It’s back. Big fraud is making big news. In the wake of Yahoo’s recent data breach – in which 500 million records were compromised – it’s time to review security practices that everybody should be following (but not everybody is). Security challenges are constantly shifting: ATM skimming is up, for example, and spoofing has become more sophisticated. Most of us, on the other hand, are not nearly as motivated.
Here are seven things to do right now to make yourself more secure:
1. Get your passwords together.
We all know the drill. If your Yahoo account may have been compromised, you need to change your password. Here’s a thing about Yahoo accounts: Many of us have one without even remembering we do. Regularly changing your passwords, especially on critical accounts, is a good practice anyway.
Use this moment to lock this down. You need unique, complex, difficult-to-crack passwords for every login you use. If you’re active online, that could be dozens of different passwords, all of them long, complicated and impossible to remember. You’ll be tempted to use your pet’s name or birthday, but that’s not secure (especially if you’ve already revealed this information on social media). Instead, get a free password manager such as Dashlane or Password1. You’ll get a strong, randomly-generated password that is automatically stored so you don’t have to backward Navajo code talk your own creations.
2. Mess with the ATM a little before using it.
Don’t go crazy with this, but do take a minute to check the keyboard, card slot and surrounding area on an ATM before you use it. ATM skimming is rising astronomically, and it commonly happens when thieves tamper with ATM card slots, install dummy keyboards or place tiny cameras to capture your PIN. The keyboard and card slot on an ATM shouldn’t feel loose, rattle or jiggle when you pull on it. When you’re entering your PIN, cover the keyboard with your hand.
If you see something, say something: If you find a skimming device, call the police and then notify the ATM owner. Not sure what you’ve found? Report loose parts or anything else that’s puzzling to the ATM owner. Even if it’s just faulty equipment and not skimming, they’ll want to make a repair.
3. Protect your PIN at checkout, too.
Skimming is not just for ATMs – it also happens when you swipe your card at the point of sale. Use your hand to cover the keyboard when inputting your PIN, in case a camera has been installed to record that information. Alternatively, choose credit over debit and avoid using your PIN altogether.
4. Set up a communication protocol.
Take five minutes to make sure that your credit union and every card company you do business with has accurate, up-to-date contact information for you. Would you like to be contacted by text message if a suspicious charge comes through? Let your card company know. Both Visa and MasterCard are in the process of requiring that card issuers make text alerts available to cardholders, since many people don’t answer the phone if a caller is unknown. Which brings us to tip #5:
5. Proceed with caution when you answer the phone.
Is an unknown caller on the line? Use caution before you answer and be prepared to hang up. Robocalling is illegal, but that doesn’t stop it from happening. If you answer the phone and there’s a pause, or someone unfamiliar is on the line, say nothing and hang up. Do not respond to questions. Do not press “3” to be removed from the call list. Robocallers are trying to find out whether a live human answers at your phone number. Revealing yourself is a critical error.
What if it’s your financial institution calling and they need you to verify your account number and PIN for really good reasons? Nope:
A. Your financial institution already knows your account number and PIN. Honest.
B. Caller ID spoofers can now impersonate a phone number from your financial institution (or anywhere else, for that matter), so seeing a familiar number on your caller ID is not a guarantee that a call is legitimate. Better: If you’re contacted by anyone – your credit union, the IRS, the utility company, anyone – saying they need information from you, hang up and call them back on the number you have on file for them. If they were really trying to reach you, they’ll be able to verify that quickly over the phone.
6. This advice goes double for email.
Don’t click links to “update” or “verify” your information in any unsolicited email. Not only should you avoid revealing any account information or passwords, but you should also avoid clicking links or opening email altogether. Doing so could cause malware to be installed on your computer or device.
7. Make your mobile banking safe.
Fourteen percent of us use public Wi-Fi and an unsecured connection to pay a bill, shop or visit online banking – twice as many as in 2014. If we’re traveling, the risk goes up: 82 percent of travelers use unsecured Wi-Fi while on the road. Stop it. Using your smartphone to check your balance can be a really good idea, just make sure you do it safely – ideally using your credit union’s mobile banking app on an encrypted cell connection. If your mobile banking isn’t set up securely – or you’re not 100 percent sure — take a minute right now to fix your settings.