There is an easy double check that you can implement which will offer you excellent protection. It is called two factor authentication (or two step verification).
I bring this up as a real-life scenario came to my attention this week. I was giving a training session and during a break one of the attendees asked me about a strange WhatsApp message that she received.
She showed me the message, which reportedly came from Apple, about a transaction on her account, that occurred in Mexico, which they blocked. There was a link for her to check her account. She told me that she had clicked on the link, and after signing into her iTunes account nothing else happened. Before I could say anything, she clicked on the link again and there was the sign-in page.
I have to say, that the WhatsApp message and sign-in page looked very plausible and legitimate. There were no spelling mistakes or lousy formatting. I had to break the news to her that she had given her iTunes ID and password to the bad guys and she needed to change her password as quickly as possible. So I took her through the process on her iPhone. When we got as far as here, I breathed a sigh of relief.
With this Two-Factor Authentication turned on, the evil doers would not be able to access her iTunes, without access to her phone. That’s because Two-Factor Authentication is like a double check. When you sign in to an account with an ID and password, the service does a double check and sends a code to your phone as a text message, which you then type in to complete the sign in.
While we were reassured that her iTunes account was reasonably safe from being immediately hacked, I still got her to change her password to something new. I also advised her to change any other account that used that password as well.
This Two Factor Authentication malarkey is such a good idea, I’d even created it’s own commandment.