How to Protect Yourself from Fraud

[Supa]

Thinking about how I could add value to the forum it occurred to me, that the topics I encounter at my day job affects all of us and therefore could be of significant value. So why not share it?

I work in the fraud department of a big company in my country. While I can't share company intern stuff, I definitely can share general advice and current fraud scenarios to help you to protect yourself from fraud.

So, if people find value in that, I will update this thread with current fraud scenarios, how to recognise them and, most importantly, how to protect yourself against them.

It will take me some time to write the first few scenarios up, but to have this be more than just an intro post to the thread, here's one thing that you can do right now to protect yourself against a multitude of fraud scenarios:

Wherever possible, turn 2FA (2-Factor-Authentication) on.

Yes, yes, I know. Many already know and do this. But there are also many others, who don't. Without 2FA many of your logins are really f*cking easy to hack. So, turn it on. Seriously.

More to come soon

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Gypsy Soul]

Thinking about how I could add value to the forum it occurred to me, that the topics I encounter at my day job affects all of us and therefore could be of significant value. So why not share it?

I work in the fraud department of a big company in my country. While I can't share company intern stuff, I definitely can share general advice and current fraud scenarios to help you to protect yourself from fraud.

So, if people find value in that, I will update this thread with current fraud scenarios, how to recognise them and, most importantly, how to protect yourself against them.

It will take me some time to write the first few scenarios up, but to have this be more than just an intro post to the thread, here's one thing that you can do right now to protect yourself against a multitude of fraud scenarios:

Wherever possible, turn 2FA (2-Factor-Authentication) on.

Yes, yes, I know. Many already know and do this. But there are also many others, who don't. Without 2FA many of your logins are really f*cking easy to hack. So, turn it on. Seriously.

More to come soon

I support you in this endeavor. I'm seeing companies move to passwordless. Do a quick search "going passwordless" and you will see top companies pushing toward this.

 

[Supa]

Don't end up as a phish on the hook.

What? Phish? Yes, you read me right.

Ever got a text telling you for whatever reason to click on that link at the end of it? I'm sure you have.

They are called phishing texts, because - like a fisher - they are fishing for your data.

And, once you click on the link they got you.

Like a fish, you end up on their hook. Phished.

So, you might now think"well, let me guess, Supa, you are going to tell us to not click on that link? Wow... thank you?" and, yes, you definitely should not click that link and even better just delete the text without even opening it. But there's a bit more to know about this. Especially because it is not always so obvious that you are dealing with a phishing text. Some are really "well" made and the text as well as the website the link in it leads you to, can look almost identical to the original they are imitating. So, maybe you are actually waiting for a parcel to arrive, when you get a text that asks you to follow the link inside because your parcel couldn't be delivered. Or you get a text from your cellphone provider, that looks just like all the other texts they sometimes send you, and even the site you get to after clicking the link looks like their site.

So, to protect you against the not-so-obvious phishing texts, here are some tips and insights to help you.

If you are unsure if this is a legit text, there's one way to almost always see if it is: look at the link. Closely.

Now, if the link looks weird, like some random letters and numbers, just delete the text. But, what if it looks like it could be real?

Let's say you get a text claiming to be from your cellphone provider, asking you to activate your eSim. And their name is Best Provider. The link may be something like

bestprovider-activations.com

Go to their real website (manually) and look at their domain. It probably will be something like

bestprovider.com

There is a very limited amount of ways, the original website could legitimately be appended and prefixed by the company. They could put something before the main url followed by a dot (.), called a subdomain, or they could put something at the end of the url, after a slash (/), called a subdirectory. So, for example:

activate.bestprovider.com
bestprovider.com/activate

If the link in the text doesn't fall into one of these two url structures, it is most likely fake.

Here's an image from Hubspot showing the url structure:

So, if you want to have a quick rule to remember when it comes to detecting not-so-obvious phishing texts, it's this: compare the url of the text to the original one. Second-level and top-level domain are the same? It should be safe to click. They are not? Probably a phishing text.