How to protect yourself from identity theft and online fraud in 2023
The online world has become entwined with almost every part of our lives. And while huge leaps forward in technology have brought us untold convenience and opportunity, we also face ever evolving security risks. According to banking trade body UK Finance, fraudsters stole more than £1.2bn from UK consumers in 2022. With scammers forever finding new tactics, how can we protect our assets against identity theft and online fraud?
In this article, AJB Wealth talks to Jimmy Hobbs of Hobbs IT Services in Winchester, Hampshire, who highlights the key risks and latest developments. From high-tech hardware keys to simply being more aware, here are 12 ways to safeguard yourself and your finances.
1. Keep software and operating systems up to date
Cybercriminals often exploit vulnerabilities in outdated software and operating systems. It’s vital to ensure that all your devices are running the latest updates and security patches. According to Hobbs, one common mistake is to subscribe to anti-virus software but let it lapse.
‘When it runs out, it stops working and you’re completely unprotected,’ he says. ‘The anti-virus protection built into Windows (Microsoft Defender Antivirus) is pretty good. But if you’ve got another anti-virus software it will disable Windows. Either make sure your anti-virus is up to date or use the built-in Windows software.’
2. Install an ad blocker
Clicking on an advert can be the equivalent of opening your door to a conman. You may, for example, see a message saying that your computer has a virus, or an advert for software to clean up your computer.
‘Generally, you won’t get hacked, but the scammers will download software that spams your computer with lots of adverts,’ says Hobbs. ‘Then, you’ll see a phone number inviting you to call this number to sort out your computer. Eventually, they’ll ask for your bank details to sort out the problem…’
3. Use a hardware security key
‘Two-factor authentication is important, but it can still be broken pretty easily,’ says Hobbs. ‘The best way to protect yourself is by using a hardware security key. This is very new technology, only out in the last year or so. And you can set them up by yourself. I think in the next two to three years they’ll be mainstream.’
He points out that traditional two-factor identification generally authenticates your identity through email or a phone message, both of which can potentially be hacked by cybercriminals.
A hardware key has all your encrypted passwords on it and has the advantage that you need to be in possession of the hardware key to access them. It’s also convenient. The user authenticates their identity by tapping or inserting their key into their device. The YubiKey 5 NFC, for example, can be bought from Amazon.
4. Choose passwords carefully
Have a system for your passwords and avoid repeating the same one. Using a password manager to keep your passwords encrypted and safe is a good option. Otherwise, come up with a unique password each time you need one. Hobbs suggests choosing a word of at least eight characters, changing some letters for keyboard symbols. Add an underscore and a unique four-digit code that can be changed for use on different websites. That way, you can keep a record of the numbers.
‘Remember that your email account is the cornerstone of your online security and your password needs to be something completely unique and not used on any other website,’ says Hobbs. ‘If someone breaks into your email, they can break into anything.’
5. Guard your personal information
Check your privacy settings on social media, and ensure that only friends can view your information. Be careful about posting personal details, such as holiday plans, your date or place of birth, names of pets, or other facts that could help people answer security questions or crack passwords. Stop and think before posting. For example, in a recent case a woman complained to an airline via personal media and was targeted by a scammer purporting to be from the airline.
6. Pick up the phone
As cybercriminals develop more sophisticated methods, it becomes ever harder to identify fraudulent messages. Often scammers will gain access to an email account and watch for patterns, such as regular invoices.
‘On the day the invoice comes in, they replace it with a complete replica with different bank details,’ explains Hobbs. ‘It looks completely legitimate. That’s why it’s important to question everything. If a company’s bank details have changed, even if the email address looks legitimate, pick up the phone and call the person who sent the invoice. Be a bit more cautious, or seek advice. Don’t do things on autopilot.’
7. Don’t download free software
Only download programs or apps from a trusted source, as they could contain malware such as RATs (Remote Access Trojans), which allows criminals to access your device to spy on you and obtain private information.
‘A lot of people get hacked because they don’t want to pay for software, and so they get free software, which can come packed with nasties,’ warns Hobbs. ‘Online fraud is more prevalent than people think. People don’t talk about it because they’re embarrassed, and they think it’ll never happen to them.’
8. Protect your wireless network
Change the default password on your wireless router, and the network ID for good measure, as your ID is visible to others and is likely to reveal who your network provider is.
9. Use safe public Wi-Fi
Do not send or receive private information while using public Wi-Fi. When possible, use a well-known, reputable hotspot provider such as BT OpenZone. And of course, avoid people seeing your passwords.
10. Beware of unsolicited emails, messages or phone calls
Cybercriminals have become increasingly sophisticated, and can appear to be completely authentic. They can create emails, websites and even answerphone messages that are perfect replicas of the real thing. Be wary of any unsolicited emails, messages or phone calls. Never disclose personal information, such as your date or birth or passwords. If in doubt, take the details of the caller, and call them on the number listed on the official website. Take the same approach to email links which prompt you to disclose information. This applies even if the email appears to come from a trusted source. Your fears may turn out to be ungrounded, but it’s prudent to check things out.
11. Use a protected payment method
Most major credit card providers protect online purchases, and are obliged to refund you in certain circumstances.
12. Report it immediately
If you think you may be victim of online fraud, report it as soon as possible. Tell your bank or other relevant institutions as it may still be possible to stop a payment being made. In many cases, banks will refund money lost through scams, and new legislation in 2024 is set to increase the obligation on banks to do so. You can also report suspicious activity to Action Fraud, the UK’s national reporting centre for fraud and cyber-crime.
AJB Wealth delivers investment and wealth management services both locally in Hampshire and further afield. To arrange an obligation-free consultation or review of your portfolio, please book a meeting, or call us on 01483 774 070.
Important: The views in this bulletin are not necessarily those of AJB Wealth. The content is for general consideration only, and does not constitute advice. This company accepts no responsibility for any loss occasioned as a result of any such action, or inaction.