Topics:Internet Security Identity Theft 101 Data Breach News Business Security Tax Identity Theft Medical Identity Theft Scams
This is Part 1 of a two-part article. Read Part 2 here. From 2017 to 2018, the U.S. population experienced an abundance of serious data breaches which traumatized millions of people. Here is a look at a couple of major data breaches that occurred between 2017 and 2018: Although the data breaches listed above affected a large portion of the U.S. population, they are not the only data breaches that took place in 2017 and 2018. According to the Identity Theft Resource Center, there were 1,632 data breaches that occurred in the United States in 2017 and 1,244 data breaches in 2018. Although the number of data breaches recorded in 2018 was less than 2017, the Identity Theft Resource Center’s report provided that “the reported number of consumer records containing sensitive personally identifiable information (PII) jumped significantly” in 2018. In addition to data breaches, millions of people were affected by identity theft and scam crimes that took place in 2017 and 2018. Although there is no absolute way to avoid identity theft, scams, and data breaches, you can lessen your risks if you know what to prepare for. We asked a few experts to predict 2019 scam and identity theft trends. Here’s what they said: Data breaches “In regard to data breaches, things aren't as bad as you think. They are far worse. Personal information stolen through data breaches continues to be a major problem and one that puts people in danger of identity theft for the rest of their lives when the information stolen includes Social Security numbers. Too many entities with insufficient security hold too much personal information and these entities whether they are companies or government agencies have been and continue to be vulnerable targets for hackers. Therefore people must do whatever they can to limit the places that have their personal information. For instance, your doctor may ask for your Social Security number, but he or she does not need it.” — Steve Wiseman, Professor at Bentley University, Author and Blog Writer for Scamicide“We’ll probably see a few more sensational data breach headlines this year, but the truth is, data breaches happen every day, all over the world. Dozens make the news every month, and many more go unreported. I don’t see any difference between 2019 and 2018, other than 2019 will have more than 2018. Ransomware attacks might become even more commonplace because they’re easy to setup and maddening to trace.” — Greg Scott, Author and Cybersecurity Professional “When it comes to identity theft, by far the biggest threat in 2019 comes from large scale data breaches. In what’s become a shocking trend, the occurrence of these massive data breaches has dramatically increased over the past few years. And that trend shows no signs of slowing down, even with the increased awareness surrounding the issue.” — Doug Brennan, Cybersecurity Expert and Digital Addicts Blog Manager Business threats “In 2019, businesses should be on the lookout for threats that are coming from the inside/from their own employees, compared to remote threats from overseas. A majority of data threats are posed by employees who do not have education on cybersecurity. For example, phishing emails are gaining prominence. Some of the biggest hacks have occurred because someone opened an email from a malicious sender.Expect to see businesses investing in more internal security training to teach employees the proper way to create passwords, how to identify phishing emails, how to properly store and delete data, etc.” — Keri Lindenmuth, Marketing Manager at The Kyle David Group, LLC“Even if you keep your home network safe, if your company is hacked (even when you’re only an employee), you are subject to personal identity theft from the information that is stolen. According to the FBI’s IC3’s 2017 Crime Report, out of all types of victim loss reported, the most money lost was through Business Email Compromise and Email Account Compromise. This means that a hacker can break into your company’s data and garnish your social security number, home address, full name, driver’s license number, and more. While this might have been easy to trace in the past, skilled hackers no longer leave a web trail that an expert can easily catch. They take the stolen data to the dark web and sell it to the highest bidder.” — Johnny Santiago, Brand Partnerships Manager at Social Catfish“Organizations need to be prepared for malicious breaches and cyber attacks, many of which are delivered by way of email. Fraudulent emails come in all shapes and sizes, but I’ll share some tips to help anyone easily identify them. If you receive an email where the ‘To’ field is left blank, it’s a clear signal that it didn’t come from the perceived sender. When an email from a company has spelling errors or bad grammar, it should be another warning sign. Large companies have copywriters and editors who make sure email communications are grammatically correct. Also, if the email begins with ‘Hello’ but doesn’t actually state your name, that’s another red flag.” — Brian Gill, CEO of Gillware Data Recovery Identity theft types “Synthetic identity theft is also increasing as a problem. This is where some of your information is joined with information about others or made up information to form a totally synthetic identity.” — Wiseman “Sophisticated identity theft is on the rise. This is a type of fingerless identity theft where hackers can be overseas and steal your information and then sell it remotely from the dark web. They are protected by the privacy veil of the dark internet, where they can sell your information to another hacker who will use it fraudulently and steal from your accounts, max out your credit cards, sell your information to someone who might impersonate you, and put you at risk in your financial world. Victims of identity theft subsequently don’t get hired for jobs that run background or credit checks or even miss out on the ability to purchase a home or rent a property.” — Santiago“Medical identity theft is a rapidly growing problem that will likely get worse before it gets better. This can lead to long-term financial difficulties due to issues with debt collectors and credit issues. Patients can experience problems with their insurance copays and maximums because of fraudulent use. The list of problems goes on and on.” — Adnan Raja, Vice President of Marketing for Atlantic Net“In 2019, cyber-attacks will be more versatile than ever before. People should be aware of the most common types of identity theft as for instance account takeover, mail identity theft, child/senior identity theft etc. However, according to the Federal Trade Commission (FTC), the most popular type of ID theft in 2018, which will probably remain a real threat in 2019 is synthetic identity theft. This type of ID theft combines real and fake personal information to create a new identity using sensitive data such as names, SSNs, and addresses that can be obtained on the dark web. So, if you start to receive phone calls or mail asking about new credit accounts or if you receive mail addressed to a different name, those are signs of synthetic ID theft.” — Mihai Corbuleac, Senior IT Consultant at ComputerSupport Additional scams “Credit card skimming and shimming will likely continue to make local headlines as technology improves. While card skimming is a renowned scam, shimming takes the crime to the next level with specific tech designed to record information from chip-enabled credit cards, which had previously been considered the more secure alternative to cards with magnetic strips.Simplistic phone scams have remained popular, because modern technology enables effortless spoofing of legitimate phone numbers that belong to government agencies and other reputable organizations. Phone scams often use a combination of trust and urgency to convince victims to fork over social security numbers or credit card account information.” — Sean Messier, Credit Industry Analyst at Credit Card Insider“I see sim hijacking causing problems in 2019 if the providers don't clamp down on it. This scam works when criminals call a cell phone carrier’s tech support number pretending to be their target. They inform the call center employee that they have ‘lost’ their SIM card, and need their phone number to be transferred, or ported, to a new SIM card that the hackers themselves already own. This works via social engineering — and maybe with other info they have