Scam numbers are on the up and up, and that’s bad news, with your passwords at risk. What has Google found, and what can you do to keep security up with it?
The world’s biggest search engine has been doing research, and it could be bad news for Australians not taking security seriously. According to Google, only 42 percent of Australian adults actively take steps to improve online security, while the remaining Aussies seem less likely to.
This despite the influx of scams over the past year which to date has seen well over $100 million lost from local wallets according to recent data from the Australian Competition and Consumer Commission’s Scamwatch project.
The research from Google in Australia found that one third of the population has seen passwords hacked or compromised, while phishing attacks have affected one in four Australians at least once.
The news may not be surprising, especially with more and more scams popping up than ever, many of which arrive on our phones, one of the few gadgets we’re almost always carrying. We’re seeing new scams weekly, some of which come through over email, others on text, and some more directly through a phone call as scammers try the call centre approach with a script to convince you to hand over credit card details.
While scams are on the increase, hardly a surprise given the amount of money it generates for cybercriminals, at the same time internet hygiene may not be as high as experts would like, with Google’s research citing that 47 percent of Australian adults don’t look for the secure pad lock symbol in their browsers when buying something online, and almost a third not knowing what it means in the first place.
Security symbols like these can be a bit of a red herring, of course, as the padlock symbol only means the site has a security certificate applied, and anyone can get one of those, whether for free or by paying for it. However passing details to a website lacking that security measure is a different story altogether, and is a particularly telling point that something may be amiss with the website you’re visiting.
It’s especially a problem if you’re handing over password details at a website pretending to be a larger one, such as is the case with phishing sites.
Phishing attempts come when a website is intentionally deceiving by pretending to be something you trust, such as through a fake Facebook, fraudulent Australia Post, and so on and so on. You can typically work it out by looking at the URL bar in your browser, which will give it away quickly if the location isn’t legit, but if you’re not sure what the padlock is, you mightn’t find the URL bar quite so easy to understand, and that could get your password stolen and hacked quickly, opening you up to a world of trouble.
“Hacking of passwords is an ever-present threat and phishing scams are becoming more sophisticated,” said Samantha Yorke, Senior Manager of Government Affairs and Public Policy at Google.
“While it’s concerning that many people feel they don’t know what to do to improve their online safety, there are simple steps you can take that make a huge difference – and with Australians spending more time online, protecting yourself is more important than ever,” she said.
Some of those steps include to always check website URLs to make sure you’re at the real place, while also turning on multi-factor authentication, ensuring that if someone is trying to change your password, they have to go through several steps, with a minimum of two.
Also called “MFA”, “2FA” (for two steps), or “3FA” (for three steps), multi-factor authentication is one way of making sure your passwords aren’t as easily compromised, because even if something changes in one place, you’ll be alerted on your phone or email somewhere else if someone tries something.
Another approach is to make sure your passwords are strong, something you can do with an automated password creation system, such as the one built inside almost every web browser.
These days, web browsers typically include a “suggest password” feature available when you right click, and it works alongside password management built directly into the browser. However, suggested passwords often come with the problem of being too complex to recall, and may not be to everyone’s liking, so Yorke suggests another approach.
“Try an easy to remember sentence, and take the first letter of each word using upper and lowercase letters where appropriate,” she said. “Where possible, replace letters with numbers or symbols.”
It means if you’re struggling to find the right password, take a phrase you know that’s specific to you — such as “don’t mix grain and grape” — and add some different numbers or symbols to make your own code. It could become
D0ntM!X6r@iN&grApE or even something a little more simplistic, capitalising the last consonant of every word and turning vowels into numbers and symbols, ending with an exclamation mark with
Ultimately, a password manager might help you recall these passwords more clearly, especially if it’s built into a browser, and these can be used to help stores your passwords, whether it’s Chrome, Safari, or something else.