Tip # 1
Create a strong, complex password. The length of a password is important. In general, the longer, the better. Think pass-phrase, not pass-word: Use a phrase made up of 4 or more smaller words. Then, switch up the case of the letters, substitute numbers for some of the letters, and use some special characters. Avoid using sequences of numbers, letters, or keyboard patterns. Don’t reuse a password or use similar passwords on multiple systems, accounts or websites. Use multifactor authentication whenever possible.
Tip # 2
Don’t click on direct links in email or text messages that are asking you to enter in or update sensitive information. It’s best to go directly to the source. For example, you receive an email to click on a link to update your information for your bank account or social media account. Don’t do it! Instead, go to your bank’s website or your social media account’s site and review your account information to make sure everything is accurate. Want to learn how to identify various red flags in phishing emails?
Learn how to identify a phishing email message.
Tip # 3
Be vigilant with suspicious text messages. Unless you initiated the request, your banking institution or other accounts should not be asking you to access your account from a link in a text message or a Social Media platform.
Tip # 4
Keep work and personal data safe by putting your computer or device to sleep or activating a password protected screen saver when you walk away from your computer or device.
Tip # 5
Don’t respond to phone requests asking for personal or financial information. If you are concerned, find the correct phone number and call the company or organization yourself.
Tip # 6
Don’t overshare information on social media. These details can provide hackers with your location or other personal identifiable information that can help them to craft a phishing attack. Think before you share.
Tip # 7
Look out for emails that claim to have your password and say that they have seen you visiting questionable websites and have collected embarrassing information about you. Do not reply to those email messages or click on anything within them. They are a scam.
Tip # 8
Be skeptical of any requests to change direct deposit, banking, or wiring instructions, even when supposedly from a trusted person with whom you regularly conduct business. Always verify beforehand by contacting the person using their known phone number or email address.
Tip # 9
Never reuse passwords on multiple systems, services, accounts, or websites. Or use similar passwords on multiple systems, services, accounts or websites. The reason is, if someone discovers one of your passwords, it can be easy for them to figure out the rest of your passwords. Don’t use your work or school account password for any other accounts or websites
Tip # 10
Never allow your web browser store or save your account passwords. Hackers have ways that they can access the stored passwords, even if they are secured with a master password. You can disable the option to save this information from within the settings area of your web browser. Instead, use a secure password manager like LastPass or OnePassword.
Tip #11
Never allow your web browser to save your credit card information. Hackers have ways that they can access that information. You can disable the option to save this information from within the settings area of your web browser.
Tip # 12
Always be skeptical of any unexpected email containing an invoice or bill. When you receive an unexpected email, stop and consider the context. For example, if the email is about an order you did not place, it is probably a scam.
Tip # 13
If you receive a text or email request to make changes to some payment information, first verify it by calling the person or organization directly using a trusted phone number.
Tip # 14
Keep your computer operating system, web browser, web browser plug-ins, and the operating systems and applications of your phones and tablets up to date with the latest versions to keep current with the latest security patches. Only update phone and tablet applications by going to the official application stores for those devices. Such as the App Store on Apple devices, or the Google Play Store on Android devices.
Tip # 15
Microsoft never proactively calls you to help you with a virus on your computer. Nor do they engage pop-up windows on your computer warning you that a virus has been detected and then ask you to call a phone number for assistance. These are scare tactics used by scammers that are performed with the purpose of stealing your money or your personal or financial information. They will try to persuade you into installing things onto your computer which will contain hidden malware. Or they will attempt to remote control to your computer, where they will then infect your computer with additional malware, as well as a keylogger that will record every keystroke that you make on your computer. With a keylogger they can steal personal or financial information such as passwords or banking details.
Tip # 16
Avoid Smishing (SMS or text phishing) by being cautious about clicking on links in text messages. Think before you click.
Tip # 17
Be vigilant with suspicious SMS/text messages supposedly coming from your bank or other financial institution. When in doubt, use your financial institution’s mobile app or go to their website.
Tip # 18
Be wary of emails or text messages promoting research and job opportunities. Sometimes the scams come through disguised as coming from a Goshen College employee or faculty member. It is important that you not reply to the sender via email, text, phone call, or any other method of communication. Simply mark it as spam or delete it. If you did respond to the sender, here are some additional steps to take: Discontinue any further communications with that individual and avoid any further engagements with them. If you provided any banking or other financial information to the sender, immediately contact your banking and/or financial institution to make them aware of the scam. If you clicked on any links or responded to them with your username/email address and/or password, change your account password immediately.
Tip # 19
Be skeptical if you receive an email or text message from your supervisor, coworker, or anyone else who is asking you to purchase gift cards for them, or to transfer money or make a payment for them. This is most likely a hoax. If in doubt, call the person to verify the request.
Tip # 20
Email is not a secure method of transferring confidential information such as account numbers, social security numbers, or credit card numbers.
Tip # 21
Have you changed the default password on your home wifi router? If you haven’t, your router is still using the default password that it came with. And possibly all of the other routers that were issued from that service provider or company to other customers have that same password too! Your computer and other devices can be vulnerable to an attack if you don’t change the password for both the admin user interface and the network itself. If you do not know how to change these passwords, contact your Internet service provider for help.
Tip # 22
Watch out for urgent messages, such as an email or text alerting you about an expensive credit card charge. Phishing attacks rely on impulsive reactions. Check your credit card balance first, and call your credit card company for assistance if the charge is unexpected.
Tip # 23
Watch out for fake DOC attachments in email messages. Older Microsoft Word DOC files are commonly used in cyberattacks because they can include macros. A macro, short for macroinstruction, is a set of commands that can control a DOC file and other programs. Cybercriminals may send you an email with a DOC file that contains a macro. The email usually looks legitimate and gives an urgent reason for you to open the file. If you open the file, a pop-up window will display asking you to enable macros. If you accept, the macros will be able to install malware on your device.