I want to share something with you all today because it’s really important. I’m a little embarrassed to admit this, but recently I fell for one of those “phishing” scams. I was here at work and during lunch I was checking my personal email. To my surprise I received an email that looked exactly like something my bank would send me. The message indicated my account was overdrawn, which I thought was very strange as I had only been paid a few days earlier. So I clicked on the link and entered in my login info.
Almost immediately, I felt as if something was not quite right, so I closed the browser window and pulled out my bank debit card. I called the number on the back to talk to a representative. As what often happens, I had to wait a few minutes until I got a person. Would you believe during that wait, someone actually tried to get into my account? Fortunately it was detected as fraud and blocked. The representative was so sweet and she helped me resolve the issue and the process of changing my login information.
The reason I’m sharing this with you all today is for two reasons: first, to show you that anyone – absolutely anyone – can be duped by a clever scam. I have always prided myself with being able to recognize a fake email, but this one caught me easily.
The second reason is to talk about password security. During the call with the bank representative, she reminded me that it’s important to change passwords regularly to protect ourselves from what we here at NCP call the “Bad actors.”
Now I’ll admit, I’ve been bad with some of my own personal passwords. I’ve been known to use family names and dates. I’ve even used the same password for several different logins for sake of convenience.
Honestly, all that is just asking for trouble.
Last year, NCP strengthened a number of our security policies, including asking all of our panel members to change their passwords. As part of the update process, panel member passwords had to:
- be different from your old password
- be a minimum of 8 characters long (maximum of 64 characters)
- include at least one number: 0-9
- include at least one letter: a-z
- include at least one special character listed here: !@#$%^&*._-
Admittedly, many of our panel members weren’t thrilled with this change. But we are committed to ensuring the personal info you share with us stays safe.
After my “adventure” I did a little research and also talked to the team here at NCP. Most security experts recommend changing your passwords at least every six months. And unlike me, they do not recommend using family names or birthdays or something else familiar. They also warn against using the same password in multiple websites.
Now, you might be thinking “Come on Taylor, I use my dog’s name. They’ll never guess that!” But guess what – if you post something about your dog on Facebook, they can get that info. These bad actors are serious about what they do.
Another tip – when it comes to security questions to recover your passwords or access to an account, don’t use real facts. Like if the question is “what is your favorite color” and your favorite color is blue, choose pink! Seriously. Then write that info down somewhere in your home.
If it’s been a while, take some time today to change your email and NCP Panel member passwords. Then make a schedule to update your other passwords every couple of months.
Be vigilant. It’s the best way to keep your data safe and secure! I learned that lesson well.
Have a great weekend, and enjoy the Fourth of July holiday!
FYI: The Panel Support Center will be closed on Wednesday for the holiday.
I totally understand how everyone is feeling I have had identity theft 3 times over the past 10yrs. It’s extremely hard to get law enforcement to do anything to help you with doing anything about it either. This I don’t understand, I have taken all the documents to my local precinct to be looked at like, well what do you think I’m going to be able to do about it?? So after the 3rd time I put the information in the Federal Government Sites but that’s it for me. I changed everything and did what I was told otherwise, no point of anything else. Sad really!!!
I use to work on computer and I always remind people to make there password long like this tbyhybtby#$@#$&+-_ then copy and paste to remember it and also if you use Google it will save the password if you allow it. Hope this helps a little
My best friend’s husband is very diligent is watching their bank account. Every morning before he even has his coffee he checks his account after checking it in the afternoon. He gets up one morning and someone took out $10,000.00 overnight. And in that time they spent several thousand dollars and two tickets to South Africa. Of course the bank had them insured but let me tell you this man was ever so diligent in changing passwords and like I said checking their account and never buying anything online. It can happen to anyone.
I get the emails about my buying things off apple on my apple phone…I have to put them in scam because they look real but I know I do not buy games etc.
Sandy
This is a lesson learned for me as well. I have to admit I so dread doing this kind of tasks, changing the password word thing. Thank you Taylor I am now committed to doing this. This was very informative and a eye opener.
Wow!! Thanks for sharing.
Great and important information. Thanks for sharing your experience and also providing information and knowledge about accounts and security.
Thanks Taylor for this blog! It is amazing yet very scarey how they can trick us into believing their email or whatever is legit! Thank goodness you were able to contact your bank and they were on their toes to stop the fraudulent activity!!
I think I will be spending time changing passwords too.
I was duped last year and the beginning of this month the person actually got into my account with Amazon and my bank and issued themselves some money. I have had to change bank accounts and cards and my Amazon password. They even opened up an account in my name using my SSN. It has been one big headache.
Sorry that you fell for a ‘phishing’ scam. When I check my email, I can spot them without even trying. Never ‘click’ a link on an email. I also look at the email address from which it comes, and if you have any questions call the bank or credit card company.
It is my experience that my bank will notify me via email only that they have a message for me that is accessible at their site. They stress that the message is secure and do not offer a link. It is my option to log into my bank account to get the message. They would never upset or embarrass me by including bad news about my account in their email. They are businesslike but tactful.
Do not give any personal info over your smart phone.