Sorry to hear about that fraud-that truly sucks
One of my better trades was to take a year out and do a MSc in Infosec at Royal Holloway in the UK roughly 20 odd years ago. Since then I have contracted/worked in the UK and Aussie in pure Infosec roles (so as to establish a little credibility in the space
) for some pretty large concerns.The penetration testers/nefarious code/ social engineering I have seen in that time would scare the pants off most internet highway surfers and probably a lot right off the internet. While I am not among the best in my field I have worked with some of the very best and I can tell you if someone skilled targets you, you can't stop them.They will get to you, it is just a matter of time. Right now the fear stick is out of the way
, there are basic things (some already referred to on this thread ) you can do to help avoid being a target.The best way to protect yourself is defense in depth; put as many obstacles in the way as you can to make you less attractive as a mark.I think if you are a technical beast- and being a trader you are by default, you need to learn this stuff:
e.g. (Not necessarily n order of importance-just flowing off the top of me head):
1. Multi (2) factor authentication on everything, email, cloud drives, Betfair, cloud machines/VPS. This is one of the best controls out there.Strong passwords are good..passphrases are better but MFA will save your ass.Use different passphrases for different accounts too.Use a password vault/safe if you can't remember passwords (passphrases are easier to remember too though)
2. Install a good anti-malware (virus) application.The well known ones are sufficient,I won't advocate product on here but PM me if you have no clue where to start.Keep it up to date-daily if possible
3. Install/activate a firewall on your machine (and router/modem) and ideally learn how to use client/endpoint firewalls to record what is talking to the Internet. Know/learn your connectivity baseline.There are some good free tools out there to help you do this. If you do this you will be a long way to being less insecure.Ditto re PM above.
4. Never ever click on a link /attachment of the mail /source is from an unknown sender.Learn to look for signs of Phishing emails-even from known contacts.Most are easy to spot
5. Don't enable macros on documents by default.Learn how to turn them off by default and prompt you to activate them.If you are not expecting a macro, don't get curious and enable it.Check with the sender of the file.If you are unsure of the mail/attachment, check with the sender
6. Have a recovery strategy in place. Use cloud/NAS/external storage (with MFA enabled) to store key files/data
7. Patch your operating system and applications(where possible) regularly .This is very important-operating system vulnerabilities can result in you being owned in minutes
8. Learn to use virtualisation or backup /cloning mechanisms to copy your configuration/machine(s) and do this on a regular basis. Ransomware is quite powerless against regular and good backups
9. Never ever click on strange/unknown attachments-yes again-this is usually how most people are done
10.Never put your credentials into a site that asks for it when you don't expect to have to supply them and don't use you business/trading credentials when you don't have to. A burn (not essential)email address is a good mechanism/ process for ad-hoc web logins that you won't regularly use ......
11. Keep an eye out for large security incidents that could affect you online. A search for SANS Storm Centre, Threatpost, Hacker news will point you in the right direction
12. Did I mention clicking on links or attachments?
13. A great resource to check if your credentials have been caught up in a compromise (Don't panic as the credential may not have been used but do change password and enable MFA) is
https://haveibeenpwned.com
13. If you are prompted to install a certificate (learn what https is and how certificates feature), especially on open/public/hotel/cafe etc wireless, Don't unless you understand why you are being prompted and by whom.
Anyway, those (imho) are some of the things that can help reduce your attack surface.( It is not definitive security advice but hope it helps). Try to do most of them. Like trading, education is key and this does affect you.They could mean the difference to your online safety while trading. I am getting the family call to go out so if I think of anything else I have left out I'll edit.Cheers, good luck!