Avoid filling out forms that request personal information; these sometimes circulate on platforms like Facebook and are often structured with a series of questions about random things, but with the occasional question about what your first pet's name was, which school you attended, your middle name, and so on. It's a clever way to slowly but surely build a profile with information about you and others, which is then used to reset passwords and gain access to some of your accounts – most importantly, your email, as it is often linked to other services.
By strong passwords, we mean passwords longer than 12 characters, combining lowercase and uppercase letters, special characters, and numbers. To make it easier, it's recommended to use phrases instead of complicated combinations of characters that you won't remember. For example, it's easier to remember "The-horse-eats-oats1!" than "zzK34xPG@19!"
A password manager simplifies password management and makes it easier to use long, secure passwords when all you need to remember is one strong password instead of 50 different ones. The password manager is also a useful tool for keeping track of other important information and for consolidating your accounts and passwords in case something unexpected happens, allowing a family member to manage your digital identity.
Think before sharing information openly on social media – could this be something someone can misuse? For example, if you constantly share your location, it's easy for potential burglars to take advantage when you're far from home. The same goes if you announce that you're going on a two-week vacation – it's very easy for someone to swing by and pick up your mail. A common example is someone ordering something in your name for delivery to your mailbox and then simply picking it up when you're not home. It can range from new bank and credit cards to expensive items or even address changes and similar if you don't have digital government mail.
Scammers always try to create a sense of urgency – be vigilant if someone wants you to act immediately. When you receive an email that seems correct but also seems to have something wrong – it could be sentence structure, the sender, formatting, or something else that's not as it usually is – always verify before doing anything. In most cases, we have a purpose for an email and can verify with the sender/recipient, either through a return email or some other means. Be especially cautious when it comes to financial commitments; scammers often try to create a sense that something must happen immediately so that you'll act without a thorough investigation.
If you have many programs installed on your computer or apps on your phone, it's important to try to keep them updated as best as possible. The more apps and programs you have, the larger the attack surface for a potential attacker exploiting old versions with known vulnerabilities.
If you use a computer extensively, make sure to have some form of antivirus. Today, Windows comes with Microsoft Defender, which is a suitable option – use it and keep it updated. For mobile devices, the built-in protection is usually sufficient as long as you are careful with installed apps and avoid installing things from outside the respective app store.
If you find a device on the street, in a parking lot, or similar, be very cautious about connecting it to a computer or phone. It's relatively common for devices to be placed where just one person connecting it to a computer can trigger some form of malicious software. This can range from USB drives and memory cards to devices like mobile phones.
If you're walking around and see a QR code on a lamppost or somewhere that you scan to see what it's about – be aware that someone may have deliberately set it up to lure people to a malicious website. A new type of scam using this is people distributing flyers about bitcoin that appear to be a lost bitcoin wallet. When a person scans the QR code, they are prompted to log in, which in turn gives the attacker access to that person's data instead.
Attached files in emails are the most common way for hackers to gain access to an organization's network. It only takes one employee downloading a document, opening it, and allowing a macro to run in an Excel document they believe is a quote for an attacker to take over the computer and establish a foothold in the network. A common method is for an attacker to gain control of the email of a smaller legitimate company, such as a tradesman. From there, they investigate which customers the tradesman has and whether there's a larger target to move on to. Then, an email is sent out from the legitimate tradesman containing a quote to a recurring customer. The chance is that the customer will open the quote even if they haven't ordered a job, and if the language in the email is a bit off – that's all that's needed."