How To Keep Your Digital Assets Secure
You can improve your digital security with these easy few steps
As trading becomes increasingly mainstream, cybercriminals are becoming even more creative and persistent in their attempts to steal digital assets. While that can sound a little frightening at first, the good news is that we are here to help you improve your digital security.
These tips can not only protect your funds but also be applied to the rest of your digital life to make your online interaction more secure as well!
What is an “account takeover?”
When someone gains access to one of your accounts to perform fraudulent activities, this is called an account take over, or “ATO” for short. But how do these fraudsters get into account in the first place?
One common method is called a ‘Sim-swap.” In a SIM-swap attack, fraudsters will contact your wireless carrier pretending to be you. They persuade the customer service agent to redirect your cell service to a different device, and in doing so change the SIM card number associated with your account (hence the name of the attack.) Once they succeed, they’re able to receive all calls and SMS messages sent to your phone number — including any two-factor authorisation codes (2FA) sent to you via SMS. From there, fraudsters will frequently pair those SMS 2FA codes with stolen passwords to try and log into your email account, social media profiles, cloud storage accounts like Dropbox, and even your financial accounts.
Financial providers do a lot of work behind the scenes to detect and attempt to stop SIM-swap ATOs targeting customer accounts. What’s more, using SMS-based two-factor authentication (2FA) is better than using no 2FA at all.
It’s well worth following the two simple steps below and applying them to all your financial and other online accounts you care about:
Use a password manager
Your passwords should be at least 16 characters long, be unique, and contain a combination of lower and uppercase letters, numbers, and symbols. That’s hard to do by yourself, but password managers like 1Password or Dashlane can be used to create and remember your passwords for you, and they’re very secure.
Are you currently using a password that has been exposed in a third-party data breach somewhere? You can check to see if you’re using a risky password by visiting haveibeenpwned.com/Passwords. If one of your passwords has been compromised, change it using the above step and review your other passwords especially for accounts linked to any compromised accounts.
Two-factor authentication (2FA)
Strong passwords are not the only tool to keep your assets safe, so (where available) use two-factor authentication (2FA). Always use the strongest type of 2FA the platform allows — if the platform allows it, use a hardware security key like Yubikey or similar.
If a service provider doesn’t allow Yubikey, use an authentication app like Google Authenticator or Duo Security instead of SMS-based 2FA if possible. If SMS-based 2FA is the only thing available, at the very least require a one-time 2FA code to be sent to your device every time you log in so someone can’t access your account if they have stolen your password.
If an organization doesn’t offer any of these options, you should seriously consider whether it’s safe for you to that service as there may well be a safer option available.
It’s not only important to play defence with the right security tools when protecting your accounts, but it’s also important to stay vigilant in the wild.
Here are some smart guidelines to help keep your digital assets safe:
- Don’t brag about your digital assets online — just like you wouldn’t boast about a major inheritance windfall like inheriting $50 million!
- Review your online presence with this easy self-assessment.
Don’t fall for tricks
- Hackers posing as tech support — even bad actors posing as customer support specifically — may pressure you for account credentials. Customer service agents at digital asset providers will never ask you for your personal login credentials — just like other financial providers would never do so — so never give out your passwords, 2FA codes, PIN numbers, or grant remote access to your computer or device.
- Never create test accounts on platforms if you’ve been asked to do so, and never provide your ID or information about your digital assets over email or social media. Check what customer support your provider offers (e.g. in-app live chat, email, telephone, etc.) and always communicate with them via these channels. Anyone claiming to be customer support trying to contact you via a different channel may in fact be a scammer.
- If someone reaches out to you and you’re not sure if it’s a scam, you can reach out to your company’s security team to confirm whether it’s legitimate. And remember companies like Microsoft, Google, and Apple will never call you about your computer.
Always check that the URL is legitimate
- Scammers create fake sites that look like real exchanges but are designed to steal account information. Double-check the exact web address before you login into your account or input any of your credentials. Sometimes the web address and the site itself can look very familiar to the real exchange!
- If you are ever unsure whether to click on a link included in an email, copy the link into a text editor and examine it first to see whether it’s legitimate before navigating to it. If you are ever in doubt, don’t double click it!
Buy, sell, and transfer digital assets with the Baanx App
Ready to invest in digital assets? Join Baanx App to buy, sell and transfer digital assets. The platform is registered, safe, secure, and reliable. Plus, the fees are highly competitive. Sign up today and start trading digital assets!