by GDPR Associates | 11th October 2017 3:31 pm
Anyone who uses the internet for banking should change their passwords immediately.
That’s the verdict of top cyber experts after Equifax revealed last night that 15.2 million personal records of Britons had details stolen in a U.S. hacking scandal in May — not the 400,000 it initially claimed.
Names, dates of birth, email addresses, passwords, credit card details, driving licence numbers and phone numbers were compromised in the cyber attack.
The information could already be in the hands of identity thieves, who may try to raid your bank account or go on a shopping spree in your name.
Equifax is under fire for taking months to let victims know about the attack (it discovered it in July) and for admitting it will be writing to only 693,665 of those affected.
It claims that the remaining 14.5 million personal records had no more than names and dates of birth stolen.
Fraud specialists say it’s vital for all internet users to act, regardless of whether Equifax contacts them. Here, Money Mail reveals five steps everyone must take to protect themselves.
Fraudsters could use some of the personal details stolen from Equifax to assume your identity, so almost any account in your name could be at risk.
Identity thieves can use a customer’s date of birth, combined with other details that they may have bought on the black market, to open accounts or borrow money in their victims’ names.
Start by scouring your bank account and email inbox for any signs of illegal activity.
Keep an eye on accounts you have with online retailers or any internet services you are signed up to.
If you find you’re locked out, it could be that a scammer has changed your password. Call the provider to check.
Get hold of a statutory credit report for £2. This could show any signs of fraudulent activity. Experian and Callcredit offer these at experian.co.uk or callcredit.co.uk
‘If someone does steal your identity, report any illegal activity to your bank,’ says Martyn James, consumer rights expert at Resolver.
‘It will investigate and should reimburse you.’
Change all of your internet passwords to lock out the hackers, regardless of whether or not you receive a letter.
‘As a matter of priority and urgency, we should all update any passwords relating to financial organisations,’ says Richard Emery, a fraud expert at consultancy 4Keys.
Graeme Batsman, of data securityexpert.co.uk, says: ‘Start by changing the password of your email address, as it’s the first place hackers will go.
‘Once they get into that, they have access to details of your whole life.’
Change your account’s security questions as well. Activate something called two-stage verification — where you have to enter a password and a special code sent to your smartphone to get into your account. Google, Apple and many other email accounts offer this.
Next, prioritise online banking and shopping sites such as eBay and Amazon. Use different passwords for each account and never use your name, date of birth or the town you were born in, as that makes it easy for hackers to guess your login details.
Try a phrase that makes sense only to you — for example, your favourite holiday destination followed by the first word you learned in a foreign language — then add in the odd capital letter and number, or some allow punctuation marks.
Use different passwords for each account and never use your name, date of birth or the town you were born in, as that makes it easy for hackers to guess your login details
If you receive a letter from Equifax saying you’re a victim, Action Fraud, the national fraud and cyber crime reporting centre, advises that you call all the banks and credit card providers you use immediately to tell them.
Once fraudsters have got their hands on your online banking passwords or credit card details, there is little to stop them going on a spending spree.
Your bank may be able to help by keeping a closer eye on your accounts and flagging up any spending or transactions that appear out of the ordinary.
Ask that the bank notifies you before opening any accounts in your name and before any new direct debits or standing orders are set up. And request that it sends you new credit and debit cards.
Tony Neate, chief executive of government-backed service Get Safe Online, says: ‘At least it will be on the record if anything happens.’
Nearly 640,000 Equifax customers have had their phone numbers leaked and more than 12,000 email addresses have been accessed.
Once hackers have your email address, they can target you with messages that appear to come from your banks, HM Revenue and Customs or other trusted sources, asking you to update payment details or passwords.
Free investing guides
Sometimes, these emails will tell you to click on a link that will download malicious software on to your computer.
Crooks can also make text messages appear to come from the number of a legitimate firm — the messages will even appear in the same thread as those you have previously received from a firm.
Never call back on a number given in a text or email.
The safest advice is always to hang up on cold callers.
Fraudsters will often ring victims pretending to be their bank, the police or another reputable company and trick them into handing over sensitive details, which they later use to raid accounts.
The criminals may even claim to be calling from Equifax itself because of all the publicity around the hacking attack.
‘People caught up in the data breach should be extra vigilant,’ says Tony Neate, of Get Safe Online.
‘Never assume a caller is who they say they are. Always hang up, wait five minutes and call back from a different phone line on a number you have independently checked online, on the back of your bank card or on documentation from that company.’
This story was originally published here: http://www.dailymail.co.uk/money/markets/article-4967954/Why-change-online-banking-password-NOW.html
Source URL: https://www.gdpr.associates/change-passwords-now/
Copyright ©2021 GDPR Associates unless otherwise noted.