After seeing numerous horror stories of fraud and identity theft here on PFC, among my friends and family, and being a victim myself, I thought I'd make this post for others to benefit from. I may be preaching to the choir here at PFC but chances are someone out there needs to hear this. Putting a little time and effort to protect yourself can save you from waking up to your own horror story and compromising your personal finances.

This list is by no means exhaustive or perfect and I encourage others to comment below with their own tips.

*I am not affiliated/sponsored with any service that I mention below.

PASSWORDS

• Use a substantially different password for EVERY online account. If one account is leaked in a data breach, your other accounts will still be safe.
• A place where you can see if your e-mail/password has ever been leaked in a known data breach is: haveibeenpwned.com
• Use strong passwords. My passwords are 21 characters with a mix of upper/lower case, numbers and symbols that are randomly generated. I don't memorize passwords. I wouldn't be able to tell you my passwords even if you put a gun to my head.
  • Example of a generated password: 2$J52*9UZS@9s&@a&c6D#
• Your e-mail password especially should have a unique and strong password since it is a gateway to having access to all of your other accounts.
• Enable 2FA for critical accounts where possible
• Put a port block/transfer block on your cell phone number through your carrier. This prevents scammers from porting your number out to a new carrier, giving them access to your phone number and bypassing 2FA. A hacker has attempted to port out my number in the past.
• Use a proper password manager. You probably have over a hundred online accounts without realizing it. A password manager can auto-fill your username and password on your computer/phone so you don't have to. Not only does this make your life easier but it prevents keyloggers from intercepting credentials when you type out your password. Password managers also randomly generate strong passwords for you so you never have to think of one.
• The pw manager I personally use is Bitwarden. I like Bitwarden because it has rock solid security and the free version has most features that people need. The premium version is among the cheapest out there at only $10 USD a year. It also integrates well into my PC, browser and phone. Comment below with the password manager you prefer if you are already using one.
• Secret questions/answers that are completely random like passwords are more secure. Save this also to your password manager. If you bank with Tangerine, you should do this for your secret questions since they only allow you to have a 6 digit pin number to secure your account.

PHISHING

• One of the most common ways accounts are compromised is through a phishing attack where a person enters their username/password on a fake website that looks real or gives out sensitive information to the wrong person.
• These usually come through links in your e-mail, text messages, etc. that take you to counterfeited websites.
• Look at the website address to see if it is legit.
• Be aware of catphishing and your own emotional vulnerabilities.
• Don't fall for scam phone calls posing as CRA, Canada Border Services, delivery services, etc. Their caller ID is spoofed as a local number but they are probably calling from another country.
• You probably don't have a distant relative that suddenly wants to give you a large sum of money.
• When in doubt, don't enter your credentials or give it out to anyone.

VIRUSES, MALWARE, SPYWARE, ETC.

• Practice clean computer/internet use. Avoid going to questionable websites, clicking questionable links, making accounts on unsecure websites, installing questionable software, etc.
• Pornography, crypto, illegal streaming sites and many other are notorious for security breaches and installing spyware on your device.
• Keyloggers is a type of spyware that logs your every keyboard stroke and sends it to hackers, making it easy for them to obtain your passwords and any other sensitive information.
• Only download software from the official website of a trusted company and beware of websites posing as legit.
• Avoid using USB drives and such on public computers then opening them on your own computer. I format my USB drive before opening it on my computer if I know I've used it somewhere else.
• If you haven't been using your devices in a safe way, I would personally just do a complete factory reset/clean install of the operating system or at least do a full virus scan.
• Keep antivirus up to date on your computer. For PC I just use the built-in Windows Security.

BANKING

• Enable live notifications for all banking transactions. The instant a penny goes in or out of my account or any other change is made, I get a notification on my phone app and e-mail. This has allowed me to instantly catch fraudulent credit card expenses and report it immediately.
• Set proper daily max spending limits through your bank.
• Use a credit card rather than debit card for most purchases when possible.
• Using services like google pay allows you to tap pay with your phone so you don't have to use the physical card that can easily be skimmed.

MISCELLANEOUS

• Monitor your credit report using both Credit Karma (Transunion) and Borrowell (Equifax) for free. This allows you to see when someone opens a new account, uses a new address, does a credit inquiry, etc. under your name which can help you to detect identity theft early rather than it go on for years (happened to a friend of mine). I get e-mails from them when any change takes place on my credit report. I personally find paid credit monitoring services as a waste of money.
• Use a secure web browser that does not spy on you. I use Vivaldi which has built in tracker/ad blocking and is one of the most feature rich browsers out there. Firefox would be my second choice.
• Avoid making too many details about your life public on social media.
• Your friends and families e-mail/social media accounts are often hacked, so avoid sharing sensitive information with them there. You can be blackmailed in the future for what you share privately.
• Avoid using public wi-fi. If you must, then use a VPN.
• Use a good password for your home wi-fi.
• Make sure your partner or spouse's accounts are protected as well.
• Pro tip: If you use Gmail, you can add + to the end of your e-mail so you can use a different e-mail for every place that you make an account. For example johndoe+reddit at gmail dot com is the same as johndoe at gmail dot com. This allows you to see if any websites share your e-mail with spammers and adds an extra layer of security. Try sending an e-mail to yourself using this method to see that it works. Read more about it here: https://support.google.com/a/users/answer/9308648?hl=en

Don't feel that you have to apply everything overnight. Focus on the most critical things first such as password management then secure other areas at your own pace.

Edit: This is blowing up more than I thought. I won't be able to reply to comments until after work if at all. Hopefully others here can help reply to people's questions. I'd also like to mention that I am no cyber security expert, just someone who has picked up these tips along the way to protect myself.