Advice on Phishing and Hacking Protection

In light of the recent hacking of the HSE, where a lot the HSE customer data has been copied. it is likely that many of our members may get emails or calls from people purporting to be from the HSE or related sources or from institutions like banks etc.

These calls and emails will be convincing as they will have much of your personal data, DOB, address, health issues you have.  The contact will probably be asking for money, or if not additional data about you or a loved one to handle an issue, often with some urgency behind the request.

The IWAI will never make any such request except personally by the membership secretary if there is a need to update something on your membership or the Shop manager Colin Becker if there is a need to get additional information to ship the purchase or agree shipping costs.

As the HSE breach will impact every person living in Ireland and using any of the HSE services, that means basically everybody may get such contacts.

Any contact from anybody should be treated with caution, even if asking for addition personal information, all of this can be used to pretend to be you to a bank or other service and can fool the service provider into giving the hacker access to the service.

Expect all good responsible service provider to be looking for additional verification of your identity  and if you have not initiated the contact, do not respond and stop the communication and restart the contact yourself to a separately identified KNOWN contact details of the service provider.

Basic advice whether it is a email, a phone call or SMS

  1. Do NOT answer or respond to the contact immediately or directly if you have not initiated it.
  2. Phone call -, explain to the caller you will hang up and call back a known contact number for the services they proport to be. IWAI officers will not have any issue with this and will expect this and will await the call back but if the caller gives you a number, do not call it, find independently the number and call this number as they will give you the number, they want you to call.
  3. Emails or SMS – do not open or click on any link within the email//SMS unless you know the origin and are expecting the email.
    1. For example, you have triggered a password reset recently and you get an email to reset your password, if you have not personally done it, do not open the email or clock on the link. This is a typical method of email phishing used by hacker.
    2. Emails from the IWAI will come from an email address with iwai.ie after the @ in the email address and nothing else, no additional characters either before it or after iwai.ie
    3. If you have any doubt about an IWAI contact, call the membership secretary to discuss using an independently identified number.
  1. Social media / what’s app, tiktok / Instagram contacts.
    1. One should always be cautious about any social media contacts friending, following, check that the origin is genuine as hackers can and will setup fake accounts with hacked personal data pretending to be somebody you know and will try and use this to get more personal info about you to enable them to access your sensitive services.
    2. If not initiated by you, verify its genuine before accepting or responding.
    3. Be careful what information you post on social media, in particular personal information, things like pet names, DOB, and do not use such things in passwords for anything.
  2. Passwords
    1. If you believe you have been hacked, immediately change passwords to any systems you think may be affected.
    2. If the service provider has a 2FA function (2 Factor Authentication) , this is where the service provider requires a second proof its you , they send you an SMS or requires the use of a onetime password from an authentication app. Bank of Ireland recently introduced this for all banking transactions through their new app, Activate it and use it , it’s a little more effort but the protection provided makes it very worthwhile.
    3. Do not use any password that is linked to personal data, names, DOB etc.
    4. Do not reuse passwords across multiple systems as once a hacker has gotten in to one of your systems, they will try the same password on all systems to see if its reused. To manage the now many systems and password, use a password manager like 1password which helps to manage all the systems and different passwords.
    5. Check your email address if it has been pawned, at https://haveibeenpwned.com/ this will tell you if any system you use has had a data breach, and immediately change your password in all systems that have used the same password.
  3. Computer systems
    1. All modern PC/laptop / phone have regular updates many of which are to close security gaps, which hackers use to gain access. So, make sure you always update your PC/phone to the latest version possible as this will give you the maximum possible protection possible from hacking.
      1. Some old PC are using operating system that are old and no longer updated, windows 7, for example, this version receives no more security updates and should be replaced with window 10 , which is receiving security updates.
    2. Use only websites of good and know reputation, beware of sites advertising items that are unbelievably cheaper, they use this to attract people to use them.