Make the Time, Please!

Last week I got a text message from Microsoft with a code to reset my Outlook password. I hadn’t requested the code so the text caught me by surprise. This is an email I don’t use much, but still, I sat up when I got the code. I changed my password and was thankful for the extra precaution with the code request.

Despite our good efforts, 43M dollars were lost to identity theft in 2023. Global cost of cybercrime tops 8T now. These are non-trivial numbers and we are only a click away from identity theft.

Here is a list the top ten things to keep ourselves safe from the bad actors.

Set up Multi Factor Authentication (MFA)

I mean everywhere! With MFA, if someone hacks into your account, they cannot change your password without your knowledge. Also known as two factor authentication, the device vendor or app creator will send a code to a second account or device when a password reset is attempted or you can setup face ID. The chance of the hacker getting a hold of the primary and secondary authentication sources is near zero. These are the places you should check and set MFA.

Phone: If you use iPhone, go to Settings and then Sign-In and set up Two Factor Authentication.

Email: If you use Gmail, go to settings and then security. Find “How you sign into Google” and set up MFA there.

WhatsApp: Go to Settings and then to Accounts and set up two-step verification and an add a pin.

Social media: I don’t use Facebook, Insta, TikTok so I cannot tell you where to go. In general, you will see the MFA option in Accounts, Settings or Privacy menus. Follow the directions once you locate it.

Bank and credit cards: In the account settings, you will find MFA options.

Be safe on banking and credit card portals

First of all, use the apps. If you can’t for some reason, then make sure the URL begins with https:// - that “s” at the end is super important, it means secure site. If it begins with http:// then the website is not secure.

Beware of links in email and text

You have to be absolutely convinced that the sender is legit, before clicking on a link in an email or text. Otherwise, you could be engaging with infamous fraud farms in Myanmar. No, I am not kidding. Check the sender’s address. If it is from Microsoft it will end in microsoft.com, not some concoction with Microsoft somewhere in the middle of the email address or text sender details. If you get an email from your bank or credit card company with a fraud alert, call their official number to verify. Don't call the number in the email or link, that will take you to...you know...Myanmar.

Carry cards in an RFID protected wallet

Get one from Amazon and carry only the IDs and credit cards you use regularly. Leave the rest at home in a safe place. With RFID protection, nobody can scan your credit card info as they walk by you in crowded places like streets, malls and stadiums. Yes this happens even if your card is in your wallet inside your purse.

Ditch the phone case for cards

This is a no-brainer because it is the best way to lose your phone AND your cards! Plus, as you talk on the phone, you expose your cards to walk-by theft.

Set proper passwords

Do you have passwords with your kid’s name or dog’s name followed by 123? If so, it won’t take the fraud farm much time to hack. Make sure your passwords are at least eight characters and have upper case letters, lower case letters, numbers and punctuation marks. A thoughtful passwords makes it harder to break into.

Avoid free wifi

Nothing good ever comes out of a free service. Seriously. Note that I didn’t say “do not use free wifi”. Sometimes we have to because cell signal is wonky. If you are forced to, then use it but as briefly as you can. Remember that free wifi is tagged as “unsecured”. So do not open sensitive apps or sites while on that coffee shop wifi. It is fine to do Google maps to find your way back to cellular signal.

Don't let anybody add you to groups

This is for WhatsApp. Groups are as only as strong as the member with the weakest security settings. When one person is compromised, it causes a cascading effect on group members. Go to settings, then Privacy and then click on Groups. Select “My contacts except” and then select all. This means nobody can add you to a group without your permission. If this is too restrictive, go back and uncheck the contacts who can add you to groups. In my settings, only my immediate family can add me to groups.

Be careful with sensitive information

We often have confidential information on our phone, tablet and latptop like SSN, date of birth, passport and driver’s license. Save these docs as PDF with password protection - File, Print, Save as PDF and then set a password through security settings.

Don’t give out out ph# and email You know the salespeople who always ask for a phone number or email with a promise of discounts? Right, you know. Companies have data breaches all the time. Do you really want your phone number and email out there with a gazillion retailers who may not protect your data adequately? Don’t overthink, the answer is no. Also, very few businesses require your social security number. Do not give it to anybody without a legitimate need to know.

I know it takes time to do all this, but the investment is worth it. Please make the time to keep yourself safe. Bad actors abound and their motives are incredibly sinister. Few things are worse than identity theft.

May the force be with you.