Rami Malek plays a hacker in Mr Robot
These days, you probably give out your personal information to websites on a regular basis and feel comfortable doing so. Anything you register for requires at minimum an email address and a password. Once you have given out that information to a website, you have zero control over it. If that website gets hacked, what information have you provided to the hackers simply by registering there?
Consider the users of that terrible website Ashley Madison. A lot of data was compromised. Some of the site members had used work email addresses, a lot of those email addresses had their full names clearly visible.. Now you might say – those people deserved what they got. I could argue both sides of that case.
Just recently a British phone provider was hacked, and British Gas customer login info was put online. Here in Australia recently, David Jones, Kmart and Patagonia were hacked. And these are only the companies we *know* about.
The Bigger Point Is –
What will happen if a website that you use regularly gets hacked? What information of yours will suddenly be available to the dark web?
In years gone by, I spent some time in email inboxes of the Nigerian Scammers. Law enforcement would hand over seized email accounts so that we could contact and warn the scam victims contained inside. I learned how to use the information provided inside those accounts to identify other email accounts the scammers were using so those accounts could also be seized. I learned to search the web for phone numbers, fax numbers, names, phrases used.
I can tell you how easy it is to follow the breadcrumbs that people leave online because I have done it many times myself. Sometimes it seemed to me to be like unpicking a thread sewn into the web – this email account leads to that email account which leads to that online dating profile which leads to this Facebook profile which gave me their mobile phone number and searching for that gave me 5 other email addresses that scammer is using.
Below you will find my top 10 tips for protecting yourself from hackers online.
You will absolutely be doing at least one of these things I mention below right now. I’m not saying quit doing that, or go and undo everything you have ever done. I’m saying going forward from now on- for your own safety – you might want to reconsider doing these things.
1. Do Not Use Your Real Last Name
Never. Not ever. Not on Facebook. Not on Linked In. Not on any website. Not on your blog. Keep your real life separated from your online life. There are a lot of great reasons to do this and they far outweigh any reasons you might want to use your real last name online.
You might pick a last name from a favourite character in a book or TV show. You might choose a colour, a word in another language, the name of an animal – but not a pet name! I recommend you avoid using your pets names online, not even for secret questions and especially not for passwords!
It is easy for people to ask you – what is the name of your pet – and if you have used it as your secret question they might have everything they need to get into your email account, depending on what email service you are using.
If you have used your real last name on Facebook, you can change it and I suggest you do so as a matter of urgency. Their “name standards” might say “The name you use should be your authentic identity” – that is all very well but not especially realistic given the world we now live in. You can add a hyphen and another word to the end of your name if you prefer. EG Sipowicz-Simone
Alternatively, if you do want to use your real last name on Facebook – let that be the ONLY place that you use it. Some people use their middle name as their last name – I frown on that concept a little but if it suits you, to each their own. :) How to change your name on Facebook.
2. Avoid Using Your Real First Name
This one I am a little more relaxed about – if you want to go by your first name online, on your blog, Facebook and Linked in, that is cool. But when you are signing up for mailing lists on websites, I usually do not recommend using your first name in that venue.
First up, the company is going to use your supplied first name mercilessly in their mailings to you. It is a lot more fun to go into your inbox and see “Hi Tiger, blah blah” “Hello Snake, blah blah” “Good Morning Bat, blah blah”
Secondly, if a hacker hacks in to the company, they can’t do a lot with Tiger Sipowicz or Snake Morgan or Bat Sorenson. Especially if you are not using that name on Facebook, Linked In, etc.
Thirdly, this is the chance you have been waiting for! You can give yourself that first name you always wanted, like Veronica, Natasha, or Beyonce. Using an Alias or a Pseudonym online is perfectly fine and sensible.
3. Do Not Use Your Real Address
Your first and last names, your home address and your birthdate are four key pieces of information that identity thieves need to steal your identity.
If you can, use a PO box for your mailing address. This means nobody can steal your mail, and you have a non-street address you can use for the web. Nobody is going to rock up at your PO Box as a surprise to yourself unless you have done something truly terrible to them. If you’ve given out your street address, people know where you *live*.
4. Do Not Use An Email With Identifying Info
Workplaces tend to use firstname.lastname for email addresses which if you think about it, that is a very stupid concept. They’ve given people more information than they need about you when you simply send them an email. If you have a Facebook account with that same name, you have a linked-in account or use your name on your blog, people can find out more about you just by searching.