sourced, be it on the dark web, such as a Social Security Number or home address (this info can be readily available due to the many data breaches that have happened in the last few years)—the criminals convince the employee that they really are whom they claim to be, and the employee ports the phone number to the new SIM card.In some cases, bribery is involved with rogue employees porting numbers against company policy for a fee from the hackers.Once the hacker controls your phone number, they can impersonate you with other service providers, such as with your Instagram or an email provider, by using your phone number to change your password and then also taking control of your email. For example, they can go to gmail.com, type in your email, click on ‘Forgot Password’. Then Google sends a text message verification code to your phone number – which the hacker receives instead of you.” — Brandon Ackroyd, Mobile Security Expert and Founder of Tiger Mobiles“For every correction that companies and the government try to make, a skilled hacker spends his or her time, energy, and expertise undoing those safeguards and working around them. As home networks begin to rely on smart devices like Google Home, Echo by Amazon, or Portal by Facebook, there have been documented errors and hacks. In one situation, Google Home recorded and sent data without consent. In 2018, devices like Google Home, Echo Dot, and Portal became popular. However, 2019 is the year that (next to) everyone will have a home smart device or smart home and hackers are waiting. These devices are revolutionizing the way we live and how much we allow electronics to conform our relationships and security. As more people make their household digital, home security devices will become the most popular items to hack.” — Santiago“Scams originating with phone calls whether robocalls or scammers calling personally are growing as a problem. This problem is magnified by the use of a technique called ‘spoofing’ by which scammers are able to manipulate their victim's Caller ID to make the call appear to be from a legitimate source, such as the IRS. The increasing presence of the Internet of Things in our lives with smart televisions, toys and other devices connected to the Internet provides an opportunity for hackers to get at our computers and our data through these devices for purposes of identity theft or install malware such as ransomware. Spear phishing is getting increasingly sophisticated. Spear phishing is specifically targeted emails and text messages that uses information about us to tailor these messages in a manner that we will trust these communications and click on links or attachments which result in malware being downloaded.” — Wiseman“A despicable tactic that’s gaining popularity with hackers is digital blackmailing. A hacker steals an email list and sends messages that threaten to expose a person engaging in an illegal or unethical act. Some instances of digital blackmail don’t involve lies about web surfing. A hacker can gain access to a webcam and capture intimate pictures and videos. He or she uses the files to extort money from people.” — Ian McClarty, President and CEO of PhoenixNAP Global IT Services The bottom line Overall, you should be on the lookout for several potential identity theft, scam, and data breach trends. Although you may not be able to prevent any of them from taking place in 2019, you can take certain actions to protect yourself. Make sure to see part two of this article series to learn about preventative steps you can take.
Guest Post by Hilary Bird One of the most common fears Americans face is identity theft. Fraudsters can assume your identity and profit financially by stealing information like your social security number, bank account, tax info, and more. With so many concerns about keeping information secure today, you may be wondering when online identity theft became such a prominent issue and how you can protect yourself against it. Let’s take a look at some of the different examples of online identity theft, including where it’s headed — and what you can do to avoid it. The past: phishing and spyware Malware and viruses have been around almost as long as computers themselves, and once the internet came into being, they had an easy way of jumping from user to user. The creation of email made it easy for thieves to reach out under the guise of other identities (acting as a representative of a bank, for instance) to request personal information from unsuspecting users. This tactic, called phishing, really gained ground in the mid-1990s. It’s still around today, though as digital literacy has increased, most users know now that businesses won’t solicit personal information via email. Another ’90s-era method for stealing personal info is spyware, a type of program designed to (as the name suggests) spy on its victims, often giving the sender access to personal info. The present: data breaches and social media Modern technology has made it easier than ever for hackers to steal identities. Rather than dumpster diving for personal information or scamming people over the phone, hackers can easily acquire millions of identities online at once, just by cracking the right database. More than 16 million people were victims of identity theft in 2017 — more than ever before. This is in large part due to severe data breaches to companies like Marriott and Facebook. Even when hackers gain access to just usernames and passwords, this information can lead to other more lucrative accounts being compromised as well. Social media is another prime source for thieves to snag personal information. Social media users volunteer information like names, birthdays, locations, interests, and more, all of which thieves can use for malicious purposes. The future: how identity theft will evolve As long as we’re conducting online transactions with personal info, the identity theft threats of the past will still be present; data breaches aren’t going away anytime soon. The new frontier for identity theft is closer than you might think: the smart home. As homeowners bring more devices online, they open up new venues for thieves to steal private information. Attacks against smart home tech have already begun, across all protocols. And as more devices enter the market — rolling out in more homes and businesses — that risk is likely to grow. The fight against identity theft As tech advances, hackers will find new ways to data mine, but that doesn’t mean you should be living in fear. Hackers may be getting more tech-savvy, but so is the tech used to fight them. Encryption software is more advanced than ever, making it easy to protect your information online. And as companies increase protection, you can put your mind at ease. Especially since banks and credit companies are likely to have your back if fraud does occur. While many security measures are out of your hands and up to the companies we trust with our information, you can do several things to protect yourself against identity theft. 1. Shop only on secure websites. E-commerce websites can be easy targets for identity theft, so be sure to shop on safe, reliable sites only, especially during the holidays when online transactions are typically at a peak. 2. Create strong passwords. Using personal details like birthdays and names of family members in your passwords exposes you to a higher risk of identity theft. It might seem like an inconvenience, but including a variety of characters and numbers can protect you in the long run. Invest in a password manager if needed. 3. Update your devices’ security offerings. Any device that can connect to the internet is a potential weak point, but tech manufacturers are often quick to patch vulnerabilities. You just have to keep the devices updated to take advantage of advancing security. 4. Monitor your credit. You could be a victim of identity theft for months before noticing anything fishy. Check your credit score often and keep an eye on bank and credit card statements. Whether you’ve experienced identity theft or not, it’s important to be prepared. By taking advantage of technology and keeping your information secure, you can navigate digital spaces and smart tech wisely and, more importantly, safely. Hilary Bird is a digital journalist who writes about the things that fascinate her the most: relationships, technology, and how they impact each other. As more people become more reliant on their tech devices, Hilary wants to help them stay safe and understand how these devices will reshape the way we communicate.
