Don't click on direct links (in
emails, text messages, etc.), especially those that are asking you to
enter sensitive information. It's best to go directly to the
source/website.
Don't respond to phone requests
asking for personal or financial information. If you are concerned, find
the correct number and call the organization yourself.
Don't overshare on social
media. These details can provide hackers with your location, ammunition to
craft spear phishing attacks, and answers to security questions. Think
before you share!
Don’t go “out of bounds” for
comms. E.g. if you’re buying something on eBay, and the other party wants
to negotiate via email instead of the bidding system.
Look out for emails which claim
to have your password and say they’ve seen you visit bad websites, or
recorded you in compromising positions.
Be skeptical of any request to
change banking or wiring instructions, even if from a trusted person who
you regularly conduct business with. Always verify before following
through by calling the person using a previously discussed phone number.
Never reuse passwords between
any website or service
Always be skeptical of any
unexpected invoice, or request to get or pay for anything by using gift
cards.
Create policies which require
people getting unexpected requests for payment or changes in payment
information to first verify by directly calling the person using a
previously trusted phone number.
Never answer authentication
recovery questions (e.g. What is your mother’s maiden name?) with real
answers. Try to avoid altogether, but if forced to use, don’t use real
answers. Treat each question and answer as a sort of password (e.g.
frogdog65). Sadly, that means you’ll have to write down each question and
answer for each website that requires them, but you’ll be far less likely
to have your account hijacked.
