Topics:Internet Security Identity Theft 101 Data Breach News Business Security Tax Identity Theft Medical Identity Theft Scams
Each year, millions of people fall victim to at least one form of identity theft. Although identity theft is a widely-known crime, there are still many who fail to think of themselves as being at risk. However, identity theft criminals are known to target everyone, from children to the elderly. Taking security precautions is always a good idea, but there's only so much you can do on your own to fight against identity theft. That's where professionals come in. The best identity theft protection companies provide 24/7 monitoring, immediate alert notifications, and will help with identity theft recovery. Hiring the help of a professional identity theft company may be the best option to avoid becoming an identity theft victim. Take this quiz to find out whether or not you truly need identity theft protection.
Designing a secure and unique password for everything you do online can be difficult, especially when you are making a password for a site you’ll never use again. Although making a password with your dog’s middle name and your second cousin’s birthday may not seem important, it can save you from being hacked daily. According to a 2019 Forbes article, the top five most common passwords are "123456," "123456789," "qwerty," "password," and "111111." It’s not rare to see millions of passwords get hacked each year due to weak passwords. Here are some tips to help you increase your password security and help others do the same: Avoid using the obvious Using obvious passwords such as "123456" is not going to provide any sense of online security. When creating a password, even for a site you don’t care about, use words and numbers that are not commonly used by everyone else, like a pet’s name, an inside joke, or a keyword from a favorite memory. Any number that has significance to you, like the day you got your first bike or the date of your first kiss, would work well in a password. Make every password longer Passwords are designed to be difficult for hackers to break, so having a longer, more complex password will give you a better chance of staying out of their reach. According to an article on theguardian.com, passwords should be created with 12-14 base minimum characters. The more characters there are, the more password options hackers are faced with. Many people don’t have long enough passwords, simply because they are harder to remember. An easier way to remember passwords, according to the Guardian article, is to use a long phrase as a password instead of having an all number-based password. Switch it up An important part of creating a strong password is to switch up capitalization, the numbers you use, punctuation, and spelling. Like character length, this will give hackers more options to work with, thus taking more time and energy for them to hack the password. Remember it yourself Although it may be difficult to remember passwords, relying on yourself, rather than a program or app, is the best way to go. Many people choose to have their browser remember their passwords for them, but this makes your password easier to obtain by not just you, but others as well. Remember not to openly share your passwords with anyone. According to a cnbc.com article, approximately 31 percent of today’s millennials are likely to share their passwords with other people. And it’s not just millennials who aren’t practicing password security; the very same cnbc.com article states that 58 percent of the baby boomer generation are struggling with creating strong passwords as well. It’s not one and done Many people create one password and use it for multiple sites. In general, people should use different passwords for each website they use. That's a lot of passwords to remember, which is why there are many helpful password manager tools available if you simply cannot keep track of them all on your own. Although you may want to make things easier on yourself by using one password for everything, you will make it easier for hackers to get that password as well. Identity theft is one of the most common crimes committed each year. Creating secure passwords is just one thing you can do to protect yourself. For even more security and hacker protection, consider using an identity theft company or service designed to stop hackers and attackers before they get to you. To help you decide what identity theft service to choose, a ranked and reviewed list of the best identity theft companies available can be found on bestcompany.com. Creating strong passwords and learning how to protect your information is the best way to stop cybercriminals.
As technology continues to advance, so does cyber crime. And as more technology is available to the public, there is a greater output of data, which ultimately leads to more opportunities for security breaches. What Security Specialists Are Doing Because technology is growing so quickly, predicting future online threats and breaches is quite difficult; however, according to techrepublic.com, professional security specialists employ methods like “scenario planning” in the cyber security workforce. Scenario planning produces various possible cyber threat scenarios that are much more advanced than simple predictions. Cyber Security professionals are constantly developing new skills and methods like scenario planning to defeat online security threats. However, with constant technological developments, it has proven difficult to stay ahead of cyber security threats. What the Government Is Doing According to securityintelligence.com, the government has instituted specific regulations to protect outgoing data in both the public and private sector. Although the government’s efforts help, there is still a growing demand for online protection. For this very reason, the future of cyber security partially rests in the hands of the public. What the Public Should Be Doing The reality of cyber attacks has motivated many large businesses and organizations to prepare themselves for online breaches and hacks. However, the general public doesn’t seem as driven. Despite an influx of security products, like antivirus and anti-malware software (available to businesses as well as individuals), many people still don't understand the importance of cyber security. A forbes.com article explains that practicing proper “cyber security hygiene” should become a habit for everyone who uses technology. The article proposes that people need to become aware of phishing threats with data/email and use strong, original passwords. Even if you don't invest in cyber security software, you can still mitigate your risk for cyber attack by avoiding the over sharing of personal information, being aware of recent cyber breaches, and being cautious when making online purchases. These habits may seem paranoid to some, but it is important to understand that cyber threats are common, vicious, and often leave victims behind feeling confused and overwhelmed. You can avoid becoming a victim by preparing for security threats, specifically identity theft. Check out this detailed list of ranked and reviewed identity theft companies on bestcompany.com.
