RELATED: These passwords will get you hacked
Nearly half of Ohioans admit that they do not use distinctly different passwords for every online account, the survey found, which means if hackers break into one account, they can likely get into others.
“We don’t view them the same as a computer, therefore we don’t protect them the same as a computer,” said Vance Saunders, a computer science faculty member and director of the cyber security program at Wright State University. “We are much more cavalier and less mindful of how we use those devices, which make them much easier targets than other devices we use.”
Bad guys tend to look for low-hanging fruit, and people can take a variety of steps to make themselves harder targets.
RELATED: How the bad guys did it: Thousands of Ohioans hacked, up to $35M stolen
Mobile phone software and operating systems should be updated regularly, because computer code constantly needs to be fixed, or “patched,” to address vulnerabilities, bugs and other issues, said Scot Ganow, an attorney with Dayton-based law firm Faruki Ireland Cox Rhinehart & Dusing whose practice focuses on information privacy and security law.
Smartphone owners can turn on automatic updates in the settings of their devices so they need not remember to do it themselves. Consumers should delete apps they do not use because they provide potential access points and vulnerabilities for cyber intrusion, Ganow said.
Consumers also should use complex passwords to protect their accounts — the more characters the better — that contain a mix of numbers, symbols and upper case and lower case letters.
“Use different passwords on every single account,” Ganow said.
“Password” is a terrible password. A better one looks like gibberish: 78$ikk#jKlj.
RELATED: Millions feel the sting of identity theft
People should never shop or bank on public Wi-Fi networks, because they lack security encryption, Ganow said.
Some hackers “spoof” Wi-Fi. They set up a bogus network that looks legitimate that allows them to secretly monitor and collect the information people broadcast on their mobile devices.
Fraudsters will trick people into joining their fake networks by labeling them things like “hotel network” near lodgings or “coffee shop network” near coffee shops.
RELATED: How to avoid cyberspace’s dark alleys, dangerous places
Mobile phones constantly try to make Wi-Fi connections as people travel to and from home, the office, the store, coffee shops and other destinations. Security experts recommend people change their Wi-Fi settings so they only connect to trusted networks.
Consumers should only shop at websites that have “https” addresses and a padlock icon to the left or right of the URL, said McAfee Labs, the threat research division of Intel Security. Https addresses have encryption security to protect payment information.
RELATED: Identity theft victims tell their stories
Consumers should only install apps from tried-and-trusted app stores, such Apple, Google Play and those belonging to mobile phone manufacturers, said Vincent Weafer, vice president of McAfee Labs.
Downloading apps from third-party sources and alternative marketplaces is risky. Android users have multiple app store choices and should research each before choosing to what to use, Weafer said.
Similarly, people should research and read reviews and permission rights of apps before download to ensure they are wanted and trustworthy.
“Look at the app reputation scores,” Weafer said. “Be suspicious.”
Phony websites, which are often linked to phishing scams, try to trick people into revealing their login credentials and personal and financial information.
Smartphones’ small screens make it harder to determine if web pages and e-mails are legitimate, so consumers should be extra cautious when viewing messages and browsing online, said Helen Patton, chief security officer at The Ohio State University and head of Enterprise Security.
People can hover over a questionable link to see if it actually leads to a recognized and legitimate website. Consumers who receive notices about their accounts should go directly to the organization’s website to login instead of clicking on a link.
Consumers should monitor their financial accounts and check their credit scores at least once a year to ensure there are no unauthorized transactions.
People whose identities are stolen should first contact the financial institution or organization where their information was misused to suspend or cancel the account, said Dayton police Sgt. Steve Clark.
After that, victims should change the passwords on all their accounts.
People who have been victims of identity fraud should check their credit scores every few months, Clark said.
“Unfortunately, most people do not know they are a victim until they’ve incurred a loss,” he said.
Experts say people should not store their Social Security numbers on their phones. Credit and debit cards can be cancelled and replaced. Social Security numbers are yours forever.
RELATED: Authorities seek identity fraud suspect