4 things to do to protect yourself online from scams and hacks in the new year

Scammers and hackers have embraced AI to make their attempts more realistic.

The end-of-2024 hack of US Treasury Department computers is a reminder that if the government isn’t immune to tech trouble, neither are you. So, keeping your online accounts and information secure matters.

While state-backed hackers like the ones suspected of tapping into the Treasury’s computers are sophisticated, there are still threats from small-time cybercriminals, Etay Maor, chief security strategist at Cato Networks, told B-17.

Still, individuals can use various tactics to avoid hackers and scammers gaining access to their information. Many have been around for years, but recent developments, such as the rise of generative artificial intelligence, call for new strategies, Maor said.

“It’s a pain to remember another password or to enable another application to send you an SMS,” Maor said. But, he added, “It’ll help you not be the lower-hanging fruit” for those smaller hackers.

Here are four tips for enhancing cybersecurity and avoiding hackers and digital scammers going into 2025.

Use strong passwords — and have a secure place to keep track of them

Using the same password repeatedly for different accounts makes a scammer’s job easier, Maor said.

Instead, he pointed to some long-standing advice: Create a separate password for each account, and make each one “strong” — usually, at least several characters long, with a variety of letters, numbers, and punctuation marks, and without common words or sequences like “123456”.

But keeping track of all those passwords can be tough. Maor said he has a pattern that he uses to create new passwords. It’s mostly secure, though he said that hackers might be able to figure out his pattern if they got enough of his passwords. There is also password-keeping software, but bad actors can hack those, too.

Perhaps a more secure option is a low-tech one, he said. “For me, writing them down on a piece of paper is much more secure than having the same password everywhere,” Maor said. Just make sure you don’t leave it lying around in plain sight.

Be aware of social engineering scams

Some scammers don’t use AI but instead rely on their own communication and relationship-building skills to steal money or information.

Basic versions of this scam can include direct messages from people on Facebook or other social media apps who try to befriend you before asking for money or personal information, Maor said.

Others are more sophisticated, he added.

“If I’m now an attacker and I want to attack your boss, I might connect with you on LinkedIn, and then I’ll try to connect with your boss,” he said. That will create a mutual connection that could make the hacker appear more credible to the boss, Maor said.

Avoid AI-based scams by making a plan with family and friends

Some scammers use AI voice generators to create convincing clips of people saying they’re in trouble and need money. The scammers then call the subject’s friends and relatives and use the AI-generated voice to rip them off.

Maor said he already has a plan to avoid such scams with his family: They have agreed on a “secret word” they can ask for if they get a request they suspect might be AI-generated.

“It’s not something very common,” Maor said of the word his family picked. “And I think we shouldn’t be afraid to do that in our corporate environment and in a private environment as well, just to confirm.”

AI has also made phishing scams, which typically involve scammers sending emails that look like they’re from a reputable source in order to get personal information about the recipient, more convincing.

Most guidance for avoiding phishing scams suggests looking for obvious typos in emails to identify potential phishing scams, Maor said. But scammers can now use AI to create grammatically passable messages in any language they need, he added.

Make sure to use two-factor authentication

While it’s been around for years, two-factor authentication — that is, asking a website or app to send you a code via email, text, or call that you must enter in addition to your password to log in — remains a good way to protect unauthorized people from accessing your accounts, Maor said.

It’s also possible to use an authenticator app like Duo or Microsoft Authenticator to sign off on login attempts or a physical security key, which, when used near the computer, confirms that it’s really you trying to log in, according to the Federal Trade Commission.

Similar Posts

Leave a Reply