“MOMMY!!! Where’s the sunscreen?”
I was doing an internal happy dance. A prospective client sent me a proposal, and I had just clicked on the attachment when my son Dylan started yelling. We were on vacation, and the kids were ready to go to the pool. I helped Dylan find the sunscreen and signed into the Google drive link to open the proposal. Ugh, it wasn’t working.
“WAH-WAH POOOOOL,” my daughter Sydney wailed. I put away my phone, rounded up the kiddos, and walked out the door.
And that’s when I became the victim of a phishing scam. They stole my money, my contacts, but worst of all, they stole my peace of mind. Below are three ways you can avoid this nightmare happening to you.
1. Go Big AND Go Home
In all my excitement about securing a new client, I tried to open the attachment on my phone. Since then, the hackers have sent similar emails to many of my contacts. And when you’re looking at the email on a wider screen, it looks pretty “phishy” (I couldn’t help myself). The email address isn’t mine, the signature line is weird, and the link is even worse! Yet on your phone, many of these warning signs are truncated given limited screen size. The hackers are getting a lot more sophisticated with impersonating people in your network. If you don’t want to be a victim of their virtual Polyjuice Potion, I would suggest reviewing emails with attachments on a widescreen AND using a trusted network like your home or office. This is also a great excuse to buy whatever phablet you’ve been coveting. You’re welcome.
2. Do the Two-Step
I’ll admit it. I hadn’t setup two-step verification. Two-step verification texts a separate code to a small list of trusted devices whenever you login. You can only login if you have the password and the unique code. It seemed like overkill to me. I’m always very cautious about not opening suspicious emails, and I had good antivirus software installed. I had setup two-step verification on a few accounts before, and it was such a hassle. You know what’s an even worse hassle? Being hacked. If you haven’t setup two-step verification on ALL financial and communication accounts DO IT NOW! Do not pass go, or hackers collect $200! You may think Facebook and LinkedIn accounts aren’t as important. You are wrong. The hackers who hit me downloaded all my contacts. Even though my accounts are now secure, the hackers still impersonate me. And they’re aggressive! If you respond and say “hey Ty is this you” SOMEONE RESPONDS PRETENDING THEY ARE ME! Hackers don’t need to be in my account to use my name to get into YOUR accounts. Take it from me, you do not want to be a virtual rash for all your personal and professional contacts. TWO. STEP. NOW.
Forget all your passwords. Seriously. Your passwords should be so complicated and unique that your brain, no matter how big and impressive, can’t retain them all. I had “unique” passwords for all my accounts, but they were often variations of each other. Now I use Dashlane which stores and generates unique passwords for all accounts. There are many similar services. Pick one you trust and use it. I know what you’re thinking. You don’t think you have enough accounts to warrant password storage software. Believe me, I think you’re awesome and right about a lot of things. But you are so wrong about this. Once I signed up with Dashlane, I realized I had 197 online accounts! 197! And before you write me off as some weird website junkie, think about it. All the conferences you’ve ever attended. Surveys you’ve filled out. Trial memberships you started and forgot about it. Can you honestly say you used unique passwords for all of them? If not, then you need password support. ASAP.
Getting hacked is challenging and embarrassing, and I hope these three steps help you avoid my mistakes. Tune into my next blog where I share how to recover if you’ve already been hacked. And please share any other tips you’ve found useful in the comments.