This year you did Valentine’s Day right. You booked that exclusive restaurant months in advance. The babysitter is sorted. And that present, nestled in a box and finished with a bow, lies ready to light up her face.
And so it is with despondent confusion that, hours later over raspberry mascarpone and Veuve Clicquot, your stare at her as she roars in laughter, doubling over and swinging your gift around.
It wasn’t meant to end like this. Do you laugh along? You have seconds to decide as you drift between wrenching pain and confusion.
Too late. Her eyes open and she sees your deadpan face. “Wait, wait, you’re serious?” she asks incredulous, still laughing. “After all this you give me…” she trails off, screwing her face up at the little black rectangle, unsure of what it is.
“A multifactor authentication USB key,” you finish. “It’s the best thing you can use to secure your accounts.”
A hard sell
Cyber security experts care a lot about security. Every day we see the at times devastating real-life consequences on ordinary people who get it wrong.
My colleagues in Telstra’s cyber security team report to authorities thousands, sometimes tens of thousands, of usernames and passwords stolen from Australians and organisations across the country every week.
Any one of these people may have endured some of the consequences of having their passwords stolen.
Fear and anguish as their hacked work email account spreads malware to their peers. Tens of thousands of dollars lost as thieves doctor invoices in their work inboxes. Countless hours of uncertainty and stress while recovering from identity theft. Or the simple embarrassment of having their friends and work colleagues see their hacked social media posting scams.
However, much of this potential pain and fear can be all but eradicated with free and simple security apps.
So, you could be therefore forgiven for thinking my job promoting cyber security awareness is easy.
It isn’t. Better professionals than I have tried for decades to develop and promote these technologies yet seen little uptake. Google promoted hard for years the benefits of multifactor authentication but only 10 percent of users listened and took it up, according its most recent figures.
I pay myself enough credit to say I wouldn’t hand my partner a multifactor authentication key this Valentines Day. She too, would laugh.
But I do try, slowly, to get her to adopt it. I argue no security technology is more important. It is absolutely essential for your important accounts.
Multifactor authentication works with a code generated in an app or sent over platforms like SMS. You enter that code in after your password, and generally only once for each new device you use to log in, such as when you get a new phone.
Only a few security die-hards, and those with access to very important data, use the multifactor authentication USB key wrapped in that Valentine’s gift box.
But while most hackers need to work extremely hard to get that extra multifactor code and therefore give up (Google says use of the code eliminates common phishing) it is not impossible.
Criminals who can win your heart can win your wallet. Multifactor authentication won’t stop them if they have your trust. It’s one of the reasons romance scams are so dangerous and effective.
The love factor
Many of us consider online dating in the run up to Valentines Day. And that raises the chances we will be exposed to romance scams.
These scams are a staple of online cybercrime because they are so effective at separating victims from their money and property often under the guise of the scammer requiring flights, payments for debts, and funds for medical procedures.
Their damage goes beyond bank accounts; the months of deception can inflict deep emotional pain on victims. They can also be dangerous with some luring the victims overseas where they are exposed to international criminal networks.
Don’t think the scams are something for lovestruck fools; the average victim is a middle-aged and well-educated woman. Other characteristics include a propensity for urgency and sensation-seeking, trustworthiness, and an addictive disposition.
They are common, too. The Australian Competition and Consumer Commission received 3,680 romance scam reports last year of which a third resulted in financial losses. All told Australians lost more than $37 million to the scams last year.
The scams work, as we have written in previous years, by constructing a ‘hyper-personal’ relationship that is overly intense. They slowly capture and isolate victims increasing the victim’s dependence and decreasing the likelihood outside intervention will disrupt the relationship.
Much of this takes place on social media but prominent dating services are not immune so consider the scammers a risk in all online dating scenarios.
Experts agree that your best bet is to recruit a friend or family member as your confidant from the start of the online relationship. Their job is to be the objective voice of reason who can see relationship red flags before you will. Listen to them.
Requests for money by someone you met online are the biggest red flag of romance scams. However, if you are intent on wiring money, you must use Australian financial networks like those offered by your bank. There remains a chance of repatriating stolen money if these are used. Funds are much harder to claw back when international transfer services such as Western Union or cryptocurrency are used.
The Federal Government offers a range of services where victims of romance scams can seek assistance.
Finally, if you are not online dating but know someone who is, offer to be their confidant. By lending a trusting ear you will be giving them the best protection possible while enabling them to date safe.
Scammers abound elsewhere. Many of us who participate in Valentine’s Day will open our wallets at some point.
It is essentially impossible to determine if a website has been hacked and difficult to reliably spot scam sites. Defend yourself by shopping online with a card that reimburses fraudulent purchases.
Read your card’s terms and conditions. The short of it is that banks will often reimburse fraudulent purchases made against major credit cards provided they are reported within a certain period.
The website Finder has a good article on this. But, in general, it states, most big banks require credit card fraud to be reported within 30 to 60 days of it occurring for reimbursement to be considered. Check your statements to ensure a smooth and fast reimbursement.
PayPal also reimburses fraudulent payment in the same way as participating banks.
Fraud occurring when money is wired into accounts using direct transfers (BSB and account number for instance) is rarely covered so be careful when using these for online purchases.
There are a lot of complex and dynamic parts to cyber security. Passwords, phishing, malware, and fraud. It’s at times technical and tough. But start small by setting up multifactor authentication and a password manager. Head over the Government’s consumer cyber security site to learn how.
In time, you’ll master it. Perhaps you’ll become so enamoured you’ll want to help others become more cyber secure. Just spare the Valentine’s gift.
Crisis support services exist. Contact Lifeline on 13 11 14 or visit www.lifeline.org.au. For information about depression or anxiety, contact beyondblue on 1300 22 4636 or visit www.beyondblue.org.au