Staying Safe Online

Published on November 14, 2023

Published on November 14, 2023

You might be curious why a tenant rights organisation is sharing about how to stay safe online. Well, over the past few months, we have received a few odd emails and want to make sure that our membership stays as protected as possible from scams and identity theft.

Some of our members attended a cyber crime prevention workshop, and we want to share the key takeaways so that other can implement best practices. We want thank Samantha Hancock, Cyber Police Officer at Derbyshire Police, for these tips:

> Two Factor Authentication (2FA) aka 2 Step Verification and Multi Factor Authentication

Wherever possible, enable two-factor authentication. 2FA provides an extra layer of security and prevents unauthorised access to your online accounts, even if someone manages to obtain your username and passwords. You can find step-by-step instructions at https://www.2fa.directory. 2FA is particularly important for email accounts, social media and any shopping/payment accounts (especially those where you have saved payment options).

Do not save payment details to accounts that do not support 2FA.

> Protecting your online accounts

You can check to see if your details have already been compromised in known data breech incidents (i.e., if someone has hacked a website where you have an account or have your data saved) by visiting https://www.haveibeenpwned.com. Select ‘Notify Me’ (it will either be within a burger menu — three horizontal lines — or at the top of the page). Insert your email to ensure you are contacted anytime your passwords are found to be available in a new breach. This allows you to immediately change your passwords to protect your online accounts.

> Passwords

It is imperative that you have strong and separate (no repeating) passwords for all of your accounts. You can base these on three, random, but memorable, words. You can use different cases, and add numbers or symbols (!@£$%&*?) to make it even more secure. Professional/work-related account passwords should NEVER be the same as personal account passwords.

How can you remember your passwords? Use a password keeper! We don’t endorse any specific one, but examples include 1Password, Dashlane and LastPass. There are many others, and you can do research to find the one that works best for you.

You can also make note of your usernames and reminder hints of your passwords, but this should be kept separate from your devices. You shouldn’t write your username and password openly for others to easily see or access.

If you are the only person who uses your device, you can save your passwords to your browser (e.g., Microsoft Edge, Opera, Safari, Google Chrome, Firefox) when prompted. But bear in mind that anyone else who uses your device will be able to use these saved passwords to automatically log into any sites for which you have your password saved.

Always keep your most important passwords the most secure — these are the ones for your email account(s) and password manager, if you have one.

You can find more info here: https://www.ncsc.gov.uk/cyberaware#action-2

> Genesis Market Takedown

Genesis Market was an English-language website that facilitated identity fraud using personal details, including passwords to popular websites like Airbnb, Amazon, eBay, Facebook, Fidelity, PayPal and Netflix. The personal details accessed were stolen from 1.5 million computers, and the website had 80 million digital profiles of over two million potential victims. Visit https://www.politie.nl/en/information/checkyourhack.html#check to see whether your data was for sale on Genesis Market. If your email address was on the list on the website, the police will notify you at that email address. Make sure to check your inbox and junk folders for an email from the police. If you do not receive an email from the police, your email address was not on Genesis Market.

> Facebook

Ensure your Facebook account password is strong (three random words) and not used on any other accounts.

This post shares helpful advice for making your Facebook profile as private as possible: https://www.businessinsider.com/guides/tech/how-to-make-facebook-private?r=US&IR=T

Check to ensure your posts are visible only to your friends, and not public: Control who can see what you share | Facebook Help Centre

It is not uncommon for Facebook accounts to be cloned (duplicated) to trick people into accepting the duplicated friend request. To prevent this from happening, we strongly advise anyone with a Facebook account to change the settings so that your friends list is visible to only you or only to your friends. Here’s how you do so: Who can see the Friends section of my Facebook profile? | Facebook Help Centre

In order to help protect your account from being compromised, we advise that you change your settings to enable two factor authentication, as this helps prevent unauthorised access: What is two-factor authentication and how does it work on Facebook? | Facebook Help Centre

And finally, here is a link to a checklist for improving your privacy settings
Social Media Checklists | Safer Internet Centre

> Email

If you receive an email from a friend asking for a favour, or which seems out of character, be wary. If you have another way of contacting them, make sure to do that first. For example, if someone emails you and asks you to purchase something on their behalf, call them first to determine whether the request is genuine, or whether someone has hacked their email.

If you receive an email from an unknown person, be wary. Check the domain of their email (the part that comes after ‘@’) for any misspellings and to see where the email is from.

If you receive any emails from someone reporting to be from your bank, check the domain. Banks will never ask you for your passwords, account numbers or any identifying information over email. You will only be asked for information like this when you are accessing your account via the bank’s secure portal.

If you receive any emails from someone reporting to be from a company — e.g., Amazon, a delivery company like DPD or UPS — that is not a marketing email, or which asks you to pay something, be wary. First, ask yourself whether you are expecting a package to be delivered by this specific company, or whether you are expecting an email about this. There should be clear information that identifies what the object is, who it is from, your name and the order number. You can check all of this with records. If you think something doesn’t match, double check the email for typos — you can search the email address on a search engine to see whether it is listed as part of the real company’s contact options.

If you have any question about any email you have received, ask someone else to look it over before you do anything.

> Devices

Our first line of defence against cybercrime and fraud is, quite simply, the devices we use to access the internet and our email. It is important to keep devices and apps up-to-date and install updates as soon as they become available. Where possible, you can set apps up to auto-update.

Ensure that your device is secured by password, PIN or biometric security, so that others cannot access it. More info here: https://www.ncsc.gov.uk/cyberaware#action-5

> Back ups

Make sure your important contact information and documents are not just saved on your device/Network. Use back up cloud services so in the event of device failure, loss, etc.,  you can still access what is important to you. You may wish to play double safe and also back up to a separate device too, for example an external hard drive: https://www.ncsc.gov.uk/cyberaware#action-6

> Antivirus

Ensure that computers and laptops have antivirus software installed and running.

> Create your own personalised Cyber Action Plan

Learn how to protect yourself or your small business online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication, and get a free personalised list of actions that will help you improve your cyber security.

Stay protected online with a Cyber Action Plan – NCSC.GOV.UK

> GOLDEN RULE FOR ALL!

Remember to NEVER click a link or shortcut to log in to an account or “resolve and issue” from and email or text message – always log in via a browser or an app.

> Did you know ….

You can report suspicious emails by forwarding them to report@phishing.gov.uk and suspicious texts by forwarding them to 7726.

Stay safe out there! 

Image attribution:  Life is a wonder  from Carrying Place, Canada, CC BY 2.0 <https://creativecommons.org/licenses/by/2.0>, via Wikimedia Commons

Topics