There are a few simple steps you can take to help improve your online safety and protect yourself from scammers and cyber-criminals. Here’s how:
Make sure you have up-to-date anti-virus and firewall software on your devices.
Protect your PEXA digital certificate – store it securely if you’re not using it in PEXA.
Don’t share your PEXA password or digital certificate PIN.
If you think something has gone wrong and you or someone in your business has been compromised, contact PEXA and suspend the user’s PEXA access.
Note, this is not a full list of security measures you should take to ensure your cyber-security. If you are in doubt, or you are not sure, you should seek advice from an IT professional.
Full Subscriber obligations on digital security are set out in PEXA’s Subscriber Security Policy.
Spam: unsolicited emails or messages – commonly bulk advertising.
How to manage spam
Don’t unsubscribe from spam emails. By unsubscribing spammers learn that your email is correct and will continue spamming you.
Instead, use your email settings to direct them to your junk folder.
Phishing: fraudulent emails or messages attempting to deceive you and steal sensitive information such as passwords or bank details.
Examples of phishing emails
These different types of scams all have the same goal: to try to trick you into revealing your sensitive details, or to click a link or download an attachment which contain malicious software to access your private information.
How to spot phishing emails
Although phishing emails are designed to trick you, understanding the key ‘giveaways’ of a fake message will help you to spot them and to avoid opening malicious attachments or voluntarily giving away sensitive information to cyber-criminals.
Here are some common signs that an email you have received is a phishing message.
Official communications will generally have no grammar or spelling errors. Such mistakes can be a warning that the email is malicious.
Generic greetings and sign offs
A legitimate personal email would address you by name, whereas a phishing email is bulk delivered to a wide audience and will use default greetings and sign-offs such as “Dear Sir”.
Call to action
A phishing email will sometimes instruct you to act quickly to avoid a problem. This is to try and rush you into clicking their malicious material also known as ‘click-bait’.
Suspicious links and fake websites
If you are suspicious about an email and it contains a link that you are being directed to click, hover your mouse over it to preview the URL. If the URL has no resemblance to the website of the alleged sender, this is a strong indication that it is a fake link.
If any of the above red flags have been observed in an email, do not open the attachment. This may be what the scammer is using to get your private information.
What to do if you receive a phishing email
Malware is short for malicious software. It can include:
Malware programs can harm your system by:
Ransomware attacks involve sending a misleading email, such as a bill or fine, to trick you into clicking a link. If this happens, ransomware locks the files on your computer and opens a pop-up window requesting a ransom to be paid, often in Bitcoin or another cryptocurrency. Payment of the ransom may not secure the release of your files.
Protecting yourself from attacks
Take the below precautions to help avoid a malware attack.
Frequently updating your operating system, browser and applications helps safeguard your privacy.
Run anti-virus software
Installing anti-virus software will help to prevent scammers from accessing your information by warning you of suspicious activity.
Have back-ups of files
It’s good practice to keep a back-up of your data in the event of an attack or unforeseen loss of memory on your system. This can take the form of cloud storage, portable hard drive or USB.
Identifying a possible malware attack
What to do if you’ve suffered a malware attack
The value of your identity
Your identity is of the utmost importance and should be carefully guarded. Whilst physical identity documents, such as your birth certificate, are more difficult for scammers to obtain, your ‘digital identity’ consists of various pieces of information about you such as your name, address, date of birth, driver’s licence number, passport number, bank details and other unique identifiers that can be used to impersonate you over the phone or internet for fraudulent and other criminal purposes.
Ways to protect your identity
Observe the below measures to help protect your personal information.
Review your social media settings
Check the privacy settings of your social media accounts and see who has access to your profile(s). You should avoid sharing personal information such as your whole date of birth (DD/MM/YYYY), email address and phone number. It’s also a good idea to have your settings on “private” and avoid accepting ‘friend requests’ from people you don’t know.
Protect your devices
Always run anti-virus, malware and spyware protection programs, use strong passwords and update them regularly. Avoid repeating the same password, especially banking passwords.
Never click suspicious links
If you suspect an email or text message you’ve received is malicious, never click an attached link.
If a website starts with “https”, you are being protected by a security protocol – always check for this.
Take care of documents with personal information
It’s always best to shred documents that you’re discarding to protect your personal information. Always be mindful of paper and electronic documents that have your details and be careful with where you leave them or who has access to them.
How to get your stolen identity back
Passwords are part of our everyday lives now. We use them to access our bank accounts, social media, email and more. That’s why protecting them is so important.
The tips below will help you continue to keep your passwords safe.
Use a variety of characters
If your password is all letters, though it might be easy for you to type and remember, it’s also easy to guess. Try to incorporate the following factors in your password:
Don’t use something obvious
Never use information that is easy to guess or accessible to criminals. Avoid the following:
Other general tips
The information provided in this document is general in nature and is not intended to be a comprehensive guide to cyber security. PEXA customers are responsible for the security of their own systems. You should not rely solely on the information in this document. If you are unsure of your obligations under the Participation Agreement between PEXA and your organisation, or if you are not satisfied that your systems are adequately secure, you should obtain professional advice.