At Kite Loans, we have received a few reports that customers are receiving unsolicited phone calls regarding loans from people claiming to be Kite Loans employees. These calls are not from Kite Loans or any of our affiliates, we recommend utmost vigilance to anyone who has received these phone calls. Kite Loans never make unsolicited phone calls, and we never ask for money up-front for a loan, so please be on your guard against these fraudsters.
The security of our customers is always our top priority, and so in light of this fraud (and in response to the many high-profile hacks and scams that have erupted over the last few years) we want to take a minute to remind you of how you can stay safe online, and ensure you don't fall victim to fraud.
The best way to secure yourself against fraud is to pick strong, unique passwords for every single account you have online, never using the same password across different services. You should never choose common words or phrases for passwords either, and you should always incorporate a mixture of characters, numbers and symbols into your password. In 2016, the top 10 most common passwords included '123456', 'qwerty' and 'password'. And you can be sure that if any hacker is trying to guess your password, they will try these combinations first.
There is a lot of bad advice out there when it comes to picking passwords; with many computer systems becoming highly secure now, typically the most common weakness in a system is a user. Picking a strong password is essential, but equally important is to make sure each account has a unique password so a hack of one online service does not give a criminal access to any other accounts you own. As such, it is important that you have passwords that are also memorable to you.
Using random numbers and symbols is a great way to make your password less easy to guess by others; however, automated computers perform most modern hacks, and in these instances, password length is a hugely undervalued metric in password strength. Often, we see passwords with 8 characters (and plenty of numbers, symbols and capital letters) marked as 'strong' by password checkers; however, these passwords are difficult to remember and relatively short, so a brute-force attack (whereby a computer will try thousands of random combinations every second until it 'guesses' correctly) is not very well protected against. Every single additional character multiplies the number of combinations dramatically, such that a 16-character password is not just twice as secure as an 8-character one, but is many magnitudes more secure.
A good tip for picking a secure password is to pick 3 to 4 random words from a dictionary, add in a few letters and intersperse the words with numbers and symbols (replacing 'l' with '1', and 'o' with '0', for example) for much more secure and much more memorable passwords. Brute-force attacks will often try common words too, so it is important to ensure that you add, remove or alter one or two of the words to make it more difficult to guess the password (such as changing a word like 'microphone' to 'micr0fone', for example).
Another common way that hackers gain access to a system is to simply trick the user into handing over their password openly. This can be done through phone calls posing as employees of the organisation, but more typical is a scam known as a 'phishing' scam. A 'phishing' scam is when a hacker creates a fake website that emulates a legitimate service (such as PayPal). They then encourage a user to 'log in' to the fake account, thereby sending their login details straight into the hacker's inbox.
Fortunately, these scams are easily avoided with mere diligence. If you receive a suspicious email from any online service, simply do not click on the link in the email - open the browser and type in the website address yourself. That way, you always know that you are on the real website.
Similarly, if you are ever asked to log in to a service, always check the address of the page you are on carefully. Often, phishing websites will be registered with website addresses similar to the service they are copying, such that a website pretending to be PayPal might be registered as www.paypa1.com, replacing the 'l' with a number one. It is easy for a visitor to miss such a mistake, so always be on your guard.
A final tip is to use 2-factor verification wherever possible. 2-factor verification is when you use a second device to verify any login attempt - typically a mobile phone, though you can also buy dedicated devices for additional security. With 2-factor verification, whenever you attempt to log in to a new device (for example, if you just bought a new computer for Christmas) after typing in your password correctly, a 6-digit code will be sent to your verification device (such as your phone). To complete your login on the new device, you must then type in the code from your phone, which will only remain valid for a short period of time, and re-generate after 3 failed attempts.
This means that any new login attempt must be verified by an existing device. The great thing about this system is that, even if a hacker does manage to find out your password, they will not be able to log in to your account without also having your phone or verification hardware, giving another layer of security to your accounts.
Whilst text messages to mobile phones are the most common form of 2-factor verification, you can add an additional layer of security by using free apps like Authy, which are even more secure and more usable.
If you follow all of these tips, and ensure you keep all of your software and virus definitions up to date, you will make it much harder for hackers to gain access to your accounts. Changing passwords periodically, and using 2-factor verification whenever possible, will give you the most security; and remember, if anyone asks you to give your 2-factor code or password, do not give it to them unless you are absolutely sure of who they are.