Guest Post by CreditRepair.com Recently, high profile hacks have left millions of people exposed to identity theft. Companies entrusted with personal customer data such as financial information, home addresses, and even social security numbers have all failed to protect that data, and most of it has ended up in the hands of shady characters. The list below gives you some insight on the magnitude of the problem in this current digital age: Target, 2013: 110 million customers had their personal and financial information exposed when Target was hacked in December 2013. Yahoo, 2013-14: 3 billion user accounts were compromised when this massive search engine was hacked in 2013-14. Names, email addresses, security questions, and birth dates were all compromised. Equifax, 2017: When this mammoth credit bureau was hacked in 2017, personal information including Social Security Numbers, addresses, birth dates, and even drivers' license numbers were compromised. Home Depot, 2014: About 50 million customers had their credit card data compromised when this breach occurred back in 2014. The list goes on and on with some of the biggest brand names such as eBay, Facebook, and even Uber joining the ranks. Client information, both personal and financial, was left exposed and vulnerable to unscrupulous hackers, some of whom have no qualms using that data for identity theft. There is no denying that identity theft is a clear and present danger. In fact, an Identity Fraud Study conducted by Javelin Strategy & Research in 2017 found that 16.7 million people in the United States alone suffered from some form of identity theft in that year. There is no question that our personal and financial information is vulnerable and anyone can fall victim to identity theft. What are the consequences of identity theft? Having your identity stolen is not only an inconvenience, but also potentially devastating to your credit rating and health. Identity thieves are primarily after your credit cards. That, however, is not the only thing they are after. Once they get their hands on your credit card information, they can use that data as they please. Often, people go on a shopping spree at your expense, and you may not be aware until you get your next credit card statement showing that you apparently bought a speedboat in Hawaii. Credit repair companies estimate that people who have fallen victim to identity theft spend up to 600 hours struggling to restore their stolen identities. Then comes the long and harrowing process of trying to repair their damaged credit. Here is a small list of the things an identity thief can do in your name: Apply for other credit cards Apply for jobs Open bank accounts File bogus tax returns Lease apartments Get a passport and even a driver’s license Apply for a mortgage Buy or finance a car They will effectively become a digital version of you but with little regard for what happens to your good name in the long run. That is why you need to protect yourself against identity theft at all costs. What can you do to stop identity theft? Everyday activities such as sharing your phone numbers with acquaintances, writing down your home or email address, and even turning on your cellphone "location" setting can open the door to identity thieves. Sophisticated individuals can use this information to access sensitive data such as your credit card numbers, medical records, bank accounts, and tax returns, all because you innocently and unwittingly shared your personal information with someone online. Vigilance is one of the best ways to protect yourself against identity theft. Be careful about where and how you share your personal information: Do not list your phone numbers on social media platforms Do not open links from unsolicited or unfamiliar emails Do not use your credit card on websites that seem unsafe However, no matter how careful you are, certain things outside of your control, such as the high-profile hacks we mentioned earlier, could happen. Even a trusted company could get hacked and expose you to identity theft. It is worth going the extra mile to protect our identities. This often calls for "Identity Theft Monitoring," a proactive method to stay aware of any changes in your identity profile or credit. You could either do this yourself, or you could pay a company that specializes in identity theft monitoring to do it for you. Should you get identity theft protection and monitoring? The simple answer to this question is YES! The only question here is whether you should pay for identity theft monitoring. Free identity theft monitoring options such as the IdentityTheft.gov exist; however, in most cases, paid options tend to offer you much more protection. The free identity theft monitoring option offered by the government allows you to report an identity breach through the website. They provide detailed guidelines on how you can recover your stolen identity. While that kind of information and help can come in great handy during your time of need, it is not exactly the kind of proactive protection that you need. Most paid options come with the following features: Free credit reports Monitoring for unauthorized use of your Social Security Number Limited identity theft insurance Monthly credit scores Some of the best-paid services even go as far as monitoring the dark web where most of these stolen identities will be sold or traded. Pros and cons of paid identity theft monitoring services Many of the best and most proactive identity theft monitoring companies charge a monthly fee, but is this service worth paying for? Here are some of the advantages and disadvantages of paying for identity theft monitoring services: Pros You are offered constant monitoring of your personal and financial information. You have options (packages) to choose from. Some even cover the entire family. Some companies offer you reimbursement for whatever you lose if your identity is stolen while under their care. Many have identity theft insurance that is limited to $1 million. Strict terms and conditions always apply. You will be offered assistance navigating the complicated terrain that comes with trying to regain your stolen identity. Most, if not all, companies offer you a money-back guarantee in case you are not satisfied with the services offered. You will always have a professional on call when you need answers about your identity theft concerns. The best advantage is peace of mind. You will sleep easy knowing that professionals are working to ensure your identity is protected. If it does happen, they will do everything in their power to minimize the damage caused as well as help you regain your identity. Cons You will incur a recurring cost. Most companies charge anywhere from $10-$30 per month, or even more depending on the package you choose. There are many terms and conditions involved. Read the fine print very carefully to ensure that you are not being sold hot air You are not exactly protected from everything or every form of identity theft What you need to know is that identity theft monitoring services on their own cannot shield you from everything. No matter how comprehensive the coverage you choose, some instances call for your own vigilance. What they can do, however, is give you a head start when it comes to being aware of suspicious activity. These alerts go a long way in protecting your identity. Although there are no guarantees, getting identity theft protection and monitoring is one way to be vigilant about your identity — a rather comprehensive and sophisticated way.
