Whether or not you celebrate Christmas, you might be taking some well-earned time off to see your family soon. At Tall Poppy HQ, we’re all looking forward to catching up with everyone, but we’re also going to dedicate a little time to help our family be safer online.
We know it’s not very festive, but with the recent holiday spike in scams and fraud, it’s worth it to take the time to speak to the less computer-savvy members of your family about how to stay safer from scams and fraud.
If your loved ones have been on social media long enough, they’ve probably seen someone they know deal with a hack. They may recall times when someone used the account of someone they know to post fake ads or send scammy messages. And if they’ve seen it happen to others, they may already be worried about whether it could happen to them. You can help them safeguard their accounts by making sure they’re using strong passwords everywhere and getting them set up with 2-factor authentication (2FA).
The number one way attackers get control of accounts is by taking advantage of reused passwords. If one of your loved ones uses the same password with multiple accounts and that password is exposed in a data breach, an attacker could try what’s called a “password stuffing” attack. In these attacks, the attacker will try your loved one’s exposed password on any of your loved one’s accounts they can find.
In general, we recommend using a password manager like 1Password or Bitwarden to help you store your passwords. These tools are a great option if your loved one is tech savvy, but we know they can be confusing or intimidating, especially for elderly loved ones. For them, a good option is a passphrase generator paired with a password notebook stored in a secure location. A passphrase generator will help your loved one come up with unique but easy to type passwords, and writing those passphrases down in a password notebook will help them remember them. There are all kinds of special notebooks for recording passwords that can make a great last minute holiday gift, but a regular notebook works well. Then all they need to worry about is keeping their notebook in a safe place.
We think this passcode generator from 1Password or this one from Bitwarden are easy to use. Make sure to show your loved one how to switch the type to “Memorable Password” on 1Password’s generator or “Passcode” on Bitwarden’s generator. And finally, make sure your loved one has the site you show them bookmarked so they can find it later on their own.
If you’re still feeling energetic and your loved one hasn’t made their excuses yet, you can help them set up 2FA. If they have a mobile phone, they’re probably already familiar with receiving text messages with 2FA codes that they need to enter to finish logging in. While it’s true that authenticator apps or hardware security keys are safer 2FA options, if your loved one is already familiar with SMS-based 2FA, it might be less confusing for them to continue using it rather than switching to a new system.
If you can, make sure your loved one uses a strong, unique password and 2FA on their most important accounts, like their main email, their favorite social media sites, and any financial services they use.
Dramatic scams targeting grandparents like “virtual kidnappings” have been in the news lately, but we’ve seen a number of lower-profile attacks on the rise this year. These scams use social engineering to appeal to our good natures or to pressure us by making us feel stressed out or afraid. The two scams we mention below are popular examples of these more sophisticated scams.
While attackers usually take over accounts using a reused password, they can also take advantage of account recovery systems. First, the attacker will request a password reset on your account, triggering the service (such as Instagram) to send you a text message or email with a reset link or code. Then they will contact you pretending to be a friend or someone you know (whose account they’ve already stolen). The attacker, posing as your friend, will ask you to send them a screenshot of a text message containing a code or a link. Then, they’ll use that information to break into your account – the code you’ve just sent them is as useful to them as if you’d sent them your password itself.
Although it sounds complicated, we’ve seen this kind of scheme used many times in the past year. You can help your loved one learn how to recognize attacks and avoid like this one. The key thing they need to know is that account codes and reset links should be treated as carefully as their own passwords.
Emphasize to your loved one that attackers take advantage of the good things about us, like our willingness to help our friends and loved ones. They shouldn’t ever share a screenshot of a text message with anyone or click a link in a text message, even if a friend asks them to — it could help an attacker who’s pretending to be someone your loved one knows. If they ever have doubts about a request, go old-school: give the friend or loved one a phone call.
The name is creepy, but the scam is big money. Pig butchering scams – a mix of romance scam and cryptocurrency investment scam – have become much more common in the last 18 months. Back in September, we were horrified to learn about the connection between these scams and human trafficking.
This scam usually starts out with a “wrong number” text message. The scammer will pretend to accidentally send a message to the wrong number through text or a chat app like WhatsApp; we’ve started to see it on Signal as well. When their target replies letting them know they’ve got the wrong number, the scammer draws their target in to a conversation to win their trust. Over the course of months, the scammer will build rapport with the victim, eventually offering them a “great investing opportunity” that will rope them into the high-dollar scam. Some victims have lost millions of dollars.
By informing your loved ones of this scam’s existence, and teaching them to avoid engaging with “wrong number” texts, you’ll protect them against this expensive con.
There are many more scams we could talk about. Specific scams even vary in popularity by region. Unfortunately, new scams emerge all the time: as soon as everyone becomes vigilant against a specific scam, a new scam takes its place.
One great way to help your loved ones stay on top of emerging scams is by signing them up for the AARP’s newsletter about scams – they have a weekly podcast as well. Here are come additional resources:
These scams don’t only target Americans. Canadians can check out the Canadian Anti-Fraud Center. For international resources, check out the Global Anti-Scam Alliance.
We know helping others with their digital safety can be tiring and stressful, especially at this time of year. We like to spread our digital safety conversations out over multiple days and many cups of tea so we can spend most of the time enjoying the company of our loved ones.
We wish you a restful, festive, and safe holiday season. See you in the new year!
Protect your team from online harassment, fraud and social engineering.Get in touch today