While most people recognize that online fraud or cyber crime is a potential threat, few know how or why they may be at risk. Cyber crime can take many forms, and understanding who the enemies are and how they commit crimes may allow you to better defend yourself.
Steps you can take to help keep your online accounts safe:
Adding an additional layer of security when you access your accounts, called two-factor authentication, is a strong defense against this type of attack. Fidelity and many other financial firms now offer two-factor authentication. It requires you to enter a unique security code, randomly generated and sent to your phone or other mobile device, in addition to your standard login. While not completely foolproof, two-factor authentication raises the bar for cyber attackers trying to access your accounts. You might also consider it for nonfinancial sites—Google, Apple, Microsoft, Facebook, Amazon, and Twitter all offer two-step authentication options.
You've probably heard this before, but it bears repeating: Never use names, birth dates, Social Security numbers, or any personally identifiable letters or numbers as your password. Use a different password for every application and change them often. What constitutes a good password? The most important factor is length (at least 12 to 14 characters is best), but complexity also makes passwords more unique. Use a combination of letters, numbers, and special characters and stay away from dictionary words or common combinations of words. It's also best to avoid common substitutions within words, like replacing the letter "o" with a zero. It's just too obvious. A string of uncorrelated words with numbers and special characters is best. Importantly, when selecting a password, don't rely on free password strength checkers—they often miss the mark.
These days, most of us have dozens of passwords covering multiple devices and everything from social media to subscription services, e-commerce, banking, and Wi-Fi. Remembering all these passwords and changing them frequently just isn't sustainable. Fortunately, there's an app for that. Password manager apps generate and store all your passwords in a secure environment. They'll even auto-fill login information for stored sites. Many now sync your passwords across all your devices and automatically generate new ones on a regular schedule. The cost of state-of-the-art password managers is negligible—especially when compared with the convenience and security they provide.
Today, most operating systems let you set your update preferences to automatically install patches as soon as they are available. That goes for software too, including anti-virus protection. Don't forget to update your mobile phones and tablets, and the apps installed on them. You can set update preferences to do this automatically, but many devices need to be plugged in to your computer for a complete upgrade. It's a good idea to connect your mobile devices to your computer at least once a week so these updates can be downloaded and installed properly.
Backing up your data is good system hygiene. It prevents your information from being lost forever and immunizes you from ransomware attacks. In this increasingly common scheme, criminals lure you into clicking an email link that downloads malware and blocks your access to the computer. The perpetrators can hold your hard drive hostage, demanding a hefty ransom to unblock it. If your system data is backed up elsewhere, it eliminates any leverage the scammers have, neutralizing their threats.
Use caution when linking to your financial institution via email. Instead, go directly to your provider's website by using a link you've saved in your "Favorites" menu. That way, you'll be sure you arrive at a legitimate website. Always look for the "https" prefix in the site's address. This indicates that the connection to the site is encrypted to protect your sensitive data from prying eyes.
Home networks now connect computers and smartphones to thermostats, TVs, refrigerators, and residential security systems. Each device is a potential weak spot in your Wi-Fi network. As your home becomes more dependent on the Internet, so does your exposure to a network breach.
Everyone loves free Wi-Fi, but unsecured public wireless access points are easy to intercept, providing an opportunity for attackers to snoop on your online activity. A safer alternative is to use only secure Wi-Fi networks. If you use your laptop or mobile devices while traveling, purchase a subscription to a paid hotspot provider in which the networks are password protected and have additional levels of security.
A dedicated banking device also helps financial institutions keep your accounts secure. Most, including Fidelity, monitor client accounts for fraudulent logins from unauthorized computers and will alert you if there is suspicious activity in your account. When Fidelity surveyed client login patterns, we found many users logging in from multiple devices. One or two were common, but some clients routinely logged in from a seemingly random assortment of systems, making it difficult for an institution to distinguish a legitimate login from a fraudulent one. By using one device for all transactions, an illegitimate login stands out, and the institution will be able to move quickly to alert you and secure your account.