Do not become a cybercrime victim: Safeguard your online accounts

22.12.2020
With the release of the Compas Crew Self-Service module, you will soon use your personal email to access an important corporate tool that houses both your personal and work information. How do you safeguard your online accounts to make sure you do not fall victim to identity theft, like what a colleague recently experienced?

When our colleague received a message in his vessel email from a fellow Odfjell seafarer, he thought it was some work-related stuff. To his surprise, the seafarer – who happens to be a close friend of his – was confirming if he is really in dire need of money.

“I was surprised because I never called nor sent a message to him or anyone to borrow money. Upon reading his message, I logged in to my Facebook and Messenger accounts, and noticed several peculiar things: a conversation with a relative is missing from my recent chat list; there is a message from the wife of my friend confirming if I do need the money; and I have a warning that said, You have ignored this message. But I never ignore messages from people I know, especially from my relatives or friends. I tried calling my close contacts via Messenger, but after a few rings, the call gets dropped and I no longer see our conversation. It was then that I realized that my Facebook account, and my email address, have been hacked.”

It turned out the relative who got removed from this colleague’s recent contacts had given around PhP 1.7 million (~USD 35,000) to the hacker, thinking it was him. They have sought assistance from the authorities, but with the flawless execution of the crime, they will most likely have a hard time catching the culprit. As for the seafarer, he has changed his contact details and social media accounts, and has a lesson he would like to share with all of us.


“We really need to take the security of our email and social media accounts seriously. Don’t trust the links that you see on social media, even those that seem secure. If you happen to click on one and it directs to a page that requires you to enter passwords or personal information, close it immediately and do not provide any information at all. Otherwise, only two things can happen: you will be scammed yourself; or the people you know will be the ones targeted, like my relative who lost all the money she saved for her retirement.”

How do you then safeguard your email, social media and other online accounts so that what happened to our colleague and his relative won’t happen to you?

  • Use a strong password, and avoid using the same password for various accounts. A strong password is normally 14 characters long, contains numbers and special characters, and are sentences instead of words. Refer to this story for more tips on creating strong passwords.

 

  • Turn on multi- factor authentication. Require at least two pieces of evidence (factors) to get access to your account. For example, if you turned on two-step authentication via text message for your Facebook account, it will require new logins to your account and a confirmation code sent to your mobile number. So, even if someone is able to get hold of your username and password, access will still be prohibited. Revisit this story for instructions to set up multi-factor authentication for social media.

 

  • Be very careful when clicking on links.
  • As a general rule, do not click on links unless absolutely necessary.
  • Do not click on links sent randomly on social messaging apps, whether they are from your friends or legitimate businesses that you follow.
  • Check whether an email came from a legitimate source before clicking on any links contained in it. To be really certain, contact the sender first through different means.
  • If the link opens up to a page that requires you to enter user IDs, passwords, or personal information, close it immediately.


Learn more about phishing attack red flags in this article.
 

  • If you realize that you might have clicked on a suspicious link, change all your passwords right away.

 

  • If you suspect that your account has been compromised, inform contacts to let you know via other channels if they receive any suspicious messages from your account. If you are using such account to access any Odfjell system, inform IT right away. And please report anything you find suspicious as well, even if it is not confirmed as a security incident yet. IT can be reached at itsecurity@odfjell.com.

 

  • Similarly, inform the person if you suddenly receive an unusual or suspicious message from their account, especially if it involves money.

 

  • Change your passwords regularly. You can opt to use a password manager or a system to store your passwords so you won't forget them. Just make sure that it is a secure system and that only you have access to it.