It's time to stop using the same password everywhere.
Narcity may receive a small commission if you purchase something we recommend in this article, which was created by the Narcity Shop team. Items are in stock and prices are confirmed at the time of publishing, but they can change at any time.
Most of us, having grown up with technology, have some type of sixth sense when it comes to knowing what links not to click online. Except now, hackers are getting better, so they're finding more clever ways to get our information without us even realizing.
But, Kevvie Fowler, Deloitte Global Incident Response Leader and cyber risk expert, told MTL Blog that "cyber-criminals are getting good, but getting lazy." So, Fowler provided some tips on how to help you avoid getting hacked online in today's modern world.
This interview has been condensed and edited for clarity.
How do cyber-criminals get away with hacking online?
The question on all of our minds is: how the heck do hackers manage to get away with what they do?
Well, Fowler said phishing attacks, which are fraudulent communications that appear to be sent from a credible source, are what cyber-criminals are mainly using nowadays.
"Most employees go through security awareness training. They know not to click on links that come in from emails, not to download attachments, but when they receive a social media message, their guard is typically down, because that's not the same thing they saw in the social or awareness training that they went through or the security education session they had," Fowler explained.
"Research shows that you're more likely to click on a link or open an attachment via a social media message than you are via an email."
So, cyber-criminals are now using social media as their go-to place to bait people. Here are a few ways to help stop you from being one of their next victims.
Tip #1: Think twice before you click on a link
Make sure you take a step back and think about the link you see before you press on it — even if it's a friend who sent it to you.
Fowler used this example: "Kyle's a popular guy, if I get access to Kyle's account and then blast out a phishing email from his social media account. All of the people are connected with Kyle will say, well, I know Kyle is a trustworthy guy, he sent me this link that looks good, I'll click on it and that takes them to a site."
But just because you trust Kyle, doesn't mean you should trust the link.
Fowler continued to advise that you "think twice before you click and then if you do somehow click on the link and go to a site, the site doesn't seem great based on the red flags we talked about, a low number of followers, not a lot of reviews, not very long on the social media platform."
"Think twice before you actually hit submit and submit your information to the site."
Tip #2: Pay attention to a merchant's page
The cyber risk expert told us that in today's world, many fraudulent messages are taking people to links like a Facebook merchant page or shady websites.
Picture this: You checked a traditional retailer's website and they didn't have your size, so instead you do a Google search looking for the same product and there are a bunch of different sites saying they have the item you want.
Fowler gave a few red flags to watch out for when you're looking at a merchant's page.
"The site has a low number of followers, so not a lot of people follow the site. There are next to zero or a very small number of reviews. So no one else who's been verified actually have reviewed any transaction or purchased via the site and the site typically is not on social media for a long period of time," he said.
Tip #3: Check your bank statements regularly
It's always in your best interest to check your bank and credit card statements on the regular.
Sometimes, if you end up purchasing something from a sketchy site, Fowler said hackers may put a small transaction of a few dollars, under $20, onto your card to make sure the information was captured correctly and to ensure that there's still space on your card.
Fowler continued to explain, "We see that followed with a larger transaction, this will be in the hundreds or even thousands of dollars. We see that in short succession and as long as they can verify that small transaction, they typically immediately put together a larger transaction."
These large transactions will often be products that "can be monetized later," like laptops or prepaid Visa cards.
This is why we're advised to check our bank statements regularly, to be able to catch the small transaction before the big transaction gets processed.
If you do notice this, make sure to report it to your bank or credit card company ASAP.
Tip #4: Have different passwords on all your accounts
According to Fowler, hackers "typically prey on accounts that don't have multi-factor authentication."
Cyber-criminals want as easy a hack as possible, so they hope to find people that have the same password on all of their accounts. Some experts say a good way to avoid using repeat passwords is to consider using a password manager to safely store and manage strong passwords.
Fowler explained that hackers could try about three billion email address and password combinations on a social media network like Twitter and there would be "maybe 300 million accounts that they actually successfully get access to."
Then, if you have the same password on your other social media accounts, they could "change the passwords and then they would send out the extortion notes saying, you got to pay me if you want access to your account again."
"So if you re-use the same password across multiple platforms, you're just asking for trouble," Fowler said. And, it's advised that we make sure to set up multi-factor authentication on all of our accounts. Fowler explained that although such isn't foolproof, it's definitely a step in the right direction.
"Cyber-criminals are getting good, but getting lazy and it's the path of least resistance to make a buck."
Fowler continued, "So multi-factor authentication is still really good if they have the choice to try and go through all of that versus just a good old-fashioned user name and password, they're going to pick the username and password every time."
This article’s cover image was used for illustrative purposes only.