How to stay safe online

Before you read further, stop for a few moments and think about how many websites, accounts, apps, and services you log in to every day. How many have you logged into today already? LinkedIn on the way to work, email while you wait for your coffee (and you logged into your loyalty card app while you were there too), your banking app to check if your direct debit came out on time, Facebook, your Amazon account to order more food for the dog… that’s six straight off the bat.

Every single day, we trust a huge number of online services with our personal data and log into scores of accounts. What would happen if you were hacked on any of those accounts and fully locked out? Or your life savings transferred out into the ether? We’d wager your life would fall apart just a little bit.

There are plenty of ways to stay safe online and keep your money and your personal information right where it should be. This is important stuff and it always bears repeating – bookmark this article and read it every six months!

Update your passwords regularly

 
We always face this conundrum when setting passwords: it’s got to be memorable enough that we won’t forget it and have to reset our password every single time we log in, but obscure enough that it couldn’t be easily guessed.
 
Most websites now ask for passwords to contain a minimum of 8-10 characters, including at least one uppercase, at least one number, and a punctuation mark. But we’re afraid OConnor2009! isn’t going to cut it. If your surname is O’Connor and you’ve spoken about your 13-year-old daughter on social media, it’s a guessable password.
 
Here are a couple of memorable yet hard-to-guess methods of setting passwords which we’ve been recommended by IT managers and have reliably used over the years:
 

• Pick a line from your favourite song. Use the first letter of every word in that line, plus a punctuation mark and a random number. For example, a line from Bohemian Rhapsody as a password might be: Sswydtf(9) This creates a password that looks like a nonsense, random string of letters, but one that you’ll recall with ease. Plus, you get to sing the line in your head every time you enter your password, which is a nice bonus.
 
• Your childhood phone number, the postcode of your first house, or the number plate of your first car (but strictly not your current ones!). Everybody seems to remember theirs, and it’s personal enough that a stranger on the internet couldn’t figure it out.

Always enable two-factor authentication

 
More and more web services are introducing two-factor authentication, which uses both a password and a second form of verification (often a text containing a unique code, for example) to keep your online activity doubly secure. Yes, it’s a faff, and it makes logging into things fiddlier, but you’ll be kicking yourself if your password is ever compromised and you get locked out of your email, bank account or LinkedIn profile.

Be mindful of what personal information you post online

 
It’s good practice to regularly review your privacy settings on your social media accounts to make sure you’re only sharing your life updates with the people who you actually want to see them.
 
That said, be careful with the personal information you share online.
Think of it this way:

• Each time you post a birthday post, for you or for someone you love, you’re telling your followers their (or your) date of birth
 
• When you let the internet know that you “come to this café every morning without fail on the way back from the school run”, you’re letting them know that your house is reliably standing empty (or where to look for you if they were so inclined to find you)
 
• When you proudly share a photo of your grandkids on the first day of school standing outside the front door in their uniforms, you’re revealing the identity of the school they go to and, by association, the neighbourhood you live in
 
• If you join in on a post on a public Facebook page that says “your aristocrat name is Lord/Lady plus the name of your first pet, then your mum’s maiden name and the make of your first car double-barrelled”, you’ve published the answers to three common security questions (and the momentary amusement you get from imagining yourself being addressed as “Lady Bubbles Champ-Ford” isn’t worth it)

 
You get the picture. You don’t have to swear off social media, just be mindful of the information you’re putting out there and who’s seeing it.

Never click on links in email communications claiming to be from your bank

 
If your bank contacts you via email – which many do regularly and legitimately – they will rarely ask you to follow a link to their site. If an action needs to be taken on your account, the email will usually ask you to log in to your account or call them, not to click through a link.
 
When you receive any communications from your bank that require you to check your account, open a new tab and go to the login page yourself. Don’t go via a link in an email. Where possible avoid going via a search engine. The safest bet is to access your login page via typing the address in directly or by using a saved bookmark link.
 
Always check the email address and, if in doubt, call them on a number that you know to be legitimate and get confirmation.

Look out for scams claiming to be from Revenue, An Post, or any other delivery service

 
It’s very easy these days to dress up an email – and even a sender address – to look convincing at a glance. However, it’s always worth digging and checking before clicking on links from any emails you’re not expecting. They could be what’s known as a ‘phishing scam’, which is a fraudulent attempt to obtain your sensitive data such as usernames, passwords, or credit card information.

Common scams that go around regularly are:
 

• Emails and texts addressed from An Post. These claim that you have a package due to be delivered to you, but that you need to pay fees or confirm details before it can be delivered, with a link to supposedly correct it.
 
• An email or text which looks like it comes from Revenue. These usually state that you are eligible for a tax or wage subsidy refund and request your personal information and/or card or bank details to complete the transfer.

 
An Post doesn’t communicate in this way for packages due to be delivered to you (why would they have your email address or phone number?), and Revenue would never contact you in this way about a potential refund. The head of e-crime at Mimecast says, “Do not respond to any electronic communication in relation to monies via email. And certainly do not click on any links in any related message.”

An official notice posted on revenue.ie in August 2022 says:
 

“The Revenue Commissioners never send emails or text messages requiring customers to send personal information via email, text, or pop-up windows.
 
Anyone who receives an email or text message purporting to be from Revenue and suspects it to be fraudulent or a scam should simply delete it. Anyone who is actually awaiting a tax or wage subsidy refund should contact their Revenue Office to check its status.”

And, finally, one way to stay safe offline too:
 
 

Don’t advertise your large purchases, gifts, or location to thieves

 
Have you ever seen Home Alone? Thieves are opportunists. If it’s obvious you’re away for an extended period or that you’ve got brand new expensive goods in your home (that huge Samsung TV box sitting out on the curb for recycling is a bit of a giveaway) you inadvertently make yourself a prime target.

Yes, it’s an effort to break down boxes properly or to take oversized ones to the tip instead of leaving it out for collection, but at least you won’t be providing potential thieves with a nice kerbside catalogue of the new contents of your home.

 
––––
 
Hopefully you have learned a thing or two about staying safe online. We would encourage you to pass on this information, or share this article with your friends and family, so that they can stay safe and secure too.