October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber safe by equipping them with knowledge through the following four themes:
- Week 1: You Got Phished
- Week 2: Where, Why and How It Happens
- Week 3: Prevention
- Week 4: Putting It All Together
This week’s theme, “You Got Phished”, focuses on actionable steps to take to recover from a phishing attack.
Before we get started, it’s important to understand what Phishing is. Phishing is a common method that hackers will use to steal valuable information from individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.
How to tell if you have been phished or hacked
The most evident sign that you have been phished or hacked is when you notice changes to your accounts. This might look like not being able to access your email accounts, noticing suspicious charges to your bank or credit card accounts, or even receiving notifications on social media from friends alerting you that your accounts have been compromised.
Before you notice these clear signs of unusual behaviour, there may also be notifications from your accounts alerting you of changes. For example, if a malicious actor is attempting to sign into your email account, you may receive notifications asking you to confirm that “you” are trying to sign in from a certain location. In some cases, these alerts may also come after a successful sign-in attempt from a malicious actor. Banks may also block purchases from being made on your card until you confirm whether the transaction is coming from you.
To help keep you safe from phishing, we’re sharing 4 easy tips, as well as what to do if you have been phished.
Tip #1: Change passwords and upgrade passwords to passphrases
Did you know that at least 65% of people reuse the same passwords across multiple sites? Although this makes remembering your credentials easier to do, this also makes your accounts vulnerable to cyberattacks.
By creating complex passphrases and unique passwords for each site you use, you instantly tighten up your security, making your accounts less attractive to hackers. Password managers such as Google Password Manager and LastPass can easily help you create complex passphrases and store them so that you never forget a password again.
Some best practices for creating complex passphrases include:
- Avoiding family, pet, company, and familiar names that can be easily guessed by others
- Using unique combinations of letters, numbers, symbols, and cases for each site you use
- Creating passwords with at least 4 words and 15 characters long
To learn more about creating strong passwords, check out our 12 Passwords Best Practices post.
Tip #2: Enable anti-Malware and anti-virus software
Malware is one of the most common ways people experience a cyberattack. Did you know that 2 in 5 Canadians have had malware on their computer? Malware is software that is specifically designed to interfere with, damage, or gain unauthorized access to a computer system. If your device is infected, it can cause freezing and crashing, poor performance, unwanted pop-ups, and toolbars, and even send out unwanted emails.
Malware presents itself in many forms, including viruses, worms, trojan horses, spyware and adware, and ransomware. These common forms of malware are sometimes difficult to recognize. The following best practices can help you protect your computer system against malware:
- Install and use anti-virus software
- Avoid suspicious links and email attachments
- Download only from trusted sources
- Use a VPN on unsecured networks like public Wi-Fi
Tip #3: Enable automatic software updates
Updating your programs and operating systems regularly ensures that you are benefiting from the latest security patches and bug fixes, making it harder for cybercriminals to exploit your data with malware. Keep your systems, programs, and applications updated. Most programs and operating systems do a great job at reminding their users when an update is available. Enabling automatic updates on your devices will help ensure that you don’t miss an update!
Tip #4: Back up your data
Backing up files is easy to do! You can back up your data physically and/or digitally. To back up your files physically, you’ll need an external device such as a USB stick or an external hard drive. Once your files are backed up physically, you’ll want to ensure that you keep your external device stored in a safe location.
To back up your data digitally, you can use a reputable online cloud server. There are many great options to choose from! Some online cloud servers offer free storage up to a certain amount, while others have subscription fees.
Whether you decide to back up physically or digitally, choose what works best for you.
Keep Others Safe and Report The Scam
If you have been targeted by a phishing scam in Canada, you can help keep others safe by reporting the scam. You can report the scam by contacting:
- Your local police: file a report about the phishing scam or fraud. Remember to get a report number for your reference.
- Canadian Anti-Fraud Centre: provides assistance to law enforcement agencies by identifying the connections between fraud cases
- Regulatory bodies: if the scam involves someone from a regulated profession, regulatory bodies may have the ability to take disciplinary action to prevent further incidents.
To read more tips on what you should do if you have been scammed, check out this article.
Stay Cyber Safe
Whether it’s Cyber Security Awareness Month or any other day, always keep cybersecurity practices in mind to keep your cyber safe. For more information about CSAM, tune into our weekly CSAM articles for the month of October.