Control access to your devices
Secure your devices against unauthorized access just like you protect your home against burglary.
Your presence and activity on the global network will always carry some risks. These, however, are not the same for every user – depending on the situation and several factors, you are more or less likely to be “singled out“ for an attack. Whether this attack succeeds, on the other hand, depends largely on yourself.
Effective defence against attacks (for example, when performing all activities related to shopping on Allegro) consists of several elements:
Your knowledge of how to defend yourself against attacks (how to react to strange-looking messages or unusual and surprising situations), not only after but also before the threat occurs (i.e. prevention).
Finally, your knowledge of where and to whom to report the above-mentioned suspicious situations to protect yourself and others in the future, or to minimise the negative effects if the damage is done already.
We want to focus in this article on a few selected, most popular best practices that can help you defend yourself effectively against threats and which, importantly, can be implemented by anyone. We will deliberately omit complex technical attacks, as defending against them often requires at least as much technical and programming knowledge.
Usually, until you become the victim of an attack, you only read or hear about attacks on others. The first step to successfully countering cybercriminals’ efforts is to understand and accept a simple fact – at some point, when you least expect it, they may turn their attention to you. The following tips can help you prepare for this eventuality.
Many attacks are only possible because we don’t keep a regular eye on the software and systems we use. If your computer or smartphone suggests automatically installing updates and upgrades, the best thing for most of us to do is just download and install them as soon as possible. It costs nothing and automatically eliminates many possibilities of attacks that exploit weaknesses in older software versions.
News of a big win in a competition (which you never entered) or of receiving an inheritance from descendants of a Nigerian princely family is likely to make most of us distrustful. However, scammers also use much more plausible scenarios: a phone call from a bogus consultant from the bank's helpline, an SMS message about the need to pay extra for a shipment already paid for, or an e-mail asking you to give your password to a "technical support team". Try to be critical of such situations and if in doubt, hang up, don’t reply to text messages and don’t send any sensitive data via electronic channels.
In addition to being well prepared in terms of the scam scenario, cybercriminals also use simple psychological tricks. One of their favourite ones is to create an atmosphere of time pressure, e.g.: "if you don't provide certain data, we will block your account" or "if you don't reply to the message and fill in the form within 2 hours, you will lose money". Always view such situations with a cool eye and remember: no self-respecting service, bank, or insurance company operates in this way – and all of them offer several channels of contact through which you can determine what the matter is actually about.
Many services (including Allegro, but also banks or social networking websites such as Facebook) offer additional security measures for logging into an account by means of an authentication component other than just a password. This is done either via one-time SMS codes, a dedicated mobile app, or other methods. Apply this approach to authentication whenever possible as it eliminates over 99% of account takeover attempts!
Adopt a policy of not giving out personal, financial, and any other sensitive data online unless it’s absolutely necessary. In this way, not only will you limit the likelihood of your accounts on the websites you frequent being taken over, but also protect yourself against situations where someone attempts a scam such as taking out a loan impersonating you! Remember that data and information that once finds itself online cannot always be removed effectively, quickly, and completely.
Many types of attacks and manipulation techniques are aimed at phishing for your access data. Remember to never, under any circumstances, share such data with anyone or disclose it – the moment it’s shared you lose control of it completely. Failing to follow this rule is particularly dangerous if you don’t manage your passwords systemically or use the same password in multiple places. You can use the website https://haveibeenpwned.com to check if your password or phone number have leaked – for passwords, it’s recommended to change them if the answer is positive.
Don't use the same password on more than one website – if hackers steal data from that site, it could mean your account is automatically taken over in other places, too. To remember many different passwords, don't write them down on pieces of paper – use free password managers, available for both computers and mobile devices.
Contrary to popular belief, it's not the complexity of the password that's the hardest thing to crack – the best protection for your password is its length. Avoid words from the dictionary, of course, or (if you want to use them) combine several of them in such a way as to create something unique. A good password can’t be fewer than 12 characters long, and ideally, it should have even more. By using different and good passwords, you don't have to change them often at all!
Many of us consider only links in e-mails to be dangerous. In fact, links in messages on social media, on specially crafted bogus websites or, for example, in text messages can be equally destructive. If a link arouses your suspicions, especially if it comes with other elements (e.g. persuasion, information about an alleged need for a rapid response or a supposed threat), don’t click on it under any circumstances!
It’s common practice for many users to access various websites by typing the name of the bank or other service they’re interested in into the search box (or address bar). Cybercriminals know how to manipulate the results of such searches through the use of special mechanisms, so it’s best and recommended practice to permanently bookmark essential websites in your browser. Aside from improving security, using them afterwards will be much quicker and more convenient!
There’s a common myth that a padlock next to a web address in your browser means that a website is automatically "safe". Nothing could be further from the truth! The padlock only means that communication with the website is encrypted – but it could still be an encrypted connection to a dangerous site, e.g. one impersonating a banking service and phishing for login details! Therefore, in addition to the padlock, pay attention to the address itself (especially its final part – the domain), the design of the page, or possible language errors. If in doubt, seek help from someone more experienced and don’t enter anything on such a suspicious site.