This is part three of our holiday shopping security article series Part one and part two of this article series pointed out that holiday shoppers who fail to secure their personal information are often easy targets for identity thieves. Unfortunately, most people don't even realize they are victims until it's too late as criminals can do significant damage very quickly when they get their hands on sensitive data and information. We asked the experts to discuss the signs of compromised data and identity, what holiday shoppers should do once they know these signs, and what they can do to protect their identities. Signs of compromised data and identity Dr. William Rials, Associate Director and Professor of Applied Computing and Technology at Tulane University School of Professional Advancement "One of the best and immediate signs is unknown charges or withdrawals that you did not make showing up on your statement. During the holiday season, it is essential to keep a close look at all of your financial statements. Don’t wait until the end of the month to reconcile your accounts during the financial season. The more often you monitor and verify all charges and withdrawals the better chance you have at stopping identity theft. Also, check your credit report for any suspicious accounts that have been recently opened without your knowledge." Rials said that "the first step is to immediately change all passwords for all internet sites including email accounts, retail store websites, and especially financial institutions such as your credit card and online banking websites." He also suggests you do the following actions if you find out that your identity has been compromised: Visit identitytheft.gov to report your identity theft to the Federal Trade Commission and get a recovery plan in action. Contact the businesses where you know the fraud has occurred. Attempt to contact the fraud department at the retailer. Contact your banks, credit card companies, and other financial institutions. Contact the top credit bureaus and inform them of your fraud alert: Expereian.com/fraudalert: 1-888-397-3742, TransUnion.com/fraud: 1-800-680-7289, Equifax.com/CreditReportAssistance: 1-888-766-0008 "It is recommended to stay vigilant concerning identity theft beyond the holiday season. Invest in a credit monitoring service and identity theft insurance." Steve Weisman, Scam, Identity Theft Expert, and Owner of Scamicide.com "Indications that you have become a victim of identity theft during the holiday season include charges you didn't make turning up in your bill which is a reason that you should regularly check your credit card statement online rather than wait for a monthly bill to be sent to you. The earlier you become aware of a problem, the easier it is to fix it." Steven Hausman, President of Hausman Technology Presentations "There are many potential signs that your identity might have been compromised, including the following: When you check your credit card bill at the end of the month (and you must check your bill in detail each month) some charges might show up that you did not make. You do not receive bills that you would ordinarily expect to receive. This might mean that a thief has taken over your billing address. You might be rejected for credit. You might receive mail from the Internal Revenue Service because someone requested documentation online from the IRS but was unable to get it because of their security protocol. In that case, the IRS might send it to your address of record by mail. In addition, it is possible that your electronically-filed tax return is rejected. The latter circumstance might be due to the fact that a criminal has already filed a fraudulent tax return in your name in the hopes of obtaining a refund. Similarly, you might receive a tax refund that you did not request because the fraudulent refund request was mailed to your address of record by the IRS. If you have an employer and someone had stolen your Social Security number they may attempt to file for unemployment benefits in your name. In such a case your current employer may notify you that this has occurred. You may see sudden large changes in your credit score. While some people think this is a good thing, it may be that criminals are trying to open credit card accounts in your name. There may be a number of small charges on your credit card statement for a few dollars each. This may because criminals are testing to see if the credit card number that has stolen from you is still valid and active." Doug Brennan, Manager of the Digital Addicts Blog "If you notice any suspicious charges on your bank account, this could be a sign that your identity (and/or credit card information) has been stolen. While this can happen to anyone at any time, the holiday season is an especially vulnerable time. So, keep an eye on your bank account this holiday season, and if you notice any suspicious charges, don’t hesitate to report them to your bank." The bottom line Overall, identity theft and other cybercrime can be difficult to notice right away and recover from. Identity thieves and cyber criminals are continually trying new tactics to get their hands on your identity and other important personal information. Once they get what they want, they can ruin your life in a matter of minutes. This holiday shopping season, you might want to consider doing research on where you are going to shop, who you plan to give your information to, what payment methods you will be using, and what precautions you are going to take to avoid having your identity stolen. After all, it only takes the purchase of a single holiday gift to compromise your identity and ruin your holiday cheer.
This is part two of our holiday shopping security article series The holidays are just around the corner which means hundreds of thousands of people are starting to check off their holiday shopping lists. As mentioned in part one of this series, the sheer amount of easy-target holiday shoppers tend to draw out ruthless identity thieves and cyber criminals. To help holiday shoppers arm themselves against cyber- and identity-related threats, we asked some experts to provide advice regarding holiday shopping security. In-store shopping Dr. William Rials, Associate Director and Professor of Applied Computing and Technology at Tulane University School of Professional Advancement "Avoid connecting to the store’s public Wi-Fi. During busy holiday criminals will use public Wi-Fi to scan potential victims. Also, many criminals will deploy fake Wi-Fi hotspots that offer free internet but are actually used to steal your personal information. It is challenging to spot the malicious Wi-Fi hotspots; use your cellular internet if you are not in a trusted and secure Wi-Fi zone. Standard safety measures for in-store also apply for online shopping. The best recommendation is to use retailers that are well-known and have a positive reputation. Take a minute to view their website and make sure that they have actual contact information listed. Avoid paying for merchandise by credit/debit cards when shopping at the unknown pop-up retailers that only show up during the holiday season; try paying cash instead. Avoid the temptation to save X% on your purchase if you apply for their store-specific credit card that day only. If the credit decision has to be made in haste or quickly, it could be to gain access to your personal information, especially from an unknown retailer." Tom Kelly, President and CEO of ID Experts "When braving the stores for holiday deals, it's important shoppers hide their pin numbers from view and, if possible, use a credit card or cash to be extra cautious. Missing mail, inaccurate notices of debts, and bounced checks are all signs of identity theft. Identity protection services like MyIDCare are an essential tool to combat scams because they notify members the instant suspicious activity occurs on their accounts that could suggest their identity has been stolen." Steve Weisman, Scam, Identity Theft Expert, and Owner of Scamicide.com "When shopping in a brick and mortar store, try to go to stores that use the more secure chip credit cards rather than those that still use the magnetic stripe. The chip cards are much more secure. Shopping in stores that still use the magnetic stripe credit cards leaves you in danger of a rogue employee taking your credit card and swiping it through a small skimmer to steal the information from your card to use for their own purchases. Keep your card in sight whenever you make a purchase to avoid this problem." Victor Congionti, CEO of Proven Data "When shopping in-store, thieves use skimmer technology to steal your credit card numbers via the transaction terminal. Inspect where you are inserting your card and make sure there is nothing suspicious about the device." Steven Hausman, President of Hausman Technology Presentations "When shopping in a brick and mortar store, then it is advisable to never let your credit card be out of your sight and your physical possession. Swipe the card yourself or use one of the contactless payment methods like Samsung Pay, Apple Pay, Google Pay, Fitbit Pay, and the like. This means that you will not even have to take your credit card out of your wallet since you will be using your smartphone for payment. Use cash or credit to shop instead of debit. Credit cards provide protection against fraud by legislation. If someone steals your debit card number they can obtain cash immediately from your bank account, and there is not the same level of protection against fraud. Resist the temptation to open a new credit card account at a retailer simply to obtain a discount on a purchase because you may be asked to provide a Social Security number that can be copied down by the sales associate and used to steal your identity. Check where you’re being asked to insert your credit card since a 'skimmer' may be attached that would steal your credit card and PIN information."
