8-step guide to help you stay safe online

8-step guide to help you stay safe online

Sadly, each year many consumers and businesses become victims of cybercrime. Cybercriminals can be highly sophisticated, often posing as people you know or legitimate organisations you regularly interact with, making it hard to distinguish between what’s authentic and what’s fraudulent.

The threat of cybercrime grows as we spend more time online and increasingly rely on it to manage our everyday lives. We may become victims of a phishing attack, unwittingly handing over our private details or having an account hacked due to a weak password. As new technologies, websites and apps arise so do new ways for criminals to exploit those opportunities, particularly when it comes to financial fraud, including trying to access your pension funds.

Here at PensionBee, we consider the security and privacy of our customers to be of the utmost importance. Therefore, we’d like to share our ‘8-step guide’ which can help you to keep your PensionBee account secure and avoid becoming another victim of cybercrime.

1. Use password best practices

Weak passwords are easily exploitable, meaning they can be “guessed” or “cracked” by a hacker far quicker and easier than a complex password. It’s common practice for hackers to try to use passwords stolen from one website to access another website as they know that people often use the same password for multiple accounts. Using a weak password could be dangerous to both you and those you know.

With access to your email accounts, for instance, a criminal could get their hands on a wealth of private and personal information. They could also reset the passwords to the accounts you own by using the ‘forgot password’ feature of many websites to lock you out of them and message your contacts whilst making it look like the communication has come from you.

Stay safe tips:

• Create complex passwords

  Your password should be at least eight characters long and use a mix of letters, numbers and symbols. Avoid using any personal information such as a maiden name, where you live or the name of your favourite team.

• Use a unique password for each account

  Creating a unique password for each of your accounts means if one of your accounts is compromised the other ones can’t be accessed using that same password.

• Consider using a password manager

  A password manager will store your passwords for you so you don’t have to remember them. All your passwords are secured using a master password so you only need to remember one password. Many password managers also include a password generator to help you create the kind of strong passwords described above.

• Never share your password with anyone

  Don’t share your passwords, even with people you trust. They may not store it securely so it could be easily compromised in a phishing attack or via malware on your trusted contact’s device.

• Remember to change your password frequently

• You can check how strong your passwords are by visiting: https://www.security.org/how-secure-is-my-password/

• You can also check to see if any of your email accounts have been compromised by visiting: https://haveibeenpwned.com

2. Keep your device and software up-to-date

Cybercriminals are always on the lookout for bugs and security flaws in software that runs the devices, websites and apps we use. Device and software makers will release new updates to keep them protected from the latest threats or from vulnerabilities that have been discovered, which cyber criminals will attempt to exploit immediately.

Stay safe tips:

• Ensure smartphones, tablets and their apps have the latest updates installed.
• Install any updates for your computer’s operating system as well as any separate updates for antivirus and firewall software.
• Enabling updates to be automatically installed will save you time and ensure you always have the latest fixes and patches in place.

3. Use two-factor authentication (2FA) where possible

Two-factor or two-step authentication (2FA) provides an additional layer of protection when trying to access your accounts. 2FA helps verify you truly are the owner of the account by asking you to supply a second piece of information in addition to your username and password, often in the form of a code sent to a device you own. The benefit of 2FA is that even if a criminal knows your username and password they’d also need access to that second piece of information. Our recommendation is to enable 2FA if it’s available. 2FA is also known as multi-factor authentication or MFA.

Stay safe tips:

There are a few types of 2FA. At PensionBee if you try to log in to your account we will send you a one-time passcode (OTP) via text message to your mobile device. You then simply need to enter the code provided on the account login screen.

You can enable 2FA in the PensionBee app by going to:

1. Account
2. Two-factor authentication
3. Enable two-factor authentication and follow the setup instructions.

4. Shop and browse the web safely

Cybercriminals may use fake websites designed to look legitimate or which imitate actual companies.

Stay safe tips:

• When shopping or logging into an account online make sure you can see a locked padlock symbol in the browser address bar and that the web address starts with ‘https’, not just ‘http’. The ‘s’ stands for secure.

• Be wary of opening short URL links such as those generated by bit.ly. These can be used to hide the link’s true destination. A service like https://unshorten.me reverses the shortened URL so you can see the website it’s really going to.

• If you’re familiar with a company’s URL make sure it appears in your browser’s address bar as expected. For example, use www.pensionbee.com and not www.pension-bee.com.