On September 8th, 2014, Home Depot announced that its customers' debit and credit card information had been compromised during a data breach. Customers who had used the self-checkout systems from April through August of that year were victims of this breach. In the announcement, Home Depot apologized for the breach, offered identity theft and credit monitoring services to affected customers, and promised that their Incident Response Team was doing its best to limit the damage of the breach. Approximately 56 million credit and debit card information was stolen along with 53 million email addresses. At the time, Home Depot's data breach was the largest with the most known data stolen. It would later be found that Yahoo!'s 2013 data breach was even larger, affecting more than 1 billion accounts. The Cost Recently, it was estimated that the total expenses of this data breach has cost Home Depot $263 million and expenses are still piling up in settlements from individuals and card issuers: extra customer service legal costs credit monitoring identity theft protection investigation expenses settlements fines card re-issuances How It Happened Much like the Target data breach, Home Depot's data breach occurred through the point of sale (POS) systems. According to an in-depth case study, the hackers were able to steal a third-party vendor's credentials and used this as a way to enter the system. The hackers were then able to use the zero-day vulnerability in Windows to pivot directly into the Home Depot corporate network. Once inside the network, the hackers were able to install a custom memory scraping malware. Memory scraping malware is able to scan the POS systems to collect all sensitive data that is entered in. For example, when you swipe your payment card, the malware will collect all of your card information to later be gathered by the hackers. This malware was installed on over 7,500 self-checkout POS terminals, evading antivirus software and remaining undetected for months. The gathered credit and debit card information was sold, and the emails gathered were used in phishing campaigns. How It Was Discovered The Home Depot data breach was not discovered by the company itself, but through multiple banks that found tens of thousands of their customers' cards had shown up for sale on an underground cybercrime shop. It is believed that the same group of Russian and Ukrainian hackers who were responsible for the Target data breach are also responsible for Home Depot's data breach. According to Krebs, this data breach wasn't just about the money and recognition, but also out of retribution: "In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards “American Sanctions.” Stolen cards issued by European banks that were used in compromised US store locations are being sold under a new batch of cards labeled 'European Sanctions.'" After the banks discovered the cards being sold on the cybercrime shop, they researched and found that all of the cards had recently been used at a Home Depot. The banks notified Home Depot of the possible data breach. Home Depot immediately began a full investigation on September 2, 2014. What Good Came from the Home Depot Data Breach A story about a massive corporate data breach doesn't have an obvious silver lining; however, the Home Depot data breach acted as a wakeup call to individuals and companies across the country. Companies started taking great strides in providing better cybersecurity for their customers' information. Chip-in-card readers have started to become standard in most major stores as well as other alternative payment methods, like Apple Pay. Individuals have also started taking extra precautions with their personal information by enrolling in identity theft protection programs. If you are one of the millions who have been affected by a data breach, or if you want to protect yourself, check out our top-rated identity theft protection companies. In our next article, we will discuss how chip-in-cards work and other alternative payments and why you should use them.
