Basic password mistake that one in ten Aussies make with their social media and bank accounts – despite scams that robbed us of $200 million this year alone
- Aussies use favorite teams as passwords
- Many also use generic, easy to guess
- Experts warn that these habits invite hackers
Australians are making themselves vulnerable to hackers by using their favorite sports teams or easy-to-guess generic combinations for passwords, a study shows.
One in 10 adults admitted that they base their passwords for online banking and social media accounts on the sports sides they’re involved in, leaving an easy clue for hackers.
Another one in five admitted to using their pet’s name for passwords and 17 percent made it even easier to guess by using their own name, a nationwide survey conducted by YouGov for Telstra found Tuesday.
Another 10 percent of respondents admitted that they don’t even personalize their passwords to that extent, relying instead on common generic combinations like “password, 123abc” or “123456.”
Australians are taking a risk by using their favorite sports teams to base passwords on, security experts say (pictured Collingwood fans at an AFL game earlier this year)
Another particularly concerning cybersecurity habit is that nearly 80 percent of Aussies use the same password for multiple online accounts.
“Your password is the first line of defense when it comes to your online security, so don’t make it easy for scammers to target you,” a Telstra spokesperson told Nine News.
“Criminals are ruthless and are exploiting the tendency of Australians to use the same password for multiple accounts.”
Telstra advises that the most secure but still easy to remember passwords often contain sentences with some capital letters or special characters.
Australians have lost an estimated $194 million so far this year to hackers and online scams
It is estimated that Australians have already lost $194 million this year to hackers and online scams.
Following last October’s Optus security breach, which exposed the personal and identifying data of 11 million Australians to cybercriminals, technology futurist Shara Evans warned that Australia is an easy target for international hackers.
She said many may not realize that the most sensitive piece of personal information hackers look for is a date of birth.
Once that falls into the hands of malicious parties, it can be stored for years before being used with malicious intent.
“If your date of birth is compromised, you’re a victim of identity theft – period,” Ms Evans said.
“Once your data is compromised, it often takes years for someone to do something to you, so you have to be vigilant for the rest of your life.”
A hacker who possesses a date of birth and other personal information can open credit in the victim’s name at any time.
Technology futurist Shara Evans has identified some of the weaknesses in Australians’ online behavior that make the country very vulnerable to cybercriminals
“I’d never know about it – unless I subscribed to an ID/credit alert service,” said Ms Evans.
“Once your date of birth is gone, the only thing you can do to fix it is die.”
Mr Phair said cyber threats are only increasing.
“People need to be hyper-vigilant online,” he said.
“The length and breadth of scam accounts is astonishing.”
Shara’s 10 tips for staying safe online
Shara Evans is a technology futurist and online safety expert. Here are her tips to protect you from hackers
1. Provide basic IT security on devices including antivirus, malware checkers, ransomware checkers, VPN, firewalls.
2. Use different passwords for each website and app. Make them long and complex – uppercase plus lowercase letters, numbers, special characters. Store your passwords in an encrypted password vault.
3. Use two-factor authentication where possible (ie: logging into a secure banking portal requires you to provide an authentication code sent to you via SMS or email or requires a SecureID token number).
4. Use multiple email addresses. If you own a domain, you can easily set up an email alias (“forwarder”) that names a specific site or type of activity. If it’s compromised, you can disable an email alias address without affecting anything you do. And it will help you identify the source of the leak.
5. Check your credit reports for signs of fraudulent activity – or misinformation.
6. Enroll in a credit/ID protection plan and set up credit report bans if you have reason to suspect that your ID has been compromised.
7. NEVER click on text or email hyperlinks that you are not sure are legitimate. Many people get into trouble this way. You can check a compressed link by copying it and entering it into the search bar to see what comes up. If it’s malware, you may see a notification. At the very least, check if the source domain seems suspicious, in which case don’t click on it!
8. When uploading sensitive information to a website portal, check for the lock icon (https). This means that your data is encrypted ‘in transit’ when it is uploaded to the website. Business cybersecurity practices vary widely.
9. If someone calls you and says they are from company X, NEVER give them any information unless you know them and are already expecting a call from a specific phone number or person.
10. NEVER publish your date of birth online! If you have it on social media, DELETE it now. Unless you are conducting an official financial transaction, there are very few good reasons for a party to know your real date of birth, let alone record it.
Source: Shara Evans