• If the website purports to offer financial services, you can use the Financial Conduct Authority’s Register to check if a company is authorised to provide financial services in the UK.

5. Be careful when sharing your personal information

Whilst we’re naturally more guarded when sharing sensitive information like credit card or banking details, they’re not the only information that can be used for malicious purposes. Personal information such as your date of birth, interests and even places you’ve been, could all be used to work out what your passwords are or send you convincing phishing messages, described below, to perpetrate fraud including pension scams.

Stay safe tips:

• Make sure the privacy and security settings for any accounts are set so that only the people you want can see what you share.
• Be extra cautious of any requests to connect from people you may not know.

6. Beware of phishing attacks

Phishing is an attempt to deceive a person into believing an attacker is a legitimate person or business to get them to reveal their personal information. A phishing message will try to get you to click on a link which installs malicious software or opens a fake website to enter your personal details such as your password or credit card details. Phishing attacks target a variety of communication channels such as email accounts, text and voice messages, and direct messages in social media accounts.

Phishing attacks are a common cybercrime tactic due to the success rate cyber criminals gain from these attacks.

Stay safe tips:

• Avoid messages that suggest you need to act urgently. They may claim you will need to pay a penalty charge or miss out on a reward. Take time to thoroughly read the message carefully.

• Avoid misspelt or unofficial URLs. Links in phishing emails will often include URLs that have deliberate and subtle spelling errors to look like official company URLs. For example, pensionbeee.com (notice the extra ‘e’). Watch out for emails claiming to be from a legitimate business but which are sent from a different domain. For example, an email from PensionBee should come from the @pensionbee.com and not from an alternative like @gmail.com.

• A list of our primary email addresses used for communication with customers will only ever come from one of the addresses below. You’ll notice, all emails are tied to our domain @pensionbee.com. Any other domain name used in emails means that the email wasn’t sent by us, so make sure to check the sender’s address.

  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]

• Avoid messages asking you to confirm financial information, passwords or other personal details.

• Look out for messages that contain incorrect spelling or grammar.

7. Be careful when using public Wi-Fi

Using freely available public Wi-Fi such as that provided at an airport or coffee shop may be convenient but it also poses a security risk.

When using public Wi-Fi you risk connecting to a network you think is legitimate or connecting to an unsecured one, which makes it easy for cybercriminals to see and intercept your activity.

Stay safe tips:

• Though there may be greater costs involved, where possible you may want to use your device’s cellular data when online in public. If you’re using a laptop in public, turning your smartphone or tablet into a hotspot enables you to connect to your own private network.

• Consider using a Virtual Private Network (VPN). A VPN acts as a protective layer that encrypts your device’s internet traffic so it can’t be identified or viewed by hackers.

• Use antivirus and firewall software. Antivirus software will help protect you from malicious software running on your devices and a firewall can prevent them from being downloaded in the first place.

• Combine these tips with our earlier tips such as using strong passwords, enabling 2FA and developing good browsing habits.

Using public computers

If you access your PensionBee account via a public or shared computer, you need to be extra careful. Make sure that you:

• Always log out before leaving the computer.
• Never leave the computer unattended when logged in.

8. Beware of fake social media accounts

Cybercriminals may impersonate legitimate social media accounts as another way to perpetrate scams such as using phishing attacks to get you to give away personal and private information.

PensionBee operates a variety of social media channels. For your convenience, here’s a list of our legitimate active channels:

• Facebook = https://www.facebook.com/PensionBee
• Twitter = https://twitter.com/pensionbee
• LinkedIn = https://www.linkedin.com/company/pensionbee/
• Instagram = https://www.instagram.com/pensionbee/
• YouTube = https://www.youtube.com/channel/UCpVxqKCXMkiRL1GVgQERSHA
• TikTok = https://www.tiktok.com/@pensionbee

With so many opportunities for cybercriminals to take advantage, it may seem difficult to avoid every pitfall but basic steps like those above can help you stay safe for your everyday online activities like opening emails, shopping online and using social media.

Perhaps, most importantly, is to be cautious about what you’re doing online and what someone else may be asking of you. Taking the extra time to consider what your next action may lead to will go far in preventing you from becoming a victim of cybercrime.

For more information on staying safe online, you can check out https://www.getsafeonline.org.