Identity theft has become increasingly more common in recent years. When people hear the term "identity theft", the image of someone sitting in a dark basement surrounded by computers might come to mind. Unfortunately, the majority of identity theft criminals operate in significantly more subtle circumstances, making them very difficult to locate. Although general identity theft has been occurring for quite some time, a more recent category of identity theft has brought an entirely different level of worry to the public: medical identity theft. What Medical Identity Theft Really Is Medical identity theft is a specific category of identity theft crime that involves the stealing of a name and/or health insurance numbers in order to obtain prescription drugs, use the victim’s insurance provider to file claims, get appointments with doctors, or receive other health-related care. Although medical identity theft has been a major problem in the past few years, it continues to be the form of identity theft that many people still don’t know about. Identity theft and scam expert Rob Douglas explained that "of the many types of identity theft, medical identity theft poses the greatest risk to the physical safety of victims." He also went on to say that "once a medical identity thief fraudulently obtains healthcare in your name, and that treatment becomes part of your electronic healthcare record, your healthcare may be placed in jeopardy. After all, your medical history, current, and future diagnoses, and treatment could be compromised because of the treatment the identity thief received." Why the Medical Field Is Targeted There are a few reasons behind why identity theft criminals are focusing in on the medical field: One reason corresponds with the lifespan of the crime itself. Stolen medical data is significantly more difficult to retrieve or cancel than financial data. For example, if a person’s medical records are stolen, the victim cannot simply put a hold on or cancel their medical history like they can with a credit card. Therefore, the identity theft criminal can use/abuse the stolen information for a longer period of time. Another reason why medical identity theft has risen in popularity is due to the medical field’s relatively recent action of switching to digital storage of health information. Medical organizations began digitalization just a few years ago, which ultimately puts the medical field behind in setting up reliable security measures. This lack of digital experience allows the medical field to be an easier target for medical identity theft hackers. The third motivation behind medical identity theft lies with the vast amount of people that can be targeted through medical institutions. Millions of people’s information can be found in medical databases, which makes the medical field a definite target. Basically, the more people seek health care, the more information there is to be stolen. Health care data greatly outnumbers that of financial data. How to Avoid Being the Victim Knowing how to avoid identity theft, in general, can save someone from unnecessary trouble, therefore, understanding what to do in order to avoid medical identity theft can be even more worthwhile as the repercussions of medical identity theft can be more devastating than regular identity theft. Regularly monitor your medical records and know how to look for errors or false information. Be cautious with whom you share your health information. Strive to only give your medical information to trusted medical professionals. Try to refrain from using free, public wifi services. If you do use public wifi, do not access any private information, especially medical data. Be wary of free medical services/treatments as they can be a part of a medical identity theft scam. Contact insurers and providers regarding health care charges and bills that were not received. It’s a good habit to do this even if your insurance covers procedures/medical visits. In addition, Douglas recommends that you "carefully review any letter or document you receive from healthcare providers, facilities, and insurers to be certain the information is accurate and that there are no billings for treatments you didn't receive." He also suggests that you "ask your healthcare providers to not use your Social Security number as your personal identifier on their records." Douglas explained that "by restricting who has your SSN and insurance account numbers, you can lessen the risk of medical identity theft." What to Keep in Mind Medical identity theft is a frightening reality that affects millions of people. Although it may seem impossible to avoid, simply being aware that medical identity theft exists can put you ahead of the game. Catching and reporting medical errors/red flags early on can save you from disastrous consequences. Online resources can also save you from becoming just another name on the long list of medical identity theft victims by helping you locate a reliable identity theft company to monitor your personal information.
Especially in recent years, the term "hacker" has gained a lot of notoriety and tends to refer to the world's greatest technologically-based criminals. Moderns hackers are often labeled as people who intentionally access information/data without authorization through technological means. Identity theft typically comes into play after a hacker obtains the data or information they were targeting. The stolen data is taken to create a fake identity, and then often used for the hacker's own purposes or personal financial gain. Although large corporations and organizations are usually shown as the targets of cyber attacks, they aren't the only ones who should be preparing for security breaches. What the Past Has Shown The rise of identity theft and other cyber-related threats has become fairly obvious as security breaches have affected anywhere from millions to billions of people each year. According to USA Today, the top five largest security breaches include the following: December 2016 Yahoo! breach (affected 1 billion people) September 2016 Yahoo! breach (affected 500 million people) May 2016 MySpace breach (360 million affected) May 2014 eBay breach (145 million affected) September 2017 Equifax breach (affected 143 million people) The Equifax breach, although not as large as some breaches, was one of the most frightening identity theft cases in history. Everything from names to social security numbers to birth dates, addresses, credit card information, and even driver's license numbers were exposed. Although many people were affected, only a few actually knew for sure if they were victims or not. The unknown seemed to haunt many people as they struggled to learn if their accounts were secure or not. All of these past breaches have proven that anyone can become a victim