This is part one of our holiday shopping security series It's the time of year when people start making both online and in-store purchases for their loved ones. When holiday deals appear, most people enjoy indulging the spirit of giving. Unfortunately, many identity thieves and cybercriminals don't feel the same spirit and often target holiday shoppers. search Highlight: Poll results show the importance of security According to a recent poll conducted by Branded Research, 7 out of 10 U.S. consumers said that identity theft protection and cybersecurity are important to them when they do online holiday shopping. Director of Insights at Branded Research, Kristen Miles, explained that "women are slightly more likely than men to say that identity theft protection and cybersecurity are very important to them when online holiday shopping. And older consumers over the age of 45 are more likely than consumers under the age of 44 to say that identity theft protection and cybersecurity are important to them when online holiday shopping." The real tragedy is that there are still many holiday shoppers who fail to take the precautions to keep their identities safe, which, unfortunately, makes them easy targets. You may be pleased with how much you save on holiday gifts, but you may not even realize just how much you've sacrificed when it comes to personal security. Although online shopping may be safer this year in regards to your health, it could be riskier for your identity and personal information. As our gift to you, we worked with a few identity theft and cybersecurity experts and created a list of security tips that can help you stay safe online this holiday shopping season. We’ll discuss the following: What to do before you shop What to do while you shop online What to do after you shop online Online Shopping Security Checklist Download and use the online shopping security checklist above to make sure you shop safely this holiday season! Download Now It’s no surprise that the world continues to gravitate online for holiday shopping, especially during these pandemic-ridden times. Below are a few preparatory steps you should take before you start your online shopping adventure this holiday season. Make sure your devices are secure When you’re gearing up for your online shopping session, it’s important that you make sure to secure your computer and mobile devices. Dr. William Rials, an Associate Director and Professor of Applied Computing and Technology at Tulane University School of Professional Advancement explains that “using an unpatched computer to shop online is an easy way for cyber criminals to exploit your information.” Rials also strongly advises “to keep the operating system, software, and apps updated and patched on all of your computers and mobile devices that you use with retailers.” When it comes to additional protection, Rials suggests that you purchase and use up-to-date antivirus software. Although you might not like the idea of buying extra protective software, it can act as a strong defensive system against innumerable cyber criminals who prey on holiday shoppers. Do not use public Wi-Fi or computers If you are thinking about making your online holiday purchases while using public Wi-Fi or a public computer, you might want to think again. Rials warns to “not use public computers or public wireless internet access for your online shopping.” He explains that “public computers and public wireless networks are not safe (because) they may contain malware and viruses.” When it comes to making financial purchases online, using your own personal devices and making sure your Wi-Fi connection is secure can make all the difference in your fight against identity theft, scams, and online fraud. Determine your payment method It’s important that you determine which payment method you will use before you start buying fun holiday gifts and trinkets online. Why? It’s an added security step. A data breach can occur regardless of what website you use. Basically, the payment method you choose for your online holiday shopping could help prevent your financial information from being compromised and misused. Rials advises consumers to use a credit card instead of a debit card when making purchases online. He says “your safety is increased when you shop online and in-store by using a credit card rather than a debit card.” He explains that “debit cards do not have the same consumer protections as credit cards. Credit cards are protected by the Fair Credit Billing Act and may limit your liability if your information was stolen or misused.” If you are planning on using the credit card payment method, you may want to consider using one credit card for all of your purchases. After all, if that one credit card gets compromised, it will be easier to spot on one credit card statement and easier to handle, since it won’t affect all of your other accounts. If you don’t have a credit card or don’t want to use a credit card to make online holiday purchases, there are some other options out there. Doug Brennan, manager of the Digital Addicts blog, a publication that focuses on technology and security, advises consumers to consider using a third-party payment service instead of using traditional payment methods. He says that “many popular online stores allow you to pay via Paypal or Apple Pay, both of which are great alternatives to entering your credit card information. And with all the data breaches that have happened over the past few years, you can never be too safe with your sensitive information." Learn about scams and trends "Online holiday shoppers have to be more careful than ever to protect themselves from cyber attacks. Shoppers must be wary of unusual requests for payment when shopping during the holidays,” explains Tom Kelly, President and CEO of ID Experts, a well-known consumer privacy platform. Countless scams can occur online from sale scams to fraudulent websites, and more new scams keep popping up. It can be difficult to keep track of scams, but not impossible. To stay up-to-date on the latest scams, you can utilize news sites, check the social media updates from well-known scam and identity theft experts, and visit resource websites like the Identity Theft Resource Center. Kelly warns that “Black Friday and Cyber Monday scams often try to lure shoppers to look-alike retail websites and then trick them into entering private information or downloading malware onto their computer.” Clearly, it’s important that you know what scams are out there and that you know what to do to make sure the websites you want to shop from are safe. Check out the next step to see how you can identify the legitimacy of a website before it’s too late. Check website legitimacy When online shopping, it can be easy to be catfished by websites, especially if you don’t know what to look for. Victor Congionti, CEO of Proven Data, a global IT services company says that it’s important to "...always be on the lookout for fraudulent websites that are designed to imitate a major retailer website.” He explains that “these counterfeit websites are created by bad actors and hackers to trick people into 'shopping' on their website. Digital thieves then use your login credentials or credit card information to make other purchases or compromise your identity further.” So, what can online shoppers like you do to make sure the website you are shopping on is legitimate? Congionti suggests following these steps: Check the URL on the website page to see if it has an official security tag (HTTPS). An HTTPS tag is a sign that the website uses high-grade encryption. Check the details on the website. Focus on the images, logos, language, and text. If something seems off, do not use that website. In addition to Cognionti’s steps, you can also try looking at the company’s social media presence and read reviews to verify legitimacy. Steve Weisman, Scam and Identity Theft Expert, suggests that you use websites that you are familiar with, especially if you are making large purchases. After all, using websites that you have used more than once in the past may not eliminate the chance of scams or fraud, but it can reduce your risk of falling victim to a fake website scam. He adds that you shouldn’t “trust a website to be legitimate merely because it turns up high in a search engine search. Sophisticated scammers are adept at manipulating the algorithms used by search engines to rank websites to place their phony websites high in a search engine search." Now that you know what steps to take to prep yourself for online shopping, it’s time to know what to do