Passwords need to be one in a million

Even with the global economy running into another brick wall, top financial news coverage is about the ingenious ways criminals find to profit from cyber-fraud. Communication between solicitors and those buying property is the latest growth area, partly due to the size of losses. This involves emails being hacked and solicitors claim the failure is not on their side.

Criminals send an email, apparently from the solicitor, saying money should go to a different account than the one a person was originally told. They act on that, only realising they’ve been conned when the solicitor asks why the funds have not been transferred. By then the money’s gone and is not covered by banks or Law Society protection, because the person who lost the money made the transfer.

The advice now is to view emails as a risky source of instructions. You could transfer a small amount, check it’s arrived by phone, then transfer the rest. Given the sums involved, however, you might be happier getting a bank draft and delivering it to the solicitor. This is more expensive, as you have to pay for the draft, but once you’ve handed it across you’re covered by the solicitor’s insurance and rules about how they handle clients’ funds.

The ability of banks to transfer funds in seconds has created opportunities for criminals. Banks are quick to wash their hands of responsibility, but allowing fraudsters to access our financial details is largely down to us, and our tendency to trade security for ease when shopping or banking online.

The first step to fraud prevention is to make sure your virus and firewall protection’s sound. It doesn’t have to be expensive; those available free can be just as good, but whatever the system it must be kept up-to-date. It’s also important not to turn it off because it’s slowing down what we’re trying to do, since that slowing down is protection. It’s also worth using a malware programme, available free online, to perform another level of checks.

Is then up to us to thwart criminals at the second level of protection, by using good passwords. We all like simple passwords, but research shows 98.8% of people have a password from a list of 10,000 used globally. Advisers say protection comes from using a password that’s not in the top million rather than that 10,000.

The most common fault is using a variation of a password for everything, including social media. The same applies to online shopping. Once they secure email addresses hackers use software that runs it against that 10,000-password list. This sounds a big task, but it only takes seconds. Sites don’t store passwords, which are encrypted, but hackers profit from our inertia of using common name and number variations. Once criminals have the password, the encryption on the website is irrelevant as protection.

The advice is to use 14-character password combinations of upper and lower case letters, symbols and numbers. Ideally, particularly for banks or shopping where credit card details are given, don’t use dictionary words. Use a different combination for each site and write them down, rather than storing them on your computer. If you do store them on your computer, consider a file protected by an encryption programme, such as Cryptainer, which is free online.

Some people are now going so far as to advocate a stand-alone bank account and separate credit card for online purchases. This might sound like over-kill, but the way things are going the efforts we make to protect ourselves will never be too much to keep us safe from increasingly resourceful cyber-criminals, often operating outside the UK.

Get Our E-Newsletter - breaking news to your in-box twice a week
Will be used in accordance with our Privacy Policy

About The Author