You are busy accumulating wealth - great! But please make sure that your online financial accounts are not vulnerable to hacker attacks. Even if you are hacked, you can recover but it's a lengthy process that takes time, effort and can be immensely frustrating. A few simple tips can help you try to avoid this (I say "try" because the hackers are getting smarter by the day):
Tip #1: Different strong passwords for your sensitive accounts.
Sensitive accounts are those that, if compromised, would cause you and your family financial harm. (Other harm could also occur but since this a financial sub, I am focused on this.) Sensitive accounts are:
- Your financial accounts (bank, brokerage, credit card). A loose "rule of thumb" is this - Any place that has your social security number (or, tax payer identification number TIN) is a sensitive account. This would also include, obviously, your account at the Social Security Admin (ssa.gov) (if you created one), also your accounts where you do your online tax preparation (for example, TurboTax or HR Block, etc.), login to your employer where you manage your payroll, withholding, PayPal/Venmo accounts, etc.
- In your financial accounts, you may be required to specify an email address (for notifications, for example). All such email address accounts now become sensitive accounts.
- Likewise, in your financial accounts, you may be asked to provide mobile phone numbers to receive one-time-password (OTP) or other notifications. If so, all such phone number accounts become sensitive accounts.
For each such sensitive account, use strong passwords: passwords should be long (as long as the site allows), use mix of upper/lower/number/special characters. Ideally, generate these passwords using a password generator. I use a tool called Password Safe (developed originally by Bruce Schneier - one of the gurus in cryptography). I use its "generate password" feature to generate random passwords for me. There are other tools out there that you can use as well.
There are tools that allow you to save all your account credentials (like Dashlane, 1Password, LastPass, etc.). Use them, if you'd like, but be careful because hackers would, of course, love to hack into them.
Tip #2: Use multi-factor authentication (MFA) where site allows it.
Many sites will send you a one-time token to your email or phone upon login. Use this where possible for your sensitive accounts.
For Gmail, Microsoft email accounts, you can use Authenticator apps that they each provide. These generate tokens that you have to enter when you log in.
In case you missed it from Tip #1, your email and phone have to protected carefully because its where you receive notifications. A smart hacker would first hack your email and then your other sensitive accounts.
Tip #3: Different passwords and bogus information (where possible) for non-sensitive accounts.
You are creating an account at some site. It's not a sensitive site (as defined above). They ask you for all the usual information - name, email address, phone, security questions, etc. There is NO need to answer these truthfully - you are not under oath :-) Where possible, put bogus information (esp. in name, security questions, etc.).
Use different passwords for these accounts. Ideally use strong passwords.
"Why worry about non-sensitive accounts?" you ask. Think about this (from the mind-set of a hacker). If a hacker wanted to hack your financial account, he would not first mount a direct attack against it - because these sites have greater security. Instead, he may attack your account at a smaller site. He may know your email address and/or user id or simply guess it. He tries common passwords and if you have not been careful, he's in. Once in, he gets your personal information from the "Account Information" pages - your name, your address, your phone number, your security questions, etc.
Armed with this information (and, perhaps, additional information from other non-sensitive accounts), he is now ready to attack your sensitive accounts.
Tip #4: Opt for electronic tax documents (1099, W-2), etc.
Physical mailbox thieves are on the prowl esp. during the months of January and February when important tax document arrive in physical mail boxes (your employer W-2, your brokerage 1099-INT/MISC/DIV, etc.). Where possible, enroll in online delivery.
Tip #5: Protect your computers with anti-virus/firewall and don't blindly click on links in emails.
Hackers want to gain control of your computer. Make sure you have an antivirus/firewall installed on your computer. If they gain control of your computer, game over.
Protect yourself against phishing attacks by NOT clicking blindly on emails with links in them.
Tip #6: Check your credit reports at Experian, Transunion and Equifax
All the above steps protect you against hacking for accounts you know you have. But what about an identity thief who opens an account using your SSN and personal info? You will not know about such accounts at all. The only time you know about these is when you get a credit report from one of the big three reporting agencies (or, when you apply for credit).
Each credit bureau allows one FREE access to your credit report each year. So check a different credit bureau every 4 months. Here's what you can do:
On Jan 1 each year, get your report from Equifax report from annualcreditreport.com
On May 1 each year, get your report from Experian.
On September 1 each year, get your report from Transunion.
And repeat the cycle each 4 months.
I have put this as recurring events on my calendar.
This strategy relies on the major credit providers reporting their account statuses to each of the big 3. But if a particular credit granter only reports to one of the three, this strategy may miss that for 1 year.
Tip #7: Don't fall for telephone scams
You may get a call from someone who purports to be from the IRS (the caller id may even say something like 1-800-xyz-1040). Scares the heck out of you by saying that there's an arrest warrant outstanding against you and that you need to pay $2000 via an iTunes card.
Don't be taken in by this. I know it's easier said than done because such a call induces panic.
Install a telephone spam call detector/blocker. I use Nomorobo (www.nomorobo.com) [Full disclosure: No affiliation with them.] There are other providers too.
Be safe. Good luck!
Submitted June 21, 2018 at 08:08AM by arnexa https://ift.tt/2K6zynn