as you look for the perfect gift. Below are a few steps you should take while you shop online this holiday season. Avoid clicking on Pop-Ups If you’ve ever shopped online, you probably have noticed that many websites have advertisement pop-up windows that catch your attention. Although they may look harmless, some pop-ups are scam-driven which is why Rials advises to not click on pop-ups, even if they are advertising attractive holiday sales. He explains “when a window pops up promising you cash or gift cards for answering a question or taking a survey or even offering a great deal, these could be social engineering attempts designed to convince you to open malware or click on a malicious link.” He adds that “often, it is challenging to close these windows with your mouse because criminals will disguise the close button 'X' to appear normal, but it is actually a malicious link containing malware software code with nefarious intent.” report_problem Attention: Although it is best to avoid pop-up windows altogether, there are chances that you might end up clicking on one. To close a pop-up window, you can try the following steps: Press Control + F4 (for a Windows computer). Press Command + W (for a Mac). Avoid using auto-save options Auto-saving passwords and other personal information can be tempting, especially if you know you’re going to return to a website more than a few times. Unfortunately, auto-saving can be risky. Rials explains that “the convenience of not having to reenter the information is insignificant compared to the significant amount of time you’ll spend trying to repair the loss of your stolen personal information.” It may be a pain to manually enter your information every time you want to make an online purchase, but it might save you plenty of headache and frustration down the road. When it comes to passwords, you can consider using a secure password management service like Lastpass. Generally, password managers are more secure than auto-save options. Even if you do use a password manager, you should still create strong passwords. Password managers may be more secure than auto-save options, but creating strong passwords and password habits adds an extra layer of security. Use strong passwords To create strong passwords, Rials says to follow these steps: Always use more than 10 total characters Use upper case letters, lower case letters, numbers, and special characters Establish a strong password for each online shopping account Use a password manager like LastPass, Dashlane, KeePass, 1Password, KeePass, EnPass, or others He emphasizes to “avoid the temptation of using the same password at every online store. It may be convenient, but your online safety vastly increases when you use a separate and unique password for each account.” Rials explains that “if one online store experiences a cybersecurity breach in which your password is compromised, using the same password between accounts from different online stores makes it quick and easy for criminals to exploit you and your information. Echoing Rials, like auto-save options, reusing your password might be more convenient, but it can lead to a long line of security issues and complications. Read also: Family Security Audit: How to Secure Your Passwords and 10 Expert Tips to Help You with Password Management As you finish making your online purchases, it’s important to remember that all of the steps listed above cannot guarantee the protection of your identity and personal information online. Listed below are a few steps you can take that can help you stay on top of your online security after you finish your holiday shopping. Save receipts and vendor emails Many online websites send receipts and email updates once a purchase has been made. It’s important to keep these emails and receipts in case of the event that the website you purchased from is involved in fraudulent activity that affects you later on. Keeping a record of the receipt and emails can help with an investigation if a scam or fraud situation occurs. So, before you clear out your inbox, you may want to think twice about deleting emails from your latest online shopping spree. Check your credit card statements If you used a credit card to pay for your online purchases, it’s important that you keep a close eye on your credit card statements after you use the card. When you regularly check your credit card statements, you’ll be able to see if there are any purchases that show up that you know you didn’t make. Jonathan Gossels, President of SystemExperts™ Corporation, an IT compliance and cybersecurity consulting services provider, agrees with Rials’ earlier statement that using one credit card can make it “much easier to recognize any fraudulent charges”. He explains that using one credit card makes things less complicated because you only have to check the credit card statement for the one card you used. Be ready to report theft If you do start noticing that your information has been stolen, it’s important that you take action and report the theft immediately. report_problem Attention: There are a few ways you can report an identity theft crime. To report identity theft, you can: Visit the official IdentityTheft.gov website and fill out a form that describes your theft situation. Call 1-877-438-4338 and explain the theft. If the theft involves your credit card, make sure to also contact your credit card provider and let them know. Additionally, you may want to consider adding a credit/security freeze to your credit report. Additional Protection When it comes to identity theft, you can never be too careful. Shopping online is risky, especially if you aren’t aware of common online scams and other threats. Although following the steps above can help you avoid becoming a victim, they can’t guarantee your safety. That’s why it can be a good idea to hire a professional identity theft protection service like NortonLifeLock, Complete ID, or IdentityIQ. Although identity theft protection services may cost you some money each month, the security you can receive from these services can save you from a massive headache of a situation as well as hundreds to thousands of dollars. Additional Identity Theft Protection Check out top-rated identity theft protection services and see what each has to offer here. Learn More
Newegg, a computer hardware and electronics retailer, has been the victim of a mass data breach. Security firms RiskIQ and Volexity conducted an investigation regarding the breach and released their reports and findings on Sept. 19, 2018. According to the security firms, the Newegg data breach was most likely performed by Magecart group, the same group that conducted the Ticketmaster data breach and possibly the same group that was behind the recent British Airways security hack. Security research shows that Newegg was breached from Aug. 14 to Sept. 18 of 2018. During the time that the breach took place, hackers had "injected 15 lines of card skimming code on the online retailer's payments page," according to TechCrunch. Newegg has a significantly large customer base with over 50 million monthly site visitors. Due to its mass customer base and business value, it's no wonder why the company was targeted by cybercriminals. Unfortunately, customers who have provided credit card information to the company in the past are now at risk. It is currently unknown as to how much information the hackers were able to obtain or how much customer credit card information has been stolen. According to The Verge, Newegg CEO Danny Lee sent out an email to all Newegg customers explaining the company's data breach, as well as how the company is investigating what happened and working on recovery solutions. The email stated that Newegg will be alerting customers who have been affected by the breach in coming days. It also noted that the company will publish an official FAQ regarding the data breach on Friday, Sept. 21, and will make sure all customers receive a link to that FAQ. Customers who have provided credit card information to the company are being encouraged to contact their banks and be on the lookout for more company information. Although falling victim to a data breach can sometimes be out of your control, it's important to do all you can to focus on your personal security to best avoid becoming a target of identity theft or another cybercrime. Consider looking into professional identity theft protection services, obtaining antivirus and other protective software for your personal devices, and doing your own research to determine what security practices you should be focusing on.
