Sigh.. we’re always trying to reinforce internet safety to our customers, but I’m not too proud to admit that this weekend I got caught out with a phishing email.
I have an ebay seller’s account, and received an email from ebay, relating to an item I had for sale. The sender (ebay) was genuine. What was not, was the link that the buyer included – he asked if it was the same product I was selling, and if it was he would buy.
The rest is history.. I click on the link, it prompts me to login to ebay, after which I find myself locked out and can see iphones for sale on my account.
There are lessons to be learned here.
Firstly, check every link you get before clicking on it, even if the email relates to something that is totally relevant to you at the time. (In my defence, I was looking on a mobile at the time, which made the link very small).
Secondly and possibly more importantly, use unique, randomly generated passwords for every service that you use and DO NOT res-use the same ‘birthday/spouses name/child’s name’ combination password for every service.
This last point is important, because in this case I was able to contact ebay, recover the account and move on within the space of a few minutes. If I used the same password for Twitter, Facebook, Google, my email, my bank account(!) etc etc, I would have had a race on my hands to update them all before potentially losing control of the account to a hacker.
A password manager solves this issue and makes you safer for very little cost (or potentially no cost), so if you are still stuck using the same password for multiple services, learn from my mistake and update those passwords now.