and security should be made a priority. What the Experts Say Identity theft and scam prevention expert, Rob Douglas explained why people should be taking necessary precautions regarding their personal security: "we are all being targeted daily by those who seek to steal our personally identifiable information (PII) or directly steal our money by means of cyber crime. Almost every day, Americans receive an email or a text message or other form of electronic communication (e.g. clicking on a seemingly innocent advertisement on a website that is infected with malvertising) that has the potential to do serious harm if not recognized for the threat contained within the communication." Douglas warned that everyone is susceptible to hackers, which makes the hacker-related threat even more of an unfortunate reality. He explained that "as for hacking as a specific subset of security threats, even with the best virus/malware protection and cybersecurity practices, we are all under constant barrage from those seeking to overcome our defenses. Bottom line: The threats are real and they are never-ending.” What You Can Do Identity theft is a difficult crime to overcome, however there are a few things you can do to enhance your security. Douglas recommends four specific key actions that people can do to lessen their vulnerability to this type of crime: Use the technology you already have "Be sure to use the security technology embedded in your operating systems (be sure those programs are up to date)." Avoid deceptive emails "Never click on links or attachments in emails that you aren't 100 percent certain of who transmitted the email (and even then, steer clear of emails forwarded by friends and family members as they may have been tricked or their account hijacked)." Create unique passwords"Use individual, never-used-before passwords/passphrases for web-based accounts that contain personal, financial, or medical information (this includes all email accounts); use two-factor authentication." Monitor your accounts "Review all critical accounts for signs of fraud on at least a monthly basis." Resources You Can Use Although you can increase your security by performing the previously recommended actions, you are still largely at risk if you lack professional aid. Identity theft companies are often the smart way to go when it comes to protecting your identity. Reliable identity theft companies offer constant monitoring, instant notifications, recovery options, etc. Having this type of service can help you be aware of potential threats and allows you to have a peace of mind when it comes to your identity protection. Finding the right identity theft company may prove difficult, however there are trustworthy online resources that can help you locate the company that best fits your identity protection needs.
Data breaches continue to occur more frequently as time goes on; both corporations and individuals are currently at risk. Although many organizations and individuals claim that their security measures are advanced enough to eliminate the chance of falling victim to cyber crime, in reality, there isn’t a 100 percent possibility of avoidance. Equifax, one of the top three leading credit reporting agencies, announced on September 7, 2017, that it experienced a serious data breach which may have affected 143 million people in the United States. The company also announced that 209,000 consumer credit card numbers were stolen, along with 182,000 credit dispute documents that contained private information. Other data, such as birth dates, names, addresses, and driver’s license numbers were also put at great risk during the breach. Equifax claimed to have discovered the breach on July 29, 2017. Executives decided to sell company shares worth almost $2 million after they discovered the hack and before the breach was announced to the public. Although the executives have stated that they “had no knowledge that an intrusion had occurred” when they sold these shares, their actions have made many wary of the company and has led to a decrease in Equifax stock trading. In order to start recovery efforts, Equifax notified law enforcement of the hack and stated that it will be mailing notices to those who were affected. The company also created a website where consumers can find out if they were victims of the breach. The website requires consumers to enter in their last name and the last six digits of their social security number for identification purposes, which has sparked some worry because companies typically only ask for the last four digits of a social security number. In an effort to make amends, Equifax has offered one year of free identity theft and credit monitoring services to U.S. consumers as a result of the data breach announcement. However, as a top credit reporting firm that stores a significant amount of sensitive information, Equifax is and will continue to be a huge target. Rather than signing up for free services from Equifax, consumers may be better of taking security action into their own hands. BestCompany.com and other online resources are available to aid consumers in finding reliable identity theft companies to combat the increasing threat of identity theft. Keep yourself and your family safe and check out top-rated identity theft protection companies here.
Restaurant chain Wendy's has announced that over 1,000 of its U.S. locations have been hit by a massive cyber attack, compromising credit and debit card data of Wendy's customers. While suspicious activity had been reported as early as the Fall of 2015, officials did not anticipate the hack to have such a widespread impact. They are currently unaware of how many individuals have been affected, though the potentially compromised locations have been identified (click the image below to expand). According to investigators, the source of the breach came in the form of malware that was installed on the point-of-sales systems at select Wendy's locations. Wendy's representatives attribute the malware to a non-disclosed third-party "service provider," but they are not explaining reasons why this third party had remote access to the company's tills. In the meantime, Wendy's has issued a statement apologizing to customers for compromising their data, as well as providing information on how they gain access to free fraud consultation and one year of free identity restoration services through Kroll (ID Shield). Despite the apparent mistakes that led up to one of the largest data hacks of 2016, Wendy's has done well to partner with ID Shield, which holds one of the top spots on BestCompany.com. If you feel your data has been compromised in Wendy's data hack, refer to Wendy's official statement for further instructions. To learn more about what ID Shield can do for you, check out the company review here.
