These steps won’t prevent your account from getting compromised if a service provider falls for a social engineering hack and hands your account over to the attacker. But they may at least minimize the possible damage and also give you more peace of mind that you’re doing as much as you can to protect yourself.
- Educate yourself – Do not open any emails from untrusted sources. Be sure to contact a friend or family member or a company individual in person or via phone if you ever receive an email message that seems unlike from them in any way.
- Be aware of the information you’re releasing onto the wild of Internet Space – Do not give offers from strangers the benefit of the doubt. Do not reveal personal or financial information in email. Also, it always is a good idea to remove your info. from publicly owned databases.
- Avoid having all your eggs in one basket (or the dreaded “single point of failure”): The more intertwined and dependent your accounts are the more widespread the damage a security breach can cause you—e.g., if you use your Gmail address for every service’s password recovery.
- Use different logins for each service and secure your passwords: Make sure your passwords are strong and don’t re-use them.
- Use two-factor authentication – Here’s how you can apply it on your mailfence account, even if your username and password are compromised.
- Get creative with security questions – The additional security questions websites ask you to fill in are supposed to be another line of defense, but often these questions are easily guessed or discoverable (e.g., where you were born).
- Use credit cards wisely – If you use a debit card and a hacker gets access to the number, your entire bank account could be drained. You can further secure your credit card by not storing card numbers on websites or using disposable or virtual card numbers (offered by Citibank, Bank of America, and Discover).
- Watch for questions that don’t fit the pretext – When asked for information, consider whether the person you’re talking to deserves the information they’re asking about.
- Frequently monitor your accounts and personal data: To be on the lookout for both identity theft and credit card fraud, check in with your account balances and credit score regularly.
- Stick to your guns – Read your company’s privacy policy to understand under what circumstances you can or should give your credentials (or not to give at all) under different conditions.
- Regularly back up! No explanation necessary, right?
The most important thing you can do to prevent being socially engineered yourself is to embrace healthy skepticism and always be as vigilant as you can (real IT departments and other services never ask for your password or other confidential information over the phone). And finally always remember how to avoid social engineering schemes.
– ‘Remember to question everything’
If you believe you have become a victim of social engineering, then please contact the appropriate people in your circles or an organization (e.g., security team, network administrators, …). Also check this blogpost, that describes the immediate steps that you can take if your online account gets compromised.
Useful articles
- The knowledge base in case you need additional help.
- Our latest release notes.
- Educate yourself with our email security awareness course.
Mailfence is an encrypted email suite
Follow us on twitter/reddit and keep yourself posted at all times.
