When you type in your email address, the site tells you how many times your details have been spilt in a cyber attack, when this occurred and the sites involved.
The data is pulled from haveibeenpawned, a service that has tracked online breaches since 2007 and dressed up with advice from the NCSC on staying safe and minimising the amount of personal details you share online.
You might be surprised how many times your personal details have been stolen. And the swiped data is usually put up for sale on the dark web – providing yet another reason to regularly change your password for any given site.
I typed in my main personal email address. How Exposed Am I? told me it had been spilt in dozens of breaches, though all were historic (including a LinkedIn attack in 2011; I’ve changed my password for the service dozens of times since) and one for MySpace, which no longer even exists in its original form.
Still, it will be good shock therapy for some – especially those who use one password and don’t change it for years.
The site has been launched to help kick off Cyber Smart Week. You can check out a full list of events and resources on the NSCC’s website here.
Is AI making the scam threat worse?
“AI is contributing because it enables a scammer to create more realistic content that you might fall for,” Jagusch says.
“But there are still always multiple signs that something might be a scam, which haven’t changed.
“You can still ask: is the message creating an unnecessary sense of urgency? Is it sending me to a website that doesn’t look correct? Is it making an offer that’s too good to be true?”
Where to go for help
Own Your Online (www.ownyouronline.govt.nz) has become the official destination for Government advice for individuals or small businesses hit by a cyber attack or looking for cyber security advice.
You might be familiar with Cert NZ – the Cyber Security Response Team created by the Crown last decade. Last year, Cert NZ was folded into the NCSC, a wing of the GCSB.
After a transitional period, the Cert NZ brand has been retired.
Under the new set-up, the likes of big companies and government departments are directed straight to the NCSC for support (the NCSC’s website and alerts assume technical expertise), while regular punters and small organisations are pointed to the Own Your Online site, run by the NCSC.
5 tips to make yourself more secure
- Use a different, complex password for every website. Better, use a pass phrase if a site allows it, says Jagusch. That is, several words. Some security experts recommend a lyric, because that’s easy to remember. But Jagusch says, “It’s best to use something that isn’t associated with you, like a favourite song.” His suggestion is four unassociated words.
- Use a password manager to remember all your passwords for you, Jagush suggests. That way, you’ll only need to remember the password required to access your password manager. There are standalone bits of software, but web browsers like Edge, Chrome and Safari now have password managers built in that automatically suggest and autofill strong passwords.
- Use multi-factor authentication or a code sent to another device every time you log on. Using an authenticator app on your phone is more secure than being sent a text message, Jagush says.
- Make sure your email address is super-secure because it’s what you probably use as your logon name for multiple sites, Jagusch says – and your inbox contains a wealth of personal information.
- Save sensitive stuff for your secure home or business connection. Never do anything involving vulnerable data, like online banking, when you’re connected to public Wi-Fi.
Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is the technology editor and a senior business writer.
