The password you should never use
Paul Clitheroe reveals the password hackers can crack in less than a second plus shares his tips to protect yourself from scams.
We all like to believe we could spot a scam. But that's not always the case. Research by Visa shows more than half of Australians claim to be very or extremely knowledgeable about fraud and scams, yet one in three have fallen for one or multiple scams.
It's time to get serious about scams and put a stop to the flow of money being pocketed by cyber crooks.
About Paul Clitheroe
Paul Clitheroe is Chairman of InvestSMART. He has been a media commentator for more than 30 years and is regarded as one of Australia's leading experts in the field of personal investment strategies and advice. Paul hosted the Channel 9 program Money, helped establish Money magazine, where he now acts as editorial adviser, and is the author of several personal finance books.
Paul is also chairman of Ecstra and the Ensemble Theatre Foundation. He is also the chair of Financial Literacy and Professor with the School of Business and Economics at Macquarie University.
There's certainly no room for complacency in the ongoing battle against scammers. Australians reported $73.2 million in losses to Scamwatch in the first three months of 2024 alone. By the way, this could be the tip of the iceberg as a lot of scams go unreported.
The challenge we face as consumers and investors is that scams are big business for fraudsters. It’s no longer about dodgy emails claiming you’ve inherited a fortune from a bogus Nigerian millionaire. Scams are increasingly run as large-scale, sophisticated operations, and that's making it harder to pick a scam.
There are a few basic strategies that can help protect you, your identity and your money. Here are three tips worth taking on board:
1. Don't use the world's most popular passwords
So many of our transactions are completed online these days, and while it’s very convenient, in some respects technology has outpaced our habits. It’s remarkable, for example, how many people stick to incredibly predictable passwords for their various online accounts.
The World Economic Forum says the most commonly used passwords tend to be simple, short and predictable. Not surprisingly, these types of passwords leave us vulnerable to hacking and cybercrime.
What is surprising is that the world’s most common online password continues to be “123456”. I just despair that people still use passwords like this. Not only has it been used more than 4.5 million times; it takes less than a second for hackers to crack the code.
Using a well-worn password is like handing a burglar the keys to your front door. None of us would do that.
For your own safety, pick passwords that can’t easily be guessed. Longer is better than short, complex is better than simple. Use unique passwords for each of your online accounts, and store passwords securely using a password manager.
2. Check your accounts regularly
Our financial institutions have invested heavily in the security of their online banking systems, and together with steps made by telcos to block scam messages, solid progress is being made to protect consumers from scams.
The reality, though, is that no one cares more about your money than you. So don’t rely solely on your bank or phone company for protection. Make a point of checking your accounts regularly – this includes credit cards. Or take advantage of your bank’s app to receive instant alerts when money goes into or out of your account. If something doesn’t look right, contact your bank immediately.
3. Protect your personal information – it's a valuable commodity
Your personal details are as good as cash in the bank for cyber crooks. Security firm NordVPN says there is a booming black market for credit card numbers. They may only sell for around $US10 each, but stolen card details are sold by the millions.
Take care if you receive SMS messages or emails out of the blue asking for personal details. Crooks often try to create a false sense of urgency. Ignore this. Reputable organisations, including your bank, will never ask for any account or personal details in an unsolicited text or email.
It's also a good idea to check your credit score several times a year. Unexpected changes in your score can be an early sign of identity theft if crooks take out loans and credit cards in your name. To keep tabs on your credit score, jump on the CreditSmart website and click on “Know your credit score”. It costs nothing and it won’t impact your score.
Ultimately, one of your best defences against cyber crooks and scammers is a healthy dose of scepticism.
I know it’s my mantra, but if something sounds too good to be true, it probably is. For more tips on how to protect yourself, head to the Scamwatch website, check out the Moneysmart site or ask your bank for information on scam protection.
If at any stage you’re concerned you may have got caught up in a scam, let your bank know immediately. There’s no shame in it, and the sooner you act, the better your chances of stemming the losses.
This article first appeared on InvestSMART. You can sign up to get a free newsletter, with fortnightly insights from InvestSMART’s team of experts including Paul Clitheroe and Effie Zahos.
Author Paul Clitheroe
Chairman, InvestSMART