The Better Business Bureau is offering some advice on cyber attacks and how to avoid them following recent reports affecting some federal government agencies.
The Canada Revenue Agency recently announced that some 5,600 accounts were compromised as the result of two separate cyber attacks.
It was learned that hackers used passwords and usernames collected from previous data breaches across the globe.
Another 9,000 accounts linked to GCKey a government portal to access government services online were affected, and hackers successfully accessed government services for about one-third of affected accounts.
Kristin Matthews of the BBB says victims should consider putting a credit freeze or fraud alert on credit reports, and update their passwords for all online accounts.
Matthews says attackers will often use one piece of credential information to unlock multiple accounts.
A full list of tips from the Better Business Bureau can be found below.
Consider putting a credit freeze or fraud alert on your credit reports with the major credit reporting agencies. A credit freeze will prevent anyone from accessing your credit report or scores. This means you cannot apply for new credit without lifting the freeze. A fraud alert flags your account but does not automatically halt new credit being opened in your name.
Update the passwords for all your online accounts. This will be extremely important if the password for the compromised account was being used for multiple sites.
Monitor your credit card statements carefully. If you see a fraudulent or unauthorized charge, report it to your bank or credit card issuer immediately so the charge can be reversed and a new card issued.
Avoid fake emails. Do not respond to emails you may receive with offers to help you in an attack. Many of these emails may be phishing emails created by scammers. Do not click on any links or provide any personal information that may be requested. If you have concerns, contact the organization directly to verify the email came from them.
“With more people going online to shop, bank, connect with family and friends, access medical records, apply for government grants as well as manage other aspects of their business and personal life, proactively safeguarding online accounts against unauthorized access needs to be top priority”, explained Kristin Matthews, Marketing & Communications Specialist for Better Business Bureau serving the Atlantic Provinces. “Compromised accounts could lead to everything from identity theft and extortion attempts, to fraudulent schemes and loss of valuable data like business files and family photos. Strong systems are still at risk of being compromised if users have poor cybersecurity practices like weak passwords that they share with others or use for multiple accounts”.
The most harmful perspective is believing you are not at risk of a cyberattack, as cybercriminals do not discriminate in targeting all sorts of users. The stakes are high – both for your personal and financial wellbeing. With this in mind, BBB is sharing the following tips to help Canadians avoid scams, frauds, identity theft and their online accounts being compromised:
Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. This adds additional layers of security to the standard password method of online identification. Without MFA, you would normally just enter a username and password. However, with MFA, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password or even a fingerprint. Use it for email, banking, social media, and any other online services you need to sign into.
Shake up your password protocol. Consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuations and capitalizations. Use password managers to generate and remember different, complex passwords for each of your accounts. With just one master password, a computer can generate and retrieve passwords for every account that you have – protecting your online information, including credit card numbers, answers to security questions, and more.
Play hard to get with strangers. Cyber criminals use phishing tactics, hoping to fool their victims, usually by pretending to be someone they know, trust or recognize. If you are unsure about who an email is from—even if the details appear accurate— or if the email looks suspicious, do not respond and do not click on any links or attachments enclosed. Where possible, use the “junk” or “block” option to no longer receive messages from a particular sender. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect a user’s information.
Stay protected while connected. Before you connect to any public wireless hotspot—such as at an airport, hotel, or café—be sure to confirm the name of the network and exact login procedures to ensure that the network is legitimate. If you use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.
Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. These seemingly random details are all that criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Insurance Numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time.
