Hacking. Ransomware. Phishing. It’s a scary time for all of us, especially now that most of our money is digital. ‘Digital’ here refers to money and assets that are reflected in your various banking and investment platforms when you log in.
Digital security is not something you can ignore anymore, dear readers. Imagine logging in one day and finding that your account balance is zero, depleted, transferred out. You’ll stare at the screen in disbelief. You’ll check if the account is indeed yours, and try to remember if you made any transactions that you forgot about (you didn’t). Then, as the panic seeps in, you’ll contact the platform’s support team, only to be told that there is nothing they can do.
To the best of my ability, I’m compiling a checklist of things you should do to make sure your digital money is adequately protected. This article is not complete, digital-based scams evolve all the time, so please help me to update this article if you have anything else to add.
Checklist #1 – Your emails
Emails can be weak links; once infiltrated, the hacker can look through and find your sensitive information, which are then used to hack your banking and investment platforms. You don’t want that to happen.
Do the following:
- Check if your emails have been compromised by data breaches (when big platforms were hacked and users’ data were leaked). Go to HaveIBeenPwned and type in your email addresses. If your emails were compromised, change the passwords immediately
- Delete and unsubscribe from all accounts you no longer want, even for entertainment and shopping websites. Go to unroll.me to quickly unsubscribe from email listings.
- Use a damn strong password and a different one for each account. If have not used a password manager, it’s time to use it – it’ll keep your passwords and can help you generate strong ones. There are many free and paid options. Free ones are enough imho, some good ones are recommended here.
- Be on high alert for phishing attempts. They are official-looking emails that imitate legitimate platforms (like Paypal, for example) and ask you to access your account via their link. Scammers use it to collect your login details.
Checklist #2 – Your banking and investment accounts
They should have multiple layers of security. Ideally, if someone (touchwood) even managed to get access to these accounts, there should be measures in place to stop them from transferring out money, or at least inform you about it. For Maybank for example, they use TAC (the 6-digit code sent to your phones). Some platforms also have other measures like mandatory email confirmations before completing transfer and 2FA (two-factor authentication).
Do the following:
- Https, always. Always check. It takes you two seconds.
- The spelling of the website matters. If it’s Mabank instead of Maybank (example), it could be an imitation website designed to steal your login details.
- Never keep your passwords or PIN numbers in writing. Not in notebooks, not in emails, not anywhere. Remember them. Some services will give you on-request PINs via emails – delete them after using.
- Use 2FA whenever possible. Two-factor authentication is similar to TAC numbers. You can activate it for some websites and emails as well. I recommend Authy.
- Again, use damn strong passwords. Use password generators and password managers.
Checklist #3 – Your computers and gadgets
Do the following:
- Update to the latest software and security patches, especially if you use Windows platform. Outdated ones might not protect you against newer, more sophisticated hacking attempts.
- Use Mac/Apple products if you can afford it. The reasoning is simple – the majority of the population uses Windows platform, so there are more attempts there. It doesn’t protect you per say, but will reduce the chances.
- Back up your data often. Use Google Drive or other cloud storage to keep important documents you don’t want to lose. Alternatively, keep data in external hard disks. If you were hacked, at least you are not forced to pay the hackers to get back your data.
- Perform anti-virus often. To delete malware and viruses.
- Cover your gadget’s cameras when not in use. There are instances where users’ gadget got hacked and recorded them in uncompromising situations, then they are blackmailed for money. Even smart gadgets like TV can be hacked. Just put a sticky tape on them to avoid this.
Checklist #4 – Yourself
Because human error happens and no amount of advanced digital security knowledge can protect you against it, except extreme vigilance and preventative actions. This checklist is important, because if it’s your error, most of the time there is nothing authorities can do about it. Its hard if not impossible to recover your money.
Do the following:
- Don’t make enemies. No matter how much you protect yourself, if a hacker is determined to target you, they will.
- Be extra careful of people who ask for sensitive info via phone. They can pose as bank staff or Bank Negara Malaysia staff or whatever. Listen for cues, say thanks, and tell them that you’ll call them back through the official line (which you’ll get from the official website, don’t call them back on the same line). If they panic, they’re probably not legit.
- Be skeptical of ‘do this now or else’ type of instructions. Often, the scammers will persuade you to act fast (give them login info, sensitive info, etc) to stop you from double-checking. They will say your account is frozen, or someone is in danger, or whatever.
- Please read up on investment scams. If you can identify and avoid them, you’ll win half the battle. Related: How to spot investment that are actually investment scams
Take half a day to just sort all these digital security thing out. I’m dead serious about this. I hope with the above checklist, your money will be safer from now. Do assist your technologically-challenged family and friends, too. These things are easier for tech natives but not so much with them. Help them to reduce their risks.