Keep an eye on your inbox
Almost every week seems to bring news of a cyber-attack on a company, or organisation, and fears over what personal data the hackers have managed to get hold of.
Last month, the footwear and sports apparel company Adidas revealed that some of its customers’ personal information had been stolen, although it said passwords, credit card and other payment data were not compromised.
In another incident, the personal data of hundreds of thousands of legal aid applicants in England and Wales dating back to 2010 was accessed. And these came hard on the heels of cyber-attacks that caused huge disruption at Marks & Spencer and the Co-op.
If a news story emerges about a cyber incident, and it is a company or organisation that you use, or have used in the past, keep an eye out for an email from it. Affected companies will usually contact customers to give them more information about what happened and what they should do.
Sometimes it will be a certain category of customer who has had their data stolen, or only people in certain countries.
In the case of Adidas, it appears to be those who have contacted the customer service helpdesk in the past, which will rule out a lot of people. Sometimes, the email will bring good news and say you are not one of those affected.
If your data has potentially been accessed, there will usually be some information on action you should take, or a link to a “frequently asked questions” page. In some cases, you may be offered free access to a support service run by a cybersecurity company, or credit reference agency.
Change your password
If you have had any dealings with a company or organisation that has suffered a cyber-attack, change the password you use for that website, or app, immediately.
Always make sure you have strong passwords, and do not use the same one on more than one account.
The general advice is make each password at least 12 characters long and use a combination of numbers, upper- and lower-case letters, and symbols. Avoid things that are easily guessed or can be found online, such as your pet’s name, your birthday or favourite sports team.
“A good way to make your password difficult to crack is by combining three random words to create one,” says the UK’s National Cyber Security Centre. It gives as an example something like Hippo!PizzaRocket1.
“Consider using a password manager to generate and store strong, unique passwords,” says the online security company NordVPN.
Use two-step authentication
Two-step authentication is something you can set up for your email and other important online accounts to add an extra layer of security.
It involves providing something that only you should have access to – typically it will be code generated by an authenticator app or sent to your phone you have registered with the organisation.
Turn two-step authentication on for every service that offers it.
Beware unsolicited emails
Phishing emails used by fraudsters will often reference a cyber-attack that has been in the news to try to hook people in who are customers or users of that company or organisation.
Sometimes fraudsters will have personal information which they obtained via an incident, or other means, which can make them sound more authentic.
Do not click on a link or attachment in an email, text message or social media post unless you are absolutely sure it is legitimate. It could take you to a fake website or contain malware designed to steal your personal information.
M&S has told potentially affected customers that “you might receive emails, calls or texts claiming to be from M&S when they are not, so do be cautious”. It added: “Remember that we will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password.”
If someone says they are from a company or organisation you use, and you cannot be 100% sure who you are dealing with, ignore the email, or hang up and find the official contact details if you want to check with it.
Monitor your credit record
If your personal data has been stolen, it is worth keeping tabs on your credit record (the detailed file of your financial history used by lenders to assess your creditworthiness) in case fraudsters attempt to take out loans or other products in your name.
For example, if your employer has been hit by a cyber-attack, the data that may have been accessed could include your name, address, national insurance number, date of birth, bank account, salary and, sometimes, identity documents such as your passport.
There is the potential for this type of information to be combined and used to commit identity fraud.
The UK’s main credit reference agencies are Equifax, Experian and TransUnion, and you can access your credit report in different ways – some free, some paid-for.
Credit Karma and ClearScore offer access to your credit report free for life.
Experian offers Identity Plus, which will monitor your personal, financial and credit information and alert you if it detects any suspicious activity. It is a paid-for service, but the cost may be covered for you by an organisation if data you hold with it has been stolen.
If you are turned down for a financial product, such as a credit card or loan, despite having a good credit rating, or you stop receiving statements from your bank for no reason, it could be a sign someone has been using your identity.
Other, more obvious signs are if you start to get letters relating to debts that are not yours, or your bank statement mentions an item you have not bought.
Take care on social media
Most financial and shopping scams start on social media and tech platforms, say banks. Again, be wary, as fraudsters may have obtained details about you that they can use to convince you that you are having a conversation with someone you know.
There has been a rise in recent years in so-called “Hi Mum” scams, in which fraudsters pose as loved ones on services such as WhatsApp. Someone might get in touch pretending to be a family member and saying they need cash quickly to pay a bill because they have been locked out of their online banking after getting a new phone.
Do not rush into transferring money, even if you are told it is urgent. Take time and check that you are really in touch with a relative or friend.
Opt out of registering
When shopping online, retailers often offer to store your payment card details for a faster checkout next time (sometimes you have to untick a box to prevent this from happening automatically). In some cases, by agreeing to this, you are giving permission for your details to be stored by a third party rather than the company you are buying from.
There is less chance someone will be able to fraudulently obtain your card details if you do not allow them to be stored on more retailers’ systems than is necessary – even if it means it takes slightly longer to buy your items next time you use the site.
