Bushfire Donation Hack: Secure Your Account

TL;DR

Recent reports show hackers are targeting online donation accounts for Australian bushfire relief. This guide helps you secure your account and protect your money.

1. Change Your Password Immediately

1. Strong Password: Use a password with at least 12 characters, mixing uppercase and lowercase letters, numbers, and symbols (e.g., !@#$%^).
2. Unique Password: Don’t reuse passwords from other websites. If one site is hacked, all accounts using that password are at risk.
3. Password Manager: Consider a password manager like LastPass or 1Password to create and store strong, unique passwords securely.

2. Enable Two-Factor Authentication (2FA)

2FA adds an extra layer of security. Even if someone knows your password, they’ll need a code from your phone or another device to log in.

1. Check Your Donation Platform: Most platforms (e.g., GoFundMe, Red Cross website) offer 2FA. Look for it in your account settings under ‘Security’ or ‘Privacy’.
2. Authenticator App: Use an authenticator app like Google Authenticator or Authy instead of SMS-based 2FA if possible. SMS is less secure.

Example (general steps – platform interfaces vary):

Settings > Security > Two-Factor Authentication > Enable > Scan QR code with Authenticator App

3. Review Account Activity

1. Check Transaction History: Regularly review your donation history for any suspicious activity you didn’t authorise.
2. Look for New Devices: Most platforms show a list of devices logged into your account. Remove any unfamiliar ones.

4. Be Wary of Phishing Emails

Hackers often use fake emails to trick you into giving them your login details.

1. Don’t Click Suspicious Links: Be cautious about links in emails, even if they look legitimate. Hover over the link (without clicking) to see where it leads.
2. Check Sender Address: Verify the sender’s email address is from a trusted source (e.g., @redcross.org.au).
3. Never Share Login Details: Legitimate organisations will never ask for your password via email.

5. Update Your Email Security

1. Strong Email Password: Ensure your email account has a strong, unique password (as in step 1). Your email is often the key to resetting other passwords.
2. Email Provider Security Settings: Check your email provider’s security settings for options like sign-in alerts and recovery information.

6. Report Suspicious Activity

If you suspect your account has been hacked, contact the donation platform’s support team immediately.

• Red Cross: https://www.redcross.org.au/contact-us
• GoFundMe: Use the help centre on their website.

You can also report cyber security incidents to:

• ReportCyber: https://www.cyber.gov.au/report