2. Guessing 🤔
Guessing relies on hackers using available online information about you to figure out your password, especially if you reuse passwords across different services.
If they manage to get into one account, that might be all they need to get into others.
3. Brute Force 🤖
Brute force attacks involve systematically trying every possible password until the correct one is found. This is done by software performing millions of calculations in a short space of time.
You’d be amazed how many people use “password” as their actual password, especially if something like a WordPress website was set up in haste and not properly secured.
Choosing a Strong Password
Choosing a strong password is vital. Many websites now reject weak passwords, so a robust password should include a mix of uppercase and lowercase letters, numbers, spaces, punctuation, symbols, respelling, and be a decent length.
“But I Can’t Remember Complex Passwords”
There are online paid-for password management services, but over the years these services have been repeatedly targeted by determined hackers.
I just did a quick search to find any notable hacking incidents and sure enough, LastPass was legally obligated to reveal a 2022 security breach in which attackers stole password vault data by hacking an employee’s home computer. 😮
Save Passwords to a USB Drive
Instead, consider adding passwords to a computer text or Notepad document, and store this on a password-protected USB drive.
This way, you only have to remember one master password. The USB drive can be stored in the safe or – if you’re very protective – under your pillow or even up your… well… just somewhere secure!
Need Something Easier to Remember? Pick Three Random Words
If you need to remember your password, consider using three random words. Look around you in the room right now and pick out three things you can see and let that form the password.
Sharing Your Passwords Safely Online
The secure transmission of passwords is equally vital. Avoid sending passwords as plain text in emails, because – as already mentioned – personal data can be intercepted.
If you do send a password by email, that information can end up sitting on someone’s hard drive, especially if they’re using a POP3 email retrieval protocol, which means emails get downloaded to their computer.
Any private login information that was sent in that way is then a sitting duck. 🙈
Is the person you emailed your password to taking precautions of their own to protect this information?
You might trust that they do not want to commit fraud against you, but you need to think who else might be lurking in the background. 🚨
You could always phone someone and tell them the password, but that’s not always practical. So, what’s the recommendation?
Excellent Free Tool for Sharing Passwords Safely
Let me give you a new tool for secure transmission of passwords.
QuickForget by Automattic (parent company of WordPress, it so happens) provides a secure method for sharing passwords.
This excellent free service allows you to copy/paste in the sensitive details (a username and password or whatever it is) and then set a time or view limit to ensure the data is destroyed after the link is viewed or expires.
The use of this should become habitual, because scammers, hackers and fraudsters rely on you getting lazy or making mistakes.
Summary: Your Money and Your Life Involve Passwords
When it comes to online security, people are usually the weak link.
When disposing of passwords, whether digital or on paper, ensure proper destruction. The dark web, a haven for cybercriminals, poses a constant threat. 😵
As cybersecurity experts constantly tell us, adopting a war footing is essential, so remember to strengthen passwords, cultivate safer habits, and scrutinise how and where your data is stored.
Your digital security is in your hands – be ready to repel hackers at every turn because this is how they make their full-time living and it won’t stop for even one moment.