Scammers lie in wait
It was late on a Sunday night when the email arrived warning Hugh that he had a problem. He was too tired to notice all the obvious signs that a scammer had him in their sights.
“I was tired, and I didn’t use the usual checks,” says Hugh Devereux-Mack, who was at the time a Senior Advisor with New Zealand’s cyber security agency CERT NZ. “I didn’t look at where it came from. It looked like Facebook, and the email raised a common problem, so I put in my username and password.”
Hugh ended up on a web page that didn’t look right, so he tried again with his username and password before he realised what was happening.
Fortunately for Hugh, he had two-factor authentication turned on. That’s a two-step process that makes it more difficult for a scammer if they get access to your online accounts by also asking for a code number or other evidence as an extra layer of security.
“If I had not had two-factor turned on they would have had access to all the social media accounts I had access to.”
He says it’s important not to feel ashamed if you get sucked into a scam because that only plays into the hands of scammers. The more we can talk about it to trusted friends and family the better.
“Shame comes into play after you have been a victim, but it’s also a scammer’s mode of operations,” he says. “We need to work on destigmatising it. You are either a victim of a crime or a potential victim of a crime and it’s OK to speak up about it.
“Two-factor authentication is similar to your seatbelt when you are driving. If something goes wrong and a scammer has your username and password, it helps keep you safer. You should never give away or tell anybody your two-factor authentication codes.”
You get an uneasy feeling talking to Hugh that all your passwords might need replacing with something longer and certainly smarter. But now, in a series of video seminars available on IHC Media’s Korero stream, you can hear more from Hugh about how to keep safe online.
The seminars cover choosing a strong password and how to spot and deal with phishing emails and texts.
His best advice is to use a strong and unique 15-character password – or ‘passphrase’. Facial recognition and fingerprints can be useful. Hugh also warns against acting quickly.
If you are feeling rushed to make a purchase or click on a link or reply to an email, his advice is to stop, walk away from your device and make a cup of tea. Then go back with a clear head. Because if you are feeling panicked or rushed, that is a signal you may be the target of a scammer.
Hugh says some of the saddest scams he has seen in his time at CERT NZ are romance scams. “The cost is not just financial.” He says people develop relationships with the scammers and continue them even when people warn them that they are scammers and not to send any more money or gift cards.
And you don’t have to have a lot of money to be scammed. “We know that the majority of scams in New Zealand are for less than $500.”
Beat the scammers by watching our video series.
Hugh’s top tips for keeping yourself safe are:
1. Be suspicious if someone contacts you unexpectedly asking you to do something.
2. Don’t be rushed into clicking a link or phoning a number. Walk away and seek advice.
3. Have a really good password and two-factor authentication to access your bank, your email and your social media.
4. Talk about cyber security and scams with friends and family.