Cyber Smart Week: Two key actions to stay secure online

Create long, strong and unique passwords.

A strong password is your best defence against hackers and scammers. Here are some tips on ways to make effective passwords:

• Bigger is better when it comes to passwords – Every year, password complexity requirements grow, but long, complex passwords can be hard to remember. Instead of a single, long pass ‘word’, try using a pass ‘phrase’. This is a catchy group of random words (recommend four or more), with a mix of numbers, letters and symbols thrown in to add to the complexity (for example, “AutumnStr0ngPasswordP1zza!”).
• Use a different password for every account – If you reuse passwords, and one of your accounts is hacked or breached, and the hacker gets your email and password, they might use that information to get into your other accounts.
• Avoid making your password from personal information – Never use personal information such as your date of birth, a relation’s names or your hometown as part of your password. This information is often easy to find on social media.
• Use a password manager – It’s an easy way to store and generate safe passwords. If you currently have an antivirus subscription, then you probably already have access to a password manager. A password manager will remember all your passwords for you; you just have to remember one password, the one to the password manager (don’t forget to enable 2FA). For more details, see our article How to choose the best password manager.

Turn on two-factor authentication (2FA)

Two-factor authentication (also known as 2FA or two-step verification) is when a service asks you to use an extra, temporary code they have created in order to log in to their service. It’s an important extra layer of security that confirms it’s you, and not a hacker, who is logging into a service.

Each time you go to log into a service, they will send you a 2FA code via text message, email or the code will be generated by an authenticator app (you need to set this up first). You will then be prompted to enter the code to log into the service.

Using a 2FA code means someone else can’t login as you, even if they have your username and password.

Many services – from bank accounts to email and even social media – encourage using 2FA. You should upgrade your logins and use 2FA whenever available.

Other actions to protect yourself online

Stay alert for scams

Scams are scary. It’s hard to spot one or know what to do if you’re caught in one.

If you do get scammed, you shouldn’t feel ashamed. In Consumer NZ’s latest sentiment tracker survey, half of the respondents said they had been targeted by a scammer, and 1 in 10 said they, or someone in their household, had financially fallen victim to a scam in the past 12 months.

Types of scams

Dating and romance

Scammers use online dating sites to form relationships with people looking for love. Once they’ve built up enough trust, the scammers begin asking for money. You can read more about spotting and avoiding romance scams on our Looking for love? Beware of romance scams article.

Investment

This type of scam often uses cold calling or social media to encourage you to “invest” in their scheme. Then they steal your money instead of investing it.

You can read more about investment scams in our articles: Investment scams: how two women lost over $100k on social media and Swindled: finance scam horror stories and how to protect yourself.

Also, be extra careful when investing in crypto currencies and other digital assets. See: NFTs: why are there so many scams? and Bitcons: cryptocurrency investment scams on the rise.

Computer “service” call

No Microsoft or Apple technician will call you out of the blue.

Charity

A more recent addition to the scam family in Aotearoa was highlighted by Cyclone Gabrielle. After the cyclone, the Citizens Advice Bureau warned consumers to be suspicious of people cold calling or going door to door collecting for charity, particularly if they weren’t wearing clothing or other items to identify who they are. You can read more about this in: Watch out for scams following Cyclone Gabrielle.

Banking

New Zealanders lose around $200 million each year to banking scams. There are many variations of banking scams including a cold caller asking you to update your banking details, a scammer hacking an email and replacing the bank’s credentials with their own, or a text using similar tactics to a phone call, preying on fear and urgency. You can read more about these in our article: Beware phone and text scammers impersonating banks.

Recently, the New Zealand Banking Association has announced its intention to implement one of the anti-scam solutions adopted overseas – a name and account matching service called confirmation of payee (also referred to as CoP). You can read more about this in our article: The simple banking process that could stamp out scams article.

Interested to find out more about scams? We detail several more scam types in: Scams and how to avoid them.

Update apps and devices

Updating your devices and apps is the easiest way to fix security bugs and keep out viruses. If there’s an update available for your device or an app you use, it could mean there’s been a vulnerability detected, which is or could be exploited by attackers. Update as soon as possible.

For example, last month Apple encouraged users to update their iPhones, iPads, Macs and smartwatches to patch a security vulnerability that was being actively exploited.

Don’t forget to keep your security software updated as well. See our computer security software reviews to find the best program.

Set your social media to private

The best thing you can do to protect your privacy online is don’t over share. Take control of your online privacy by turning off any settings that share your details.

On social media this means checking that your sharing settings – such as whether your date of birth is displayed and your friends list is visible – are set to private or “Friends only”. This can stop your accounts being cloned or mined for data.

Also avoid sharing posts that ask for personal information in disguise. These posts often ask for information commonly used in security questions – such as your hometown or grandmother’s maiden name. This information can then be used to hack your accounts.

Think before you click

If you don’t know the sender (email, text message or social media post), and you aren’t expecting anything, then don’t click. Even if you think the message is genuine, it’s better to navigate to the website on your own. If an offer sounds too good to be true, it probably is!

Other tips to keep cyber safe

1. Use a virtual private network (VPN) when connecting to unsecured or public WiFi.
2. Don’t reply to unsolicited emails.
3. Don’t open attachments or click links on emails from people you don’t know.
4. Don’t open links from unsolicited text messages.
5. When paying online, make sure the website is secure by checking that the URL (web address) starts with “https” and there’s a padlock in the URL bar on your browser.
6. Check out our article about scams and how to avoid them.

Report scams and cyber attacks

It can be devastating to realise you’ve been hacked or scammed, but by reporting them you can help prevent others from falling victim.

If you’ve been scammed, act immediately

• Contact your bank and the police.
• If you’ve downloaded anything, don’t use your machine.
• For advice on how to make sure your computer is safe, contact New Zealand’s independent online safety organisation, NetSafe.
• Forward any suspicious texts you receive to free text 7726. This is a Te Tari Taiwhenua ǁ Department of Internal Affairs service that records and monitors text message scams in New Zealand.
• Report any other cybersecurity issues, such as hacks, to the government’s Computer Emergency Response Team, Cert NZ.