In this article:
As spring cleaning season kicks in, direct some of your energy toward tidying up your cybersecurity habits. Anyone can be targeted by a cyberattacker, and scammers are always developing new scam tactics to steal information and money from online victims. That's why it's important to keep up with evolving threats and update your approach on at least an annual basis.
Use this cybersecurity spring cleaning checklist to keep your defenses up to date and avoid online fraud.
1. Prevent Phishing Attacks
Phishing is when a scammer contacts you using email, phone or text message and attempts to trick you into handing over money or sharing your personal information. One of the most effective ways to protect yourself from cyberattacks and phishing is to learn to recognize the warning signs. As the IRS simply puts it, "the easiest way for criminals to steal sensitive data is to simply ask for it." You can help keep yourself safe by looking out for these red flags:
- Unprompted communication from a company: Unusual or unexpected communication from a company could be a scam. Scammers often attempt to phish your login credentials by sending you a phony login link or impersonating an organization you trust, such as your bank. They might also impersonate tech support at a trusted company, such as your job or phone provider.
- An attempt to instill panic: Cyberattackers hit you where it hurts to try to get you to act out of emotion. For example, one common phishing scam in 2022 is a fake invoice in your email telling you that you've spent $800 on a new software package or $3,000 on a new phone. When you click the link to dispute the charge, the scam will ask for your account login or bank account information. Threats of fines or jail time are also common.
- Requests that you act now: Along with inducing panic, scammers aim to create a sense of urgency to get you to act before you have time to think. Trusted institutions like your bank or the government don't ask you to act immediately to avoid dire consequences.
- Generic greetings: Look out for generic or unusual greetings such as "Hi dear" or simply "Hello." If it's followed by a request that you click a link or hand over personal information, it's a tell-tale sign of an online phishing attempt.
Don't click any links or respond to any suspicious text messages—there's nothing to be gained from talking to a suspected scammer. Instead, cease communication and navigate directly to the company's site to check the status of your account, or call them directly using a trusted number.
Prevent web phishing by using antivirus software when you browse the internet, and avoid visiting sites you don't trust. Scammers often spoof web URLs, so be cautious and ensure you're navigating directly to your intended site.
2. Strengthen Your Passwords
Strong passwords make it harder for hackers to gain access to your account. At an individual level, many account breaches are the result of risky password habits, such as using an easy-to-remember password or using the same password across multiple accounts.
Strengthen your password practices with the following strategies:
- Use a password manager. Password managers help you keep track of all of your passwords and make it easier to create unique, strong passwords that use hard-to-guess combinations of letters and numbers.
- Don't use the same password on multiple accounts. Reusing passwords increases the risk of a cyberattacker accessing more of your data, because all a hacker has to do is obtain your password on one account to gain access to all of your accounts.
- Change passwords as needed. Many cybersecurity experts recommend that you change your password several times a year so that a hacker who has access to your account can't maintain that access for long.
3. Tidy Up Your Social Media Habits
Social media accounts can be another entry point for phishers and scammers, so it's important to remain aware and in control of your profiles, accounts and digital footprint.
Here are some best practices for lowering the risk of cyberattacks targeted at social media accounts:
- Delete the accounts you no longer use. Routinely delete old social media, email or other web accounts you don't want anymore. Any account could be the target of a hacker, and unused accounts can be especially vulnerable because it may take you longer to notice that they've been compromised. Simply deleting an app from your phone won't limit your exposure, so be sure to deactivate the account itself.
- Watch for email alerts. If you receive a security alert to your email that someone has attempted to log in to your account from an unrecognized device or location, take the alert seriously and follow the instructions to secure your account. Just make sure the email alert itself is from a trusted source and isn't a fraud attempt.
- Enable two-factor authentication. Many platforms now include the option to set up two-factor authentication, which asks you to provide a secondary password or code to verify your identity. Platforms that offer two-factor authentication include mobile banking accounts, social media accounts, email accounts and more.
- Update your privacy settings. Update your privacy settings to ensure that your account is set to the level of privacy you feel comfortable with.
- Limit what you share. Never post information someone could use to steal your identity, including your address and Social Security number. You should also avoid inadvertently sharing answers to password recovery questions, such as the name of your first pet, your childhood best friend or the street you grew up on.
4. Keep Your Devices up to Date
If you're always putting off software updates, you're leaving your device open to malware and spyware threats. Out-of-date operating systems (like your phone's iOS or Android OS) make you more susceptible because software updates include "patches" that fix software bugs and vulnerabilities hackers can exploit. Updates also include enhanced software security features.
Since cyberattackers exploit vulnerable devices, take care to make sure your device's operating system, web browser and antivirus programs are up to date. In addition, consider using a cloud backup service to back up data, files and pictures on your phone and other devices.
Refresh Your Cybersecurity to Avoid Online Fraud
On top of routinely tidying up your cybersecurity habits, scanning for data breaches can give you additional insight into how your personal information may be compromised. You can use Experian's free dark web scan to see whether cybercriminals have attempted to sell your Social Security number, email or phone number on the dark web. For continual monitoring, Experian IdentityWorks℠ provides regular dark web scans.