Businesses and employees are often major targets of identity theft and cybercrime. And there are three reasons why. When it comes to cybercrime, businesses are easy targets. They typically hold a massive amount of both employee and consumer data as well as banking and partner information. If a hacker can breach a company's system and can get their hands on the data the company is storing, then they have the potential to not only put the company out of business, but also cause major damage. A good amount of damage can also come from business identity theft. According to businessidtheft.org, "...business identity theft involves the actual impersonation of the business itself. It can occur through the theft or misuse of key business identifiers and credentials, manipulation or falsification of business filings and records, and other related criminal activities intended to derive illicit gain to the detriment of the victimized business; and, to defraud creditors and suppliers, financial institutions, the business' owners and officers, unsuspecting consumers, and even the government." Lastly, business employees are regular targets of identity theft because they often lack security training, have personal information to steal, and they often know company passwords and other vital company information that can also be stolen. Cyber criminals and identity theft criminals can target employees via email, websites, and even phone calls. So, what should you do to protect both your identity and the company's identity while working? We asked a few identity theft and cybersecurity experts to give some tips. Here's what they said. Keep an eye on emails "Be mindful of calls, emails, or texts asking details about your workplace, or your personal life. Some try to fake HR divisions of employers or management companies such as ADP payroll or WageWorks for other benefits; always ensure the numbers and email correspondences match the official website and have 'https' as the URL prefix." — Dennis Chow, CISO of SCIS Security "Phishing and the more specifically tailored spear phishing are the most common ways that malware that can lead to identity theft is downloaded. Learning to recognize spear phishing emails, using security software intended to screen out phishing emails (although the software is far from perfect) and refraining from clicking on any links unless they have been confirmed to be legitimate are crucial steps in protecting yourself from identity theft. In addition, people should consider limiting the personal information that they make available through social media which can provide information to be used to fashion spear phishing emails." — Steve Weisman, Identity Theft and Scam Expert "Report any suspicious emails to your company's IT or Cybersecurity team. The team will be able to confirm the phishing attempt and prevent any additional attempts from that email." — Cameron Williams, Co-founder and CTO of OverWatchID Don't skip out on training "Get security training. Often, employers provide education about security vulnerabilities, like e-mail phishing, ransomware programs, and social engineering." — Mike Brengs, Managing Partner of Optimal IdM "Staff should be trained on identifying and disposing of phishing emails. Never click on links or attachments in unsolicited emails, always double check the sender's email address — not just their display name — and never give anyone private information over email." — Paul Bischoff, Privacy Advocate at Comparitech.com Be careful when giving out information "Use secure methods of communication when having to transmit sensitive or confidential details to your workplace office such as encrypting your documents with a password, and then giving the password over a separate medium such as text or phone (do not use passwords that you use for yourself)." — Dennis Chow "Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information. Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email. Don't send sensitive information over the Internet before checking a website's security." — Mike Brengs “The first step is to know your rights as an employee. Depending on where you live, you may be protected from granting your employer access to your social media accounts, for example. Employers are also limited as to what information they can request as part of a background check. Employees in the US are generally protected by law from wiretapping and other communication monitoring while at work without consent." — Paul Bischoff Pay attention to passwords "Create the best passwords that are hacker-proof but easy to remember. Bonus if there's a trick to making a different password for different accounts but a way to remember them all. The best passwords contain at least 12 characters. Mix up the letters, numbers, and symbols as much as possible. For example, consider using a $ instead of an S or a * instead of a vowel. The newest trend in password safety is the use of password phrases. Instead of simply using a word with a mixture of letters, numbers, and symbols, use a relatively long phrase but one you can remember." — Justin Lavelle, Chief Communications Director of BeenVerified "Password Maintenance. By password maintenance, I mean, regularly updating your passwords across your life (accounts, phones, etc.) with a minimum of yearly review. Most users I run across use the same password across all of their portals, which is scary because using the same password now becomes a threat vector to the workplace and can compromise the employer too. Password managers can help with this. As a security professional, I prefer 1Password because I can control the database across my devices and no other entities have access to it, for a one-time/lifetime fee where many password managers have subscriptions etc. I also get asked what is a good best practice/industry standard for passwords and I mention 8-64 character length with complexity and the use of password managers." — Derek Iannelli-Smith, vCIO and Founder of Outsourced CIO, LLC Be smart with security questions "Use nonsensical answers for security questions. Common security questions have answers that can be readily found online by a determined identity thief; however, there is no rule that requires you to use your mother's actual maiden name as the answer to the security question as to what is your mother's maiden name. Instead, you can use something nonsensical like 'firetruck' which is silly enough to remember and will never be found by an identity thief." — Steve Weisman "If you’re answering security questions on a website, social media account, etc.—never simply answer a question with one word that can be easily hacked. If you’re asked for the name of your first pet and the pet’s name is 'Ben', instead of simply typing 'Ben,' make it harder to crack by using 'B*n#1.' This would take a tremendous effort for decoding." — Justin Lavelle Get the right protection "Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. Take advantage of any anti-phishing features offered by your email client and web browser." — Mike Brengs "Whatever cloud service you are using, enable threat protection. Because I am an Office 365 fan, many of the products and feature of the subscription, accommodate 2FA, Password maintenance, and policies that can be pushed down an organization based upon industry standard templates (PHI, PII, PCI DSS, HIPAA, GDPR, etc.). These policies can be pushed throughout the entire ecosystem (OneDrive, Email, Azure, etc.)." — Derek Iannelli-Smith "Install a good firewall and anti-virus software, enforce a strong password policy and limits on who has access to your systems." — Justin Lavelle "Use ad blockers to prevent malware from being downloaded merely by employees going to infected sites." — Steve Weisman Key Takeaways: Protect your identity in the workplace with these steps • Keep an eye on emails • Don't skip out on training • Be careful when giving out information • Pay attention to passwords • Be smart with security questions • Get the right protection Regardless of where you work, you should always strive to secure both your information and your employer's information. Identify theft is an advancing crime and continues to be a major threat to employees and businesses alike. It's highly recommended that you follow the tips above and do your own research on avoiding identity theft in and out of the workplace.
