BBB Tip: Cyber attacks and how to avoid them

Even the Canada Revenue Agency (CRA) has been the target of a “credential stuffing” scheme. When cyber attacks happen, take them as a reminder to take active steps in protecting your online accounts.

• Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. This adds additional layers of security to the standard password method of online identification. Without MFA, you would normally just enter a username and password. However, with MFA, you would be prompted to enter an additional authentication method such as a Personal Identification Code, another password or even a fingerprint. Use it for email, banking, social media, and any other online services you need to sign into.
  
  
• Shake up your password protocol. Consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuations and capitalizations. Use password managers to generate and remember different, complex passwords for each of your accounts. With just one master password, a computer can generate and retrieve passwords for every account that you have – protecting your online information, including credit card numbers, answers to security questions, and more.
  
  
• Play hard to get with strangers. Cyber criminals use phishing tactics, hoping to fool their victims, usually by pretending to be someone they know, trust or recognize. If you are unsure about who an email is from (even if the details appear accurate) or if the email looks suspicious, do not respond and do not click on any links or attachments enclosed. Where possible, use the “junk” or “block” option to no longer receive messages from a particular sender. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect a user’s information.
  
  
• Stay protected while connected. Before you connect to any public wireless hotspot (such as at an airport, hotel, or café), be sure to confirm the name of the network and exact login procedures to ensure that the network is legitimate. If you use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.
  
  
• Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. These seemingly random details are all that criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Insurance Numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time.