The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. This is the most common way for hackers to gain access to your accounts and systems.

• Open an attachment
• Click on a link
• Send personal information
• Provide confidential agency information

• Looks similar to a professional email but may have grammar, spelling, or formatting errors.
• Conveys a high sense of urgency.
• Example: “Your account will be closed and your funds will be inaccessible unless you change your password at this link.”
• Emphasizes personal, confidential, or potentially embarrassing information.
• Attempts to get you to interact via threat or reward.
• Mentions a recent transaction or says you won a contest that you have no knowledge of.

• Have separate passwords for every account. This way, if one account is compromised, the others may not be.
• Use a password manager so you only need to memorize one password.
• Password strength is increased by length and number of unique characters.

• Don’t capitalize the first or last letters.
• Don’t use common or real words.
• Don’t use leetspeak (a = @, e =3, etc.).
• Don’t use birthdays or phone numbers, even of other family members.
• Don’t use successive characters like 345678 or qwerty.

• Hackers use dictionary software to quickly go through every possible combination to find your password. They can hasten their search by using your personal information (birthdate, pet’s name, phone, etc.).
• Fluffyismydog—17 hours
• fLuffyismydog— 3 days
• fLuffy17mydog—7 days
• fLuffy17my^dog—4 years
• fL*ffy17my^dOg—17 million years
• fL*ffy17mi^dOg—30 million years
• fL*fFy17mi^d5g— 80 billion years

Use two of the three means of identification to log into an account. Something you know (password,) something you have (phone,) or something you are (fingerprint.) Enabling two-factor authentication makes it much harder for hackers to gain access to your accounts. This is one of the strongest and easiest ways to protect yourself.

• Hackers use dictionary software to quickly go through every possible combination to find your password. They can hasten their search by using your personal information (birthdate, pet’s name, phone, etc.).
• Turn Bluetooth off when not being used.
• Disable Location Services such as GPS on photos.
• Update your device software when prompted.
• Restore device to factory default before selling.
• Avoid apps that request odd permissions, like access to your contacts for a Solitaire app.

• Set a unique username and password for your Wifi router. Many people never change it. To a hacker, that is the same as leaving your front door wide open.
• Create an Admin and Standard account on your home computer. Use the Standard account most of the time and only use the Admin account when necessary. This makes it difficult for malicious software to be installed.
• Always upgrade your Windows/iOS operating systems when new official patches are released.

Many large companies have had their users’ personal data compromised. Search for your email at www.haveibeenpwned.com to find out if your information was a part of one of those hacks.