As you may or may not have noticed, I didn’t publish an article last week.
Thankfully, it’s not because my account was compromised.
On that note, here’s a slightly-longer-than-usual article making up for the non-existent one last week, on how to make sure your account(s) aren’t compromised.
I’ve written an article in the past on things to be aware of when dealing with a potential spam/scam phone call - this article follows a similar vein, but focuses more on protecting digital accounts you probably have.
While this isn’t directly related to my overarching topic of “achieving financial freedom” it can be very important as a compromised digital account will almost certainly cost you time and possibly also cost money - both things you should be striving to be in control of if you’re after financial freedom.
While these tips may not be applicable in every situation, the “cost” of taking a minute now to learn them may end up being well worth it if you find yourself in a situation later in life (or helping someone in such a situation) where the pointers here can mean the difference between a compromised or secure digital account.
So, in no particular order, here are a few tips to keep in mind related to digital account security:
Don’t allow “company representatives” remote access to your account.
“Hackers” generally work with the goal of gaining access to accounts they shouldn’t have access to.
Consider anyone asking for access to your account to be a “hacker” unless you’ve independently verified through a channel you trust that the person asking you for account access has a legitimate need to do so, and is who they say they are.
Don’t download software just because someone asks you to.
I’ve been around the block a few times and spent more than my fair share of time on hold trying to get various issues resolved with accounts I have.
To my memory, there has never been a time when I’ve needed to download software to get the help/support I needed with any account, application, etc.
Don’t send money or crypto to anyone unless you’ve verified their identity and the legitimacy of their request for money/crypto, independent of them.
Money transactions can be hard to reverse.
Crypto transactions can’t be reversed.
Always get a second opinion from a “real person” you trust before sending money/crypto to someone you don’t know - particularly in high-stress/high-pressure situations.
If you need support, contact the company through their official channel(s).
Don’t just do a web search (or worse, ask AI) for the phone number, email, etc. of the organization you’re trying to contact.
Scammers and bad actors can create legitimate-looking websites that rank high in search results, and AI can hallucinate incorrect answers.
Make sure the contact info you use for a company is coming from a trusted information source (i.e. the company’s real website), not just the snippet in a top search result, or something similar.
Double check account communications by logging directly into your account.
If you get an email from “Your Bank” stating that some action will be taken on your account (for any number of reasons), don’t click links in the email (they can take you to good-looking but “fake” websites mentioned above, or worse) - navigate directly to the website for “your bank” and check the “message center” (or whatever it is for the account in question) to make sure the communication you received was legitimate.
Don’t reuse passwords.
I’ve written about why reusing passwords is a bad idea in the past.
Essentially if you reuse passwords, anyone that’s able to hack/steal/borrow/bribe/obtain your password will have access to all of your accounts (sure they’d need to know the account exists, but it’s not hard to guess your username - usually just an email address - and then just go to popular services and see if that username and the password work).
Don’t give one-time codes, passwords or PINs to anyone.
This goes back to not allowing someone remote access to your account, but is slightly different.
Unless you’re absolutely certain you should be sharing a pin, code, etc. with someone, you shouldn’t.
In many cases, by sharing that pin/code you’re essentially handing over your account to that person.
If it were me, I’d be hesitant to let someone access my accounts even if they had a legitimate need to.
By making the person work “through me” to help with my account, I can easily “pull the plug” at any point in time - an ability I surrender the moment I give away my account credentials to someone, enabling them to log in without me in the mix.
Enable (some) notifications
I get it - notifications can be annoying, but in most cases there are usually “levels” of notifications you can opt in to.
Make sure you’ve opted to receive “account”-type notifications (password change, login from a new location, etc.) even if you opt not to receive promotional, sales, and other notifications.
Be wary of anyone that guarantees you profits
If someone contacts you (or even if you contact them) and they guarantee you profits through some investment venture or similar undertaking, be very skeptical.
If profits are guaranteed, why do they need you?
That’s all for today.
Know someone that would benefit from knowing (or getting a refresher) on the points above?
Take a minute to share this article with them.
Have any other good tips related to digital account security?
Send a reply or share them in the comments below!