In recent years, we’ve seen a massive surge in digital identity theft, hacking and online fraud.
The bad news is that these practices will not go away, but instead will become even more prevalent. Hackers are becoming increasingly more sophisticated, gaining inroads into election results, company databases and individual bank accounts. They use algorithms and so-called artificial intelligence (AI), software that runs 24/7/365, and tries to break in. The recent surge of personal hacking is also related to the rise of cryptocurrencies. Crypto is attractive to hackers because, unlike cash, it is not easily traceable.
Protecting yourself and your family against these attacks is difficult, but important. Much like we’ve evolved to understand that basic computer literacy is important, or basic financial literacy is helpful, we are now starting to understand as a society that basic online security literacy is also really important. Unfortunately, there is not a ton of information out there, and it is kind of hard to follow.
I’ve created a simple collection of tips that I will maintain and enhance over time. I hope you find this helpful, and I hope you’ll take action in order to keep yourself safe from fraud.
- Create separate email for finance: Don’t use a personally identifiable email for finance-related stuff. Set up a second email to be used just for finance, and make it something not easily recognizable.
- Two-factor: Turn on two factor authentication for your Gmail login.
- Authenticator: Use Authenticator app from Google instead of text messaging. This app is useful not just for Gmail; you can use it for Amazon and many other logins.
- Recovery email: Setup recovery email on your Gmail accounts.
- Devices: In Settings => Security, check the devices that have access to your Gmail and make sure they are devices you recognize.
- Login: DO NOT log in to Google chrome with your Gmail. Again, DO NOT log in. If you do, all your settings, including your passwords, will be mirrored to the cloud. By not logging in, you will lose the convenience of restoring your extensions and bookmarks, but it is a mild inconvenience. It’s worth it when you consider that if someone hacks your Gmail and then downloads Chrome and logs in, they can’t get access to all your browsing history (see below) and passwords.
- Passwords: DO NOT store passwords in your browser. Use 1Password or another password manager (see below).
- Search History: Log in to Google and delete all your browsing and search history. This will cause the search results to not be personalized, which is not a big deal. Turn off tracking history.
- Location History: Same as above; clear and turn off your location history.
- Maps & other History: Same as above; clear and turn off anything else that Google is tracking.
- Pin: Call your provider and set up a pin, so your account can’t be accessed without a pin.
- Don’t port lock: Set up don’t port lock. Doing so will disallow your number to be ported to another provider.
- Two factor & texting: When possible, avoid using two-factor authentication via texting; use Authenticator app instead.
- 1Password: Use 1Password or LastPassword app to manage passwords. You will never have to remember all of your different passwords again. 1Password is awesome on mobile and also comes with a handy Chrome add-on for desktop—super easy to use.
- Family/Lawyer share: 1Password allows you to share passwords of your choice with family members or your lawyer, so they have access to them in case of an emergency. It is also convenient for sharing financial information with your spouse.
- Login: When setting up email accounts and/or login IDs, use things that can’t be easily identified, i.e. don’t use your name.
- Two factor: Setup two-factor authentication.
- Devices: Set up an alert to be notified when there is a login from an unknown device and/or only allow logins from the known devices.
- Transfers: If you feel like you are being hacked, call the bank, and put a transfer freeze on your accounts.
- Split your money: Consider using one bank for day-to-day transactions, and a second bank for storing the bulk of your money. Put a freeze on transfers, and don’t use debit cards with the second one, since you won’t be using it frequently.
- FDIC: Check that your bank provides FDIC insurance, and that fraud is covered. The insurance should be up to $250K per account, but it is max $250K if the primary account holder is the same. You can get up to $500K if you are primary on one account and your spouse is primary on your secondary account.
- Login: Use an email and/or login that can’t be easily identified. I.e. don’t use your name.
- Alerts: Set up text message alerts any time your credit card is used online / without you being physically present.
- Review: Check your account statements for any charges you don’t recognize.
COINBASE / DIGITAL WALLETS
- Two factor: Setup two-factor authentication.
- Authorized devices: Set up list of authorized devices.
- Tweets, etc: Don’t tweet or post publicly that you hold cryptocurrency.
- Who is: If you own any domains on the web, pay a few bucks extra to protect your WHO IS information, which includes your address, email and phone number.
- Password: Set up a password on your main home wifi.
- Guest Wifi: Create a password-free wifi for your guests.
- Devices: Review the list of all devices on your wifi, and remove the ones you don’t recognize.
- Credit agencies: There are 3 main agencies: Equifax, Experian, TransUnion and Innovis that handle your credit history. Call all of them and request a free credit report. Check for anything weird.
- Credit Freeze: If you never or very infrequently open a credit card or apply for credit, like getting a mortgage or a car loan, consider freezing your credit. This will not allow anyone to open a credit card or any other type of credit in your name. You can do it by removing the lock. The credit lock can be set for up to 7 years. A nice bonus is that you will stop getting junk mail offering you to open a credit card.
CALL, EMAIL & TEXTING FRAUD
- Email: Be careful with emails, especially the ones that come from someone you know, or a family member, asking for your login information of any kind. Always double check that the email is coming from the actual person. Also always double check that emails from Facebook, Amazon, Google, etc. are sent from the actual domain.
- Calls: There is an increase in fraudulent robocalls asking you to call back and provide your SS or financial information. Schemes include calls from IRS, your bank, etc. Never call these numbers! Always call back using the official number you have or find online. Use nomorobo.com to protect yourself from fraudulent calls.
- Text: Similarly, there is a surge in text spam / fraud. Block the numbers you don’t recognize. Be careful about clicking links in the text messages you get from strangers.