Answers to the questions people ask about cyber security, AI, and privacy.
What is credential stuffing and how do I protect myself?
Credential stuffing is when attackers take stolen usernames and passwords from data breaches and try them on other websites. Because people reuse passwords, it works alarmingly often. Protect yourself by using unique passwords for every account, enabling multi-factor authentication, and checking haveibeenpwned.com to see if your credentials have been exposed.
Are smart home devices watching me?
Yes, many of them are. Smart speakers listen for wake words but can record snippets of conversation. Cameras and doorbells track when you come and go. Smart TVs monitor what you watch. Check the privacy settings on each device, disable unnecessary data sharing, and consider putting smart devices on a separate WiFi network.
What is AI prompt injection?
Prompt injection is when someone embeds malicious instructions in data that an AI agent processes. The agent follows those instructions instead of its intended purpose. This can trick AI systems into sharing sensitive data or performing unauthorised actions. It’s one of the most serious AI security risks facing organisations today.
How do I know if my password has been leaked in a data breach?
Visit haveibeenpwned.com and enter your email address. It will tell you if your credentials have appeared in any known data breaches. If they have, change those passwords immediately and enable multi-factor authentication.
What is multi-factor authentication (MFA)?
MFA adds a second layer of security beyond your password. Even if someone steals your password, they can’t access your account without the second factor (usually a code from your phone). Enable MFA on every account that offers it, especially email, banking, and social media.
Should I be worried about AI-generated deepfakes?
Yes. AI can now create realistic fake images, videos, and audio. This is being used for scams, sextortion attacks, and misinformation. Be sceptical of unexpected content, verify sources, and talk to your kids about the risks.
How do I protect my teenager from online scams?
Have open conversations about online safety before incidents happen. Teach them to recognise suspicious messages, never share personal information with strangers, and come to you if something feels wrong. Review their social media privacy settings together.
What should I do if I receive a phishing email?
Don’t click any links or download attachments. Don’t reply. Report it to your IT department or email provider. If you think you may have entered credentials on a phishing site, change your password immediately and enable MFA.
Are VPNs necessary for privacy?
VPNs encrypt your internet traffic and hide your IP address, which is useful on public WiFi. However, they’re not a complete privacy solution. Choose a reputable VPN provider, understand that VPNs don’t make you anonymous, and combine VPN use with other privacy practices.
How often should I update my devices?
As soon as updates are available. Security patches fix vulnerabilities that attackers can exploit. Enable automatic updates where possible, especially for operating systems, browsers, and smart home devices. Outdated firmware is one of the most common attack vectors.
What is the Australian Social Media Ban for under-16s?
Australia passed the Online Safety Amendment (Social Media Minimum Age) Act 2024, making it illegal for social media platforms to provide accounts to children under 16. The law aims to protect children from online harms, though implementation details are still being worked out.
How can I check if my smart TV is spying on me?
Check your TV’s privacy settings in the menu. Disable “viewing information services” or “interest-based ads” if available. Some smart TVs collect viewing data and voice recordings. Consider using a streaming device instead of the built-in smart TV OS for better privacy control.
What should I do if I think my account has been hacked?
Change your password immediately. Enable MFA if not already active. Check for unauthorised activity or changes. Review connected apps and revoke access for anything suspicious. Monitor your accounts for unusual behaviour. Report the incident to the relevant service provider.