The internet is absolutely fantastic and provides access to the whole world with just a few keystrokes on your computer or smartphone. But there is also a flip side with increased vulnerability and exposure. At Doro we want you to feel safe when using the internet, and therefore share some tips on how to think in order to avoid falling victim to online fraudsters.
One of the most common ways to get tricked online is through phishing. This means that fraudsters send e-mails and pretend to be from authorities or companies, to get the recipient to give out sensitive personal information, such as bank account numbers and passwords. The email usually says that a problem has occurred and that you need to log in to your account via a link you receive in the email.
Another style of phishing is that you are promised some kind of gift or profit if you log in to a particular page via a link. When you click on it, you will be sent to a page that appears to be the service where the fraudster claims to be from. In reality, the fraudster has created his own website that is similar to the real one and through it your username and password are saved. Then they can log in and take over your account.
Other ways to be contacted and deceived are through SMS and telephone calls. A scam that is common is that the fraudster claims to be from your bank and asks you for security codes, or that you sign something using your BankID.
It is important to know that banks, government agencies and companies will not ask their customers for passwords or codes because they can always access your accounts through their systems. Passwords and codes are valuable documents for you to keep to yourself. Double check and therefore always inform the real customer services department of the business they are impersonating if you have received a strange e-mail or call requesting this kind of information.
Fraudsters often use emergency crises, such as Covid-19, to get people to act quickly out of fear and worry. Don't stress or feel pressured. Also, never click on links in emails if you are unsure about the content. Another tip is to look for spelling mistakes or strange wording. Often, the email address or website may appear to be correct, but sometimes just one single letter can differ between the real and the fake one. Also, make sure you have a virus protection installed on your computer. Although it does not guarantee protection against phishing 100%, it is a good preventative measure.
The most common reason why fraudsters come across passwords is when a database of passwords belonging to a web service is hacked and leaked. The worst scenario is when the password for your email address is the same as other accounts. Then the fraudster can indicate that they ‘forgot their password’ and easily get a new one sent to the email and thus access all of your accounts. Therefore, it is very important to have different passwords for different accounts and services to minimise the risk of being affected everywhere.
In addition to having unique passwords, you should avoid common passwords. A strong password is one that no one else has thought of, and long passwords. The basic recommendation is that the password should contain at least twelve characters and contain special characters, such as! # ?. It is even better to use passphrases, ie a combination of words. A passphrase should contain over four words and the words should preferably be selected at random. Some scammers use programs to hack passwords. To give an example, a 6-character password can take 30 seconds to crack, while a 10-character password takes 11 years.
Never write down your passwords on your computer or mobile phone, nor store them in the browser. Instead, use a so-called password manager, which is a program that stores and helps you create secure passwords.
Another way to protect your accounts, which raises the level of security properly, is to use two-step verification or two-factor authentication, if offered. This means that in addition to your password, another security step is needed in order to log in, usually a time-limited, one-time password that is automatically generated and sent as an SMS to your mobile.
Now you can continue to surf safely!
Copyright © 2019 Doro AB. All rights reserved