Cyber safety: do you know how to protect yourself from fraud?
You’re about to renovate your home. You’ve talked about the project with a contractor over several emails, and you’re anxious to get this thing off the ground. Soon enough, the contractor pops up in your inbox again, this time advising you that there’s been a cancelation and you can get started earlier than expected. As per your initial agreement, the service provider asks you to front a portion of the funds to procure supplies. You transfer the money as requested. Days go by and the contractor never shows. You contact the business and you’re totally flabbergasted by the response—the contractor’s email address had been hacked, it was a scam. This unfortunate event, which was widely covered in the media, is the true story of a woman living in Bristol, England. Every year, millions of people are scammed online in all kinds of ways, some of which are sophisticated enough to fool even the shrewdest among us. In many cases, banks and law enforcement find themselves unable to help victims get their money back. Beyond fiscal damages, there are health risks to consider as well, given that these crimes can trigger their fair share of anxiety and frustration. So it’s best to be careful when sending confidential information online, or when making any kind of financial transaction for that matter. Here are some quick tips that could end up saving you from a whole lot of fuss. Back to basics As a refresher, here are some basic rules to follow. Learn how to create secure passwords here. For your personal computer, it’s recommended that you install antivirus software and keep it updated. You can download antivirus software for free online. Don’t shy away from asking an expert to help you make the right decision for you. Also, make sure that you’re on a trusted site when you’re entering your personal information or making transfers online. Double-check the URL in the address bar to make sure that it’s legit. Ideally, you’d visit a trusted site by typing in the URL yourself or via your favourites, as opposed to clicking a link contained in your email or on a webpage. If you’re not sure whether a site or an email is the real deal, make a phone call to the person or organization you’re dealing with so you can have peace of mind. Remember—it’s relatively quick and easy for scammers to generate fake sites that are identical to their official versions. So stay on alert, and if you have any doubts, trust your gut and don’t go any further. Another item to check—make sure that the closed padlock icon (or the full key icon) is displayed next to the URL of the site you’re visiting so you know that the communication between the site and your browser is encrypted, and therefore secure (the URL will begin with https). Lastly, share your personal information (driver’s license number, birthday, and so on) only when absolutely necessary, especially over email and social media. Giving away this kind of info can make the work of scammers much easier later, when they use it for fraud or even identity theft. Regarding the latter, the consequences for the victim can be long and drawn out, including financial losses and a negatively effected credit report. Then there are all the corrective measures they’ll have to undertake with various institutions, and the stress associated with all that. Incidentally, the quizzes going around social media, which on the surface appear harmless, are an excellent means of collecting personal information if you’re a fraudster. Remember that financial institutions will never ask for your personal information via email. Lastly, it’s recommended that you be careful when using a public Wi-Fi connection. It’s easy for a hacker to create wireless access points to steal your personal information or infect your computer with a virus. Keep yourself cyber safe by only using trusted Wi-Fi connections that are password protected. When it’s too good to be true... One of the basic rules of the road when it comes to reducing your risk of being scammed is: when it seems too good to be true, get out! 419 scams are some of the most notorious scams on the web. Just take the Nigerian prince scam for example, where a prince offers to share a large inheritance with the victim in exchange for a few thousand dollars so he can flee the country. Don’t think anyone’s foolish enough to fall for it? Well they are. Every year, several variations on this scam cost web users around the world billions of dollars. There are even sites out there that catalogue some of the most infamous ones. When you’re offered a prize and you haven’t entered a contest, when someone wants to give you something for free or return an overpayment for an online purchase—watch out. If you think you’ve been the victim of fraud, please report the incident as soon as possible to the Canadian Anti-Fraud Centre (CAFC), even if that means swallowing your pride…Top 7 password managers
