Basic password mistake one in 10 Aussies is making with their social media and bank accounts – despite scams robbing us of $200million this year alone
- Aussies using favourite teams as passwords
- Many also using generic easily guessed ones
- Experts warn these habits invite in hackers
Australians are leaving themselves vulnerable to hackers by using their favourite sporting teams or easily guessed generic combinations for passwords, a survey shows.
One in 10 adults admitted to basing their passwords for online banking and social media accounts on the sporting sides they barrack for, which leaves an easy clue for hackers.
Another one-in-five admitted to using their pet’s name for passwords and 17 per cent made it an even easier guess by using their own name, a nationwide survey conducted by YouGov for Telstra revealed on Tuesday.
Another 10 per cent of respondents admitted they don’t even personalise their passwords to that extent, relying instead on common generic combinations such as ‘password, 123abc’ or ‘123456’.
Australians are taking a risk by using their favourite sporting teams to base passwords on, security experts say (pictured Collingwood fans at an AFL match earlier this year)
Another particularly concerning cyber security habit is that almost 80 per cent of Aussies use the same password for multiple online accounts.
‘Your password is the first line of defence when it comes to your online safety so don’t make it easy for scammers to make you a target,’ a Telstra spokesperson told Nine News.
‘Criminals are relentless and will exploit Australians’ tendency to use the same password across multiple accounts.’
Telstra advises that the most secure but still easy-to-remember passwords often contain phrases with some capitals or special characters.
Australians are estimated to have lost $194million to hackers and online scams so far this year
Already Australians are estimated to have lost $194million to hackers and online scams this year.
Following last October’s Optus security breach that exposed the personal and identifying details of 11million Australians to cyber criminals, technology futurist Shara Evans warned Australia is an easy target for international hackers.
She said many might not realise the most sensitive piece of personal information sought by hackers is a date of birth.
Once that falls into malicious hands it could be kept for years before being deployed for malicious intent.
‘If your date of birth is compromised you are subject to identity theft – full stop,’ Ms Evans said.
‘Once your data is compromised it often takes years before someone does something to you, so you need to be vigilant for the rest of your life.’
A hacker possessing a birth date and other personal information could at any time open up credit in the name of their victim.
Technology futurist Shara Evans has identified some of the weaknesses in Australians’ online behaviour that make the country very vulnerable to cyber-criminals
‘I would never know about it – unless I subscribed to an ID/credit alert service,’ Ms Ms Evans said.
‘Once your birth date is gone the only thing you can do to repair it is die.’
Mr Phair said cyber threats were only multiplying.
‘People need to be hyper-vigilant online,’ he said.
‘The length and breadth of scam accounts is amazing.’
Shara’s 10 tips to stay safe online
Shara Evans is a technology futurist and expert in online safety. Here are her tips to stay safe from hackers
1. Get basic IT security on devices including anti-virus programs, malware checkers, ransomware checkers, VPN, firewalls.
2. Use different passwords for every website and app. Make them long and complex – upper plus lower case letters, numbers, special characters. Save your passwords in an encrypted password vault.
3. Use two-factor authentication whenever possible (ie: logging into a secure bank portal requires you to provide an authentication code that’s sent to you via text or email or requires a SecureID token number).
4. Use multiple email addresses. If you own a domain, it’s easy to set up an email alias (“forwarder”) that names a specific site or type of activity. If compromised you can then disable an email alias address without impacting everything that you do. And, it will help you to identify the source of the leak.
5. Check your credit reports for signs of fraudulent activity – or wrong info.
6. Sign up for a credit/ID protection plan and put in place credit report bans if you have reason to suspect that your ID is compromised.
7. NEVER click on text or email hyperlinks that you don’t absolutely know are legit. Lots of people get in trouble this way. You can check a compressed link by copying it and entering it into the search bar to see what shows up. If it’s malware, you may see a notice. At the very least, check if the source domain seems suspicious, in which case don’t click it!
8. When uploading any sensitive info to a website portal check for the lock icon (https) – this means that your data is encrypted ‘in transit’ when its uploaded to the website. Company cyber security practices vary widely.
9. If someone phones you saying they’re from Company X – NEVER give out any info to them, unless you know them and are already expecting a call from a specific phone number or person.
10. NEVER publish your birthdate online! If you have it on social media DELETE it now. Unless you are doing an official financial transaction, there are very few good reasons for any party to know your real birthdate, much less store it.
Soucre: Shara Evans