Many online breaches are preventable. A small set of habits can stop most threats before they start — and they take minutes to put in place.
Add extra login layers
Multi-factor authentication (MFA) means even if someone gets your password, they still can’t get in without a one-time code.
Authenticator apps first
Prefer an app over SMS to avoid SIM-swap scams. It works offline and is tied to your device.
Keep backup codes safe
Write them down or store them securely offline — think of them as a spare house key.
Never share one-time codes
No genuine OutbackTreasuresLottery staff will request your full MFA code by email, text, or chat.
Build unbreakable passphrases
- Go long — 14 characters or more makes a huge difference.
- One password, one site — reuse is risky.
- Use a password manager for storage and creation, secured with MFA.
Keep your tech healthy
- Turn on automatic updates for your operating system and browsers.
- Secure devices with PINs or biometrics and lock them quickly when idle.
- Download apps only from official app stores and remove unused ones.
- Avoid signing in from shared or public devices.
Catch scams before they catch you
Phishing tricks you into giving away details or installing malware — here’s how to spot it.
- Check the web address — type it yourself or use saved bookmarks.
- Urgency is a red flag — scammers love “act now” messages.
- Don’t click mystery links or open untrusted files.
- Hover over links to see where they lead before clicking.
If you suspect you’ve been tricked
Change your password immediately, sign out everywhere, enable MFA, and alert support.
Stay in control of your sessions
- Regularly review logged-in devices and sign out of any you don’t recognise.
- Turn on alerts for new logins to catch suspicious activity early.
- Use one trusted bank account for withdrawals to avoid extra checks.
When on public networks or travelling
- Skip public Wi-Fi — use your own mobile hotspot.
- Log out fully on shared devices and never save passwords there.
Your recovery toolkit
Lost your phone?
Log in with backup codes, then set up MFA again on the new device.
Think your account’s been breached?
Update your password, log out all sessions, check your withdrawal settings, and get in touch with support.
Keep recovery details fresh
Update your recovery email and number whenever they change.
At-a-glance security habits
✓ MFA active
App-based codes plus backups.
✓ Unique passwords
All stored in a password manager.
✓ Devices updated
Auto-updates on and locks set.
✓ Scam aware
Check domains, ignore urgent requests, distrust unknown files.
FAQs
Is an authenticator app really safer than SMS?
Yes — it’s less vulnerable to SIM hijacking, but SMS is still better than nothing.
Can I trust password managers?
They’re built for security. Use a strong master passphrase and MFA to lock it down.
Do I need to change passwords often?
Only after a breach or suspicious sign-in — focus on strength and uniqueness.
Will you ever ask for my password or MFA code?
No — never via email, SMS, or chat.
