CyberWire Daily recently published a podcast discussing an Instagram hijacking scam that you should listen to. Marcelle Lee, a Senior Security Researcher and Emerging Threats Lead at Secureworks talks to Dave Bittner the security podcast host and one of the founders at CyberWire about this ongoing scam.
Tuesday 16 November 2021: With the ways our online accounts are being compromised from time to time, we’re developing a series of podcasts that cover ways to keep your accounts safe.
Can you help? If you’re able to help develop these podcasts, email us today.
6 tips about strong passwords from NAB website
1. MAKE YOUR PASSWORDS STRONG
Short and simple passwords might be easy for you to remember, but unfortunately are also easier for cyber criminals to crack.
Strong passwords have a minimum of 10 characters and a use mix of:
- uppercase and lowercase letters
- special characters like !, &, and *.
Criminals can perform a ‘brute force’ attack, in which a computer program cycles through every possible combination of characters to guess a password. These automated attempts at guessing passwords are not slowed down by numbers or capital letters, but depend on how long a password is.
That’s why using a passphrase is more secure, and easier to remember than using a password. A passphrase is used in just the same way as a password, but is much longer.
A passphrase is collection of words that is meaningful to you, but not to someone else. For example: cloudhandwashjump is 17 characters long.
Depending on the systems you access, you may be limited to a defined number of characters.
2. MAKE PASSWORDS HARD TO GUESS
Could someone who knows you guess your passwords? It’s best to avoid using personal information such as your children, partner or pets name, favourite football team or date of birth as your password, as they can be easy for others to guess.
When trying to hack into an online account, cyber criminals start with start with commonly found words and number combinations.
Here are some things to avoid using:
- dictionary words
- a keyboard pattern like qwerty
- repeated characters like zzzz
- personal information like your date of birth or driver’s licence number.
3. CREATE NEW, UNIQUE PASSWORDS
If you need to reset a password, don’t just change one part of it. Instead of changing a number at the beginning or end, create something completely new you’ve never used before.
Get into the practice of changing your password often, ideally every few months.
4. DON’T SHARE PASSWORDS, EVER.
Never share your password with someone, not even with someone you trust.
What about family and friends?
Regardless of whom you share it with, once you share your passwords you lose control of how it’s stored or how and when it’s used.
What if a business or company I know asks for my password?
Reputable companies won’t ask you to give them your password over the phone or via emails or SMS messages. This might be a warning sign of phishing or a scam.
Your bank will never ask you for your password or PIN; either by email, SMS, over the phone or at their branch.
5. USE DIFFERENT PASSWORDS FOR EACH OF YOUR ONLINE ACCOUNTS
Using different passwords means that if one of your accounts is breached, criminals won’t have access to other accounts that use the same password.
If a criminal has access to several of your online accounts, they may use that to impersonate you to your online friends, or businesses you deal with.
6. STORE PASSWORDS SAFELY
Writing them down is never recommended. You could lose them, or someone else could see them and use them.
What if I have too many passwords to remember?
There are programs and apps known as Password Safes that will store all your passwords in a secure vault.
A Password Safe only needs one strong password to access it, and has extremely strong protection to make sure that only you can access it. This means you only need to remember one strong password to have access to all your passwords. Password Safes even generate new, long passwords for you when you create new online accounts.
Don’t allow web browsers to store your banking password.
Some web browsers may display a pop-up message, asking whether you want the browser to remember your login details. Make sure you select ‘Never for this site’ when using bank internet sites.
Stay safe by protecting your passwords.
People can find more information on their banking websites about how to protect your accounts and your identity.
Don’t let anyone coerce you to pay a fine or a bill with gift cards. Government agencies do not accept gift cards as payments. This is a confidence scam.
On Android phones users can add an “unlock pattern” to protect their phone.
It’s much like a password that you enter to unlock the phone. Instead of entering numbers or letters you instead draw a pattern across nine little circles (pads, as I like to call them). Its advantage is that there are far more possibilities than a typical 4-digit pass code. It’s also quick to enter these patterns.
If you think one of your online accounts (e.g. your bank account, email, online shopping account or social networking site) has been compromised, you should change your password immediately. Most reputable websites provide step-by-step instructions for how you can recover a hacked account. Advice copied from Scamwatch.
Here’s a link to the Australian Competition and Consumer Commission’s Q&A on Scams and Identity theft. This information about phishing will help you figure out when you’re being scammed.
Identity theft occurs when someone uses another person’s personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes.
Change your online passwords
If you think your computer or device has been hacked or infected with malware or ransomware, use your security software to run a virus check if you think your computer has been compromised.
Australian Cyber Security Centre
The Australian Cyber Security Centre website has some practical ways you can protect yourself online.
Arts Law of Australia resources
The Arts Law of Australia recently published helpful information this month. As the the Arts Law of Australia states, ‘October is Cyber Security Awareness month. A good time to be reminded of our cyber security needs, especially as we’re all receiving more and more fake emails and texts to track deliveries, take up marketing offers and what not. Cyber scams such as ransomware are on the rise with hackers gaining control of your data and demanding ransom before returning it to you.’ Go to their Cyber Security Awareness page for more details.
They’ve published some useful factsheets on topics like copyright, unauthorised use of your image, legal issues for bloggers, copyright infringement, takedown notice regarding copyright, social media for artists, filming with a smartphone, that include copyright laws.