It’s hard to trust anything that comes to us via email, phone or text. After a trip to Florida with a rental car, EZPass kindly texted me to let me know that I owed tolls. It sounded legit. It wasn’t.
I’ve since read more about this one. Someone pretending to be EZPass texts to say we owe $1.20, or some amount that is small enough to fly under our radar. We put in our bank or credit card info and get on with our lives. Before we know it, our account is empty or our card is overdrawn.
Protect Yourself
Unfortunately, I get many of my bills via email, and I now get my property tax and water/sewer bills via text. And even the mail is suspect. Apologies to Cliff Clavin, but can we really trust bills that come in the mail?
We need to protect ourselves. Let’s look at some easy (or at least not too painful) ways to do that.
Don’t Answer
Phishing has been a popular method of attack for years. The reason why it’s lasted so long is because it is incredibly effective. Here’s how it works.
I buy an email list. I can buy one legitimately through a data broker for “marketing” purposes, or I can buy one on the dark web. The National Public Data breach exposed over 3 billion email addresses. That’s a great place to start.
I don’t need 3 billion, a million or 2 is a good start. I get my 2 million addresses and I use a simple script to email everyone on the list. If I get a .001% response rate, that’s 20 people. A response is a home run. I know it’s a real person, and I know they are willing to engage.
I heard a story from a man who responded angrily that the email was a scam and stop contacting him. He got a nice apology and a gift card. Not long after, he was a victim of identity theft.
Don’t respond!
It’s Hard
While we can ignore an email or text, or let a call go to VM, this can be a pain. I’ve had instances where I let a call from Home Depot (regarding a legitimate refund request) go to VM. I had to call back the 800#, navigate a dozen or so prompts and sit in the queue for 10 minutes to get back to a person.
It would have been so much easier to pick up.
But I’ve also been caught off-guard by a scammer who claimed he was holding my brother at gunpoint. I’d much rather call back a few times than go through the gunpoint episode again.
I spent a while volunteering on a scam prevention hotline. Most people I dealt with were very intelligent people who had been caught off-guard at a weak moment.
Autopay
I know a few people who are hesitant to use autopay. They don’t like entering their bank account or credit card info into a company’s system and allowing them to take payments. I get it. It worries me too.
But I think the alternatives are now worse. First off, I go to my cell phone, cable company, electric company…website and enter my info. I’m pretty confident that I’m giving this info to the right people. Could they be careless with it – sure…We’ll talk about that in a sec.
I would rather control adding my payment info and then monitoring monthly transactions than use other methods. Mailing a check isn’t safe. There are lots of examples of scammers getting a hold of checks and cleaning out bank accounts.
AutoPay Mitigations
I’m not totally comfortable, so I check my statements regularly. I also set up alerts for international transactions or any transaction over $100.
But I’m also prepared to close accounts if necessary.
Most importantly, I keep a list of all my autopay bills and the account they are paid from. If I need to, I can easily close an account and open a new one. These days, this can be done in about 5 minute online. And since I have a list of all the bills attached to each autopay account, I can go to each website and change to the new account easily.
Password Manager
Most of you will ignore me, but please, please, please consider a password manager. Mine costs about $35 per year.
When I go to a website that has a login box, I see this
My password manager knows my logon and password for this site so it either fills it, or in this case where I have 2 logins for Yahoo, it asks which one to prefill.
When I’m creating a new account, my password manager recognizes this and asks me to create a new strong password.
Boy, I’ll never remember that password, right? Well that’s the point. You’ll never have to. Whether you’re on your phone, tablet, computer laptop, mac, windows, android, ios, whatever, your password manager will enter it for you.
In addition to storing ids and passwords, I add a tag to show which of my logins are associated with my credit card or autopay accounts. This way it is super-easy to change them if I need to cancel a card or account.
A couple of pieces of advice:
- You get what you pay for. I’m not sure I’d trust a free password manager
- Make sure you have a great password for your password manager. Mine is 22 characters. I type it fairly often so I remember it, and I have a back-up copy written and hidden.
- Many offer free trials – try it, can’t hurt
Hide My Email
I believe I read that gmail will have this soon, but for now I think it is limited to icloud email users.
Hide my email requires an icloud subscription plan. Mine is 99 cents per month.
On any website that asks for an email, my safari browser (on mac, iphone or ipad) will ask if I want to use my email or create a new email, or in this case, where I’ve already created an email for this website, it asks if I want to use that one.
I have over 150 hide my email addresses. Apple makes up the name for me and remembers it and remembers the site or sites associated with it. Emails sent to this address are forwarded to my main email address. If something is sent to vantage-08.fleets, I can respond from that email (protects my main email address). But best of all, if I start to get spam, I can de-link this address from my main email. No more spam.
Virtual Private Network (VPN)
My VPN costs me about $100 per year.
It does a few things for me.
It hides my location. Ever notice when you go to Home Depot, it asks to use your location and then it knows what store you should shop at? Websites gather a frightening amount of data from us – much of it without asking. And they also know exactly where we are.
When I use a VPN and I type in Homedepot.com in my browser, that request goes to one of the VPN’s servers. And from there, the VPN server contacts home depot on my behalf. Home depot never knows I exist.
I am currently connected to my VPN’s server in Canada.
As far as anyone knows, I’m in Vancouver. And that’s not my IP address. That’s the address of the VPN server.
A VPN also encrypts traffic. Think of it like a tunnel. My info travels to the VPN and then off to whatever site I’m accessing, and the data is anonymized, but is also protected from snooping eyes.
My VPN also has an ad blocker which prevents ads from showing. That’s pretty cool too.
Private Relay
For those who use Apple products, you can turn on private relay for free. It’s in settings/icloud
Mine is off because it is not compatible with my VPN.
Private Relay sends my Safari browser requests through 2 Apple-related servers, and then on to Home depot. One server knows who I am but not the site I’m going to. The 2nd doesn’t know me, but knows the site the request is going to. I’m hidden.
Similar to a VPN, except it only works on safari and it does not encrypt.
But it is free.
Wrap Up
I’m not exaggerating. We are under attack. The internet has proven quite lucrative for criminals. There are lots of creative people coming up with new ways to separate us from our money.
The first step is making contact. If we don’t respond, they can’t get to steps 2,3…. After making contact comes building rapport, and then we’re toast.
But these are some simple steps that I use to help keep safe.
Nice article. I used to not worry about being hacked because I am only one of the herd – what are the odds they’d pick me? But hacker technology has advanced and more scumbags are looking for a quick buck so it seems there’s a reasonable chance we’ll all get hacked if we aren’t cautious and diligent. I agree, it’s a reality we need to address.