Nowadays, having too many accounts and too many passwords to keep track of is a universal problem. As a result, people have adopted a poor habit: using the same password every time to make it easier to remember. Using a password manager is a far better option. The idea is to enter all your identifiers into a highly secure database (think a digital safe). There are two password manager categories: local and cloud based. Local managers Local password managers like KeePassXC and PasswordSafe offer you complete control over your data. They are free, open source, and don’t require an Internet connection. A modern, multiplatform version of KeePass, KeePassXC is recommended for its compatibility with Windows, macOS, and Linux. These tools are ideal for advanced users who want to store their passwords locally, without having to rely on the cloud. Reliability and security of the source code KeePassXC, like KeePass, from which it is derived, is an open-source software. Its source code is accessible publicly, and security experts can audit it. In fact, the KeePass manager for Windows was audited by the European Commission EU-FOSSA project in 2016, and no critical vulnerabilities were detected. This helps guarantee that the source code is exempt of any major faults or backdoors. There are several KeePass clones and derivatives on Windows, Linus, iOS, and Android platforms. Using only official versions, such as KeePassXC, is crucial, as they are actively monitored and regularly updated. This provides better security and greater compatibility. Cloud-based managers Cloud-based password managers keep your password database on the cloud. These managers constitute an interesting compromise between user-friendliness and security. When properly implemented, they are considered safe and offer many benefits: Compatibility with all modern browsers Synchronization of your passwords on all your devices, accessible at all times Possibility of sharing certain passwords with other users (spouse, children, colleagues, etc.) Monitoring of accesses to your account, defining of trusted devices and, occasionally, an emergency contact should an unexpected situation arise Advanced features, such as detection of compromised passwords or dark-web monitoring in the case of certain managers Of all the recommended options, some should, however, be avoided. To avoid: LastPass Although LastPass has long been a key player in the password manager sector, several security incidents that occurred in 2022 have compromised the trust of users and experts alike. Despite efforts to reinforce the security of LastPass, some breaches have had significant repercussions, such as hacking of encrypted data and digital assets. For this reason, we recommend choosing more robust and transparent solutions, like Bitwarden, 1Password, Dashlane, or NordPass. Can the provider access my passwords? The provider cannot read your database, as it is encrypted and unreadable without your master password–whether stored locally or in the cloud. All encryption and decryption operations are carried out locally on your device, and your master password is in no way transmitted to the provider. If the technology is properly implemented according to the best industry-standard encryption and security practices, it is impossible for the provider—and a potential hacker—to decrypt your passwords without your master password. That’s why it’s crucial that you choose a reputable, transparent, and independently audited manager. Essential tips Here are a few habits to adopt to maximize the security of your passwords: Use a long (15-character-or-more), unique master password : A robust master password is the cornerstone of your security. A passphrase: a memorable sequence of at least four words (with or without spaces). A complex password: composed of uppercase and lowercase letters, numbers, and special characters. Enable two-factor authentication (2FA) : This provides added security, even if your password is compromised. Never reuse your passwords : If a password is compromised on one site, all other accounts using the same password are at risk. Keep an eye out for data leaks and change any password that has been compromised : Certain managers automatically alert you if one of your passwords appears in a data leak. Use a reputable, transparent manager : Check the provider’s security audits, confidentiality policy, and reputation. Keep your master password in a safe place : If you lose it, you could lose access to all your passwords. Avoid saving your passwords in your browser : The security offered by specialized managers is far more superior than that of browsers. Comparison charts Here is a comparison chart of the main solutions, to help you choose the one that best suits your needs. Note that some free password managers may limit the number of passwords you can store. We divided the managers into two categories: local solutions, for complete control of your data, and cloud-based solutions, for simplified synching. Comparison of local password managers Manager Cost Platforms Encryption Secure sharing User friendliness KeePassXC $0 Windows, macOS, Linux AES-256 Via third parties Average to good PasswordSafe $0 Windows Blowfish/Twofish Not integrated Basic Comparison of cloud-based password managers Manager Cost Platforms Encryption Secure sharing User friendliness Bitwarden Free to $56/year Windows, macOS, Linux, Android, iOS AES-256 Yes Good 1Password $3.75 – $5.99/month All platforms AES-256 Yes Excellent Dashlane $0 – $10/month All platforms AES-256 Yes Very good NordPass $0 – $4.59/month All platforms XChaCha20 Yes Good Proton Pass $0 – $12.49/month All platforms XChaCha20 Yes Good
