Everyday Pockit enables people to shop and spend online, but we understand that spending online can sometimes be scary, so we put together a list of tips that should help you keep safe and avoid online thieves.
Make sure you only log into secure websites
When you use a website you send information between your computer and the companies servers. On regular websites (eg, blogs, news sites), this information isn’t private. However when you’re sending your private information, like bank details or passwords, then there’s a special protocol called SSL. This scrambles your data so that a stranger (eg. if you’re on a public WiFi) can’t see what you sent.
To check if a website you’re accessing is securing your data make sure the web address begins with “https” (eg. https://secure.pockit.com). Many browsers also include a green padlock or bar in the address just like below:
If a website does not have “https” in the address then your details might not be safe! We recommend not typing your username, password, or bank account details into that page – even if you’re at home.
Install anti-virus software
Even careful internet users can sometimes get viruses on their computers, and these can steal your personal information or identity. Reducing this risk is fairly straight-forward, just install an anti-virus (your computer may even come with one already). Making sure your anti-virus can update properly and setting it to scan your system on a regular basis will help keep things safe.
If you don’t currently have any anti-virus software then you can find one that suits you through this Which? tutorial.
Make sure your computer is running up-to-date software
To keep things running smoothly your computer will occasionally need to update. These updates close security flaws, fix bugs and can sometimes introduce new features. Usually your operating system (Windows/Mac OS X…) will update itself, but you might need to check for updates manually.
If you don’t keep your computer up-to-date then it’s possible to become vulnerable to viruses and malware that could steal your details.
Be wary of phishing
Sometimes you might get an email asking you to sign into your bank account to confirm details. These may come from a phishing scam designed to steal your details and empty your bank account! However, checking for these scams is very simple, just check the address you’re navigating to! For example never enter your Pockit login details into any site except for https://secure.pockit.com.
What’s more, Pockit will never ask for your password or security answer over email, and neither will any reputable ecommerce or money management website!
Don’t keep your details on your phone/desk/computer
A lot of people write down their passwords on their phone, on post-it notes, or in a file on their computer. Even though this might seem convenient all it takes is somebody to get access to this information (through a break-in, a virus, losing your phone on the bus…) and you’re at risk of having your accounts compromised. If you absolutely must temporarily write something down you should immediately shred that note to avoid it being found in the rubbish bin by an identity thief (it’s unusual, but it does happen).
Don’t reuse passwords
When signing up for different accounts across multiple websites make sure to have different passwords for each account. This means that if there’s a security issue on just one site, you only have to update your password on that one.
Use secure passphrases instead of conventional passwords
Regular password suggestions are a bit difficult to remember and not as secure as you might think, the passwords “knsjnsodmfasdsafewff” and “JohnsBoatSeaPumpkins” are the same level of security. Which one do you find easier to remember?
Keeping a variety of characters (number, punctuation, letters) also adds to the security of your account, so “Johns11BoatSeaPumpkins!” would be even more secure, but length is key with making secure passwords (and of course remembering the password without having to repeat it everywhere).
If you don’t want to use long memorable passwords, try a password manager which can generate passwords for you – these make very varied passwords, and secure those passwords so that only you can access them. Some examples of Password Managers are LastPass or RoboForm.
Don’t share your passwords
Every password (or passphrase, security question, etc…) must be kept private. Sounds silly, but it’s so important! While it might seem safe to tell your aunt, neighbour, or a friend your password, this introduces another risk of having your password stolen or lost. While your friend might be trustworthy, they might accidentally write that password down on a sticky note.
Change your password regularly
time the chances of someone finding out, figuring out, or stealing your
password slowly increases. This could come from anywhere, a stranger could
watch you log into your accounts in public, you might tell a friend for them to
log into somewhere for you, a popular service could be hacked into without
making the news. To avoid this risk simply change your password every so often
– if you’re only comfortable changing your password once a year this is still
better than never changing your password at all.
Check your accounts regularly
Even after being very careful it’s possible that someone could still steal your details (though if you follow best practices its rare), so it’s important to check your balance on a regular basis. If you see any transactions that you didn’t authorise you should immediately submit a report to Action Fraud and contact your issuer (ie. your bank or Pockit) to find a resolution and secure your details once again.
Joe Collins-IT Team-http://cdn.pockit.com/images/Joe%20headshot.png