Utah-based essential oils distributor dōTERRA International announced last week in a letter that one of its third-party data hosting servers has been hacked, compromising the personal data and information of customers and wholesale distributors alike. Company representatives believe the intrusion occurred in March 2016, potentially compromising the following private data: Names Social Security numbers Other government-issued identification numbers Payment card information Full or partial card numbers Security codes Expiration dates Dates of birth Postal and email addresses Telephone numbers Usernames and passwords for dōTERRA's online portal The company has not yet identified the exact number of people affected by the data breach, but experts have confirmed that those who were affected primarily reside in the United States and Canada. Customers and distributors who have not received a notice of breach from dōTERRA were not affected by the breach. DōTERRA's Solution While dōTERRA has issued a notice of data breach to each customer and distributor who has potentially been affected by the breach, there is no evidence that the data has been misused in any way. In addition to law enforcement, the State of California Attorney General's office, and the Federal Bureau of Investigation, dōTERRA has teamed up with identity security company AllClear ID to provide up to 24 months of free identity protection services and credit monitoring to its affected clientele. About AllClear ID The letter identifies identity theft protection company AllClear ID as dōTERRA's solution for potential misuse of customer and distributor information. Although AllClear ID is not a top-rated identity theft protection company in terms of comprehensive protection services, the company does rank well among companies with a restoration-focused platform. The company provides lost wallet protection, three-bureau credit monitoring, as well as fraud detection. However, in the event that their data is misused as a direct result of this data breach, dōTERRA customers and associates should expect a lengthy recovery process when working with AllClear ID. Current and former AllClear ID customers have reported to BestCompany.com that the company can be difficult to work with over the phone and via email. For a closer look at how AllClear ID ranks in the industry, click here.
Banks and credit card providers are constantly looking for ways to improve security and prevent fraudulent transactions from taking place on your accounts. So, it should come as no surprise that the tactics used to bypass these measures are undergoing similar advancements. Such is the case with the EMV chip card, credit card companies' latest effort to thwart unauthorized access to your credit and debit card accounts. What Is EMV? EMV stands for Europay, MasterCard, and Visa, the three companies that originally pioneered chip-enabled cards. The EMV standard is considered better than traditional magnetic strip cards because unlike magnetic strips, which contain static information that can easily be traced and copied by scammers, EMV chips contain dynamic information that is different for each transaction. Essentially, the chip prevents scammers from using your information from a point of sale, because once the transaction is complete, the information from the card is already considered obsolete. However, this does not mean that EMV cards are completely foolproof, as scammers have found a new way to work around the added level of security. In order to do so, thieves aren't using new technology, but rather old, tried-and-true phishing techniques that have been working for decades. What Is the Scam? The scam is fairly straightforward: phishers will send you an email claiming to be from your bank or credit card provider. They'll use official looking brand images and language to create a very convincing message that you need to update your personal and banking information before receiving a "new card." Once you click on the link provided, or reply with sensitive information of any kind, it's business as usual for the scammers, and fraudulent transactions are sure to follow. This type of scam is not new; in fact, it was only a few years ago when Bank of America customers began receiving similar phishing emails like the one below: Dear Valued Member, We noticed invalid login attempts into your account online from an unknown IP address . Due to this, we have temporarily suspended your account. We need you to update your account information for your online banking to be re-activated please updated your billing information today by clicking here [link is provided] After a few clicks, just verify the information you entered is correct. Sincerely, BOA Member Services Team P.S. The link in this message will be expire within 24 Hours. You have to update your payment information How Can I Protect Myself? Of course, you should know by now to never open an email from an unknown sender, least of all click on links sent in an unsolicited email. If you do receive any correspondence from someone claiming to be your bank, you can always call the number on the back of your card, or visit your local branch in-person to verify the claims made by the email. Remember, scam artists looking to get passed the EMV standard are relying on human error for their success. Do NOT disclose any information over the Internet, unless you're using a legitimate and secured site.