For email online, you want to use a name that has nothing at all to do with you personally. I’m going to give you a new option for firstname.lastname which you can try if you like. Animal Name, Colour, Number. So you might have an email address like TigerBlue99 or SnakePink888.
NEVER use your work email address to register for a website. Some people found that out the hard way with the Ashley Madison hack. BE CAREFUL which email address you use on Facebook – do not use the same one you used for signing up on websites.
5. Choose Good Passwords
The better your password, the more protected you are. Never use pet names, birth dates, names of your family or partner, or any piece of personal information that someone could gather from your Facebook or other accounts online.
I recommend similar to the email name, you choose two different words and at least 3 numbers. Always make the first letter of each word a capital. But how will I remember that, Snoskred? Me personally I suggest a small paper notebook that you can keep somewhere safe and write them down, or use a spreadsheet or text file which you also password protect.
NEVER, EVER, NOT EVER, use the password for the email account you sign up with as the password on that website. Take for example the British Gas customers – if one of them used one password for every site on the web, the hackers can now get into their email account.
My advise is to use a two layer password system – use one password for your email account ONLY, and use another passwords for every other site. Whether that is one password for all the other sign ups you use, or a new password for every single site, that is up to you.
If you do use just one password for all other sites, I would suggest using different usernames, so that if a hacker got your password for Kmart, they can’t go to Woolworths and type in the same username and password. You could make the usernames different by just one number – eg TigerBlue87, TigerBlue88, TigerBlue89.
Rami Malek plays a hacker in Mr Robot
6. Be Careful With Your Birthdate
I personally use a fake birth date online. Your birth date is one of the key pieces of information identity thieves need to pretend to be you. Change at least one of the details – whether it be year, month, or day.
7. Be Careful With Your Bank Info
All that a scammer needs to create a fake cheque – also known as check or bank draft – is your name, BSB and account number. If you have the funds in your account, the payment WILL clear. It won’t be until you notice the money missing that you will know your details are being used in this way.
All that a scammer needs to deposit stolen or fraudulent funds into your bank account is your BSB and account number.
8. Remove Or Falsify Facebook Info
Just because Facebook asks for information from you does not mean you should provide it. Information I would not want to list on my Facebook would include – my phone number – my real full name – my real address – my postcode – which school I went to – where I am originally from – my current relationship status – where I was born.
Go and take a look at your profile and think – does this need to be here, or does it make it easy for people to know TOO much about me? Also consider this – do you have any of these things set as answers to secret questions somewhere on the web? EG the name of your primary school, your postcode, pet names, etc. Then do the same thing for other “profiles” you have on the web.
9. Search Yourself
Search engines can show you exactly what other people could find out about you online. I suggest you regularly search for your real name, address, email address and phone numbers. In fact you might want to set up google alerts for these things.
10. Use Prepaid Credit Cards Online
Screenshot from the Australia Post Load & Go Prepaid Visa
There are a lot of very good reasons to use prepaid credit cards online, but here are just a few –
– they do not require you to provide your name or address in most situations – thus making it easier to use a fake name and PO Box with websites.
– you control how much money is on them, so if your card number is stolen the damage will be limited to the amount you have prepaid onto it
– If the website is hacked, all the hackers will have is “Valued Cardholder” and a card number, plus the fake details you may have provided. This means only limited damage can be done. If you have given a website your name and your visa card with a $10,000 limit – and that website is hacked – criminals could run up a huge sum on your card before you can blink an eyelid. Plus you’ll have to cancel that credit card and get a new one.
There are plenty of different prepaid cards available in Australia now, you can likely pick one up when you do your grocery shopping. The Australia Post Load and Go one is pretty decent if you have any travel plans coming up. All of them will have some kind of costs involved but those costs are worth it when you consider the risks of using your own personal card online.
Guidelines
As I said at the start of this post, these are just some general guidelines I would recommend for consideration. Everyone has to live their life their own way, to each their own. Nobody wants to have their identity stolen – you may not know this but identity theft can be an enormous problem for years upon years if that happens to you.
One thing is very clear – we can no longer trust companies and websites to protect our information, so our only option is to be more careful with it.
Over to you –
what steps do you take to protect your identity online? :)