Identity theft is an ever-growing threat that has sparked worry around the world. From individuals to businesses and organizations, identity theft has affected more people than you'd probably imagine. Although you cannot keep identity theft from ruining people's lives, you can lessen the chances of you and your loved ones becoming identity theft victims by doing your research, keeping up with data breach and identity theft trends, and taking the proper precautions. How much do you know about identity theft? Take the quiz below to find out: Powered by
This is part two of a two-part cybersecurity series. As mentioned in part one of this two-part series, ethical hacking involves people who are legally hired to hack into data systems in order to expose the system's weak points. These weak areas can then be strengthened. Overall, organizations, with the help of professional ethical hackers, can bolster their system security to prevent their systems from being maliciously hacked. Dave Howard, otherwise known as "Dave The IT Guy," has been a certified ethical hacker since 2009 and is the weekly host of the iHeartRadio app podcast "Bring Your Own Security." Regarding the definition of ethical hacking, Howard said it's important to keep the word "ethical" in mind. "Many folks hear the word hack and instantly think bad guys, or criminals, or some government agency. Ethical hacking is when a person who has the same technical knowledge and skills as the bad guys uses those capabilities to help organizations see their shortcomings and how to fix them, again from the hacker's point of view," Howard said. Howard's journey to becoming an ethical hacker began when he was working in his first IT-related position. "I started in the IT field almost 20 years ago as a basic break/fix tech. Printers, keyboards, monitors, anything that could break, did. As I would spend nights or weekends reading about topics and trying things out on my own, the security field really became an interest. I studied for various certifications because, back then, that's how you could prove that you knew how to do the things you said you could do," Howard explained. Howard said he discovered he had an interest in tech security and worked hard to learn as much as he could with the limited time he had. "For about two years, I taught myself some basic and intermediate level hacking skills and practiced them against computers I owned, or my company's computer systems (with permission, of course)," Howard said. "During this time, I was still working a regular 40-50 work week doing things like building servers, installing wireless systems, installing routers and switched, all trying to be a well-rounded IT person with a very wide breadth of knowledge and hands-on experience. I was also a husband and father, so for someone to just say 'I want to be an ethical hacker' requires you to stay up late while the family is sleeping, getting only 3-5 hours of sleep before work, just to find the time to learn and hone your skills." Howard got the chance to hone those skills in 2009 when the company he was working for decided to send him, and four other employees, to a two-week "Hacking School" program to help them learn more advanced hacking techniques. Howard explained that after he returned from hacking school, "a new division of our company was formed to sell PenTests (Penetration Testing) to clients and I was one of the five that would go and do the work. Sometimes it took only one of us, sometimes it took all five of us. There were a few times the PenTests were more than three months in length, having us really dig deep and look for all the ways a hacker could steal data or damage systems." Since then, Howard has continued down the ethical hacking path. Regarding what he thinks the general public should know about ethical hackers, he said "ethical hackers are exactly who you want working in your company or at least advising the IT staff in your company. We WANT to be the good guys and we want to be able to stop the governments, the criminal organizations, the stalkers, and anyone else that uses the internet and illegal methods to stalk someone, steal their identity, or their company's way to make money." He explained that there are many cyber threats that people should be aware of. After all, identity theft and other cybercrime can affect anyone and shouldn't be underestimated. "In today's world, email with links and attachments, social media messaging, and postings and even text messages coming to your phone are the most likely culprits to getting your data, money, or identity," Howard said. "The bigger threats like an Equifax hack is simply something you cannot control. If a company has your data and they don't secure it properly, nothing you do will prevent that theft." Howard provided a painful, personal example: "My wife's computer was hacked about five years ago. She got an email from her sister (which was fake) and she clicked the picture that was sent. Several days later, a visit to the local branch of our bank informed us how we went from more than $7K cash to about $300 cash in a matter of hours. We found that the hackers had gained physical access to her hard drive and she had created a document that had all of her passwords that she could never remember. They found that document went to our bank's website and, logging in as her, initiated several overseas wire transfers to bank accounts that were closed as soon as the money arrived and was withdrawn. It was a very painful process to go through the bank's investigation to ensure WE were not trying to commit a fraud to keep our money and get theirs too. Also, back then, the local and regional law enforcement entities were still very new to cybercrime and really didn't have any resources or knowledge on how to help with something like this. A report was filed, questions asked and answered then thankfully through the FDIC and other entities our money was refunded to us. But that was a seven-month process that left a virtual scar." To avoid becoming a victim of a cybercrime like he and his wife were, Howard advised that you "keep one email account that you NEVER promote/give out to the everyday person, etc. Use it ONLY to sign up for secure things like bank accounts, 401K, insurance, and any other private, financial place that you may need to login to. Don't give it to anyone else, so the likelihood of getting a fake email to that account is far less." He also suggests that you "get a prepaid debit card from any number of sources and put money on it. When you shop (online or in a store and swipe it through) if it gets compromised (like the HomeDepot hack a few years ago), the only money you can possibly lose is what is on the card at that moment. If someone happens to get it while online, again, you can only lose a small amount." Howard said it is important to "educate yourself on how to read a domain name. There are MANY ways to very easily trick someone into thinking they're going to the correct website. If you understand how domain names (URL's) work, you'll know within 10 seconds if you are going to a scam website or not." He added, "don't post private info such as address, phone number, kids' names, etc., on a public forum. Even a Facebook page that you think is private to you and your friends has been proven recently to truly NOT be private. If you must send that type of info, there are free methods to encrypt the info via text, or at least post it online in a way the automated data-stealing programs won't get your information." It all boils down to how cautious people are in their daily habits and interactions, Howard explained. "I think, in the end, that people cannot have the attitude or way of thinking that included 'Well, I can't stop it, so why try?' Or they might think 'I'll never shop online or do banking, so I'm safe.' Both of these assumptions are wrong. With technology the way it is today, we have to be diligent about how we do things (see the advice given previously). But if you don't shop online and write a check at the store or mail it in to the utility company, the exact same info on that check (you name, address, routing number, and account number) is more than enough info to steal your identity or initiate a wire transfer by someone who knows their way through and around banking rules," Howard said. "Simply putting your head in the sand and thinking 'I don't know anything about computers' isn't good enough anymore. You must get educated on these topics, or have someone around you that you trust to monitor these sorts of things for you."