Millions of Americans Fall Victim to Identity Theft

While online, your personal information is constantly exposed to bad actors. Take actions to protect your identity and prevent the theft of your identity.

A shocking amount of information about you can be found online. From Social Security numbers to bank account numbers to social media profiles, a savvy thief potentially has access to all the data he or she needs to assume and steal your identity.

Identity theft is a serious crime. It happens when someone uses your Social Security number or uses other personal information about you without your permission to open new accounts, make purchases or get tax refunds. They could use your:

  • Name and address
  • Credit card or bank account numbers
  • Social Security number
  • Medical insurance account numbers

Many Americans whose information was compromised did not realize their identity was stolen until years later when they tried to buy a car, file tax returns or purchase a home.

Experts warn that identity thieves can use social engineering to steal your information. Social engineering is the art of manipulating someone to divulge sensitive or confidential information that can be used for fraudulent purposes.

Social engineering can happen everywhere, online and offline. And unlike traditional cyberattacks, whereby cybercriminals are stealthy and want to go unnoticed, social engineers are often communicating with you in plain sight. Consider these common social engineering tactics that one might be right under your nose.

  • Your “friend” sends you a strange message. Social engineers can pose as trusted individuals in your life, including a friend, boss, coworker, even a banking institution, and send you conspicuous messages containing malicious links or downloads. Just remember, you know your friends best — and if they send you something unusual, ask them about it.
  • Your emotions are heightened. The more irritable we are, the more likely we are to put our guard down. Social engineers are great at stirring up our emotions like fear, excitement, curiosity, anger, guilt, or sadness.
  • The request is urgent. Social engineers don’t want you to think twice about their tactics. That’s why many social engineering attacks involve some type of urgency, such as a sweepstake you have to enter now or a cybersecurity software you need to download to wipe a virus off of your computer.
  • The offer feels too good to be true. Ever receive news that you didn’t ask for? Even good news like, say winning the lottery or a free cruise? Chances are that if the offer seems too good to be true, it’s just that — and potentially a social engineering attack.
  • You’re receiving help you didn’t ask for. Social engineers might reach out under the guise of a company providing help for a problem you have, similar to a tech support scam. And considering you might not be an expert in their line of work, you might believe they’re who they say they are and provide them access to your device or accounts.
  • The sender can’t prove their identity. If you raise any suspicions with a potential social engineer and they’re unable to prove their identity — perhaps they won’t do a video call with you, for instance — chances are they’re not to be trusted.

A thief can get your personal information in person or online. Here are some ways thieves might steal someone’s identity. A thief might:

  • Steal your mail or garbage to get your account numbers or your Social Security number
  • Trick you into sending personal information in an email
  • Steal your account numbers from a business or medical office
  • Steal your wallet or purse to get your personal information

Identity experts share five recommendations for how to protect your identity:

  • Once a year, order and closely review a free credit report from each national credit reporting agency: Experian, Equifax and Transunion.
  • Browse and purchase online while only using a secure connection. Never use autofill features when filling out online forms, unless it is on a trusted site.
  • Refrain from giving solicitors personal or financial information over the phone, by email or through pop-up message.
  • Opt out of pre-screened offers of credit and insurance by mail.
  • Avoid oversharing on social networking sites so you’re not sharing a potential scam with others.

If you do think you’re a victim, call the three major credit bureaus and place a credit freeze and file a report with law enforcement.

Even if you don’t believe it’s that big of a deal, reporting these crimes can help law enforcement prevent others. It took identity theft victims an average of 10 hours to resolve the fraud in 2020, according to LifeLock.

Moreover, you may be responsible for what the thief does while using your personal information. You might have to pay for what the thief buys. This is true even if you do not know about the bills.

How can that happen?

  • A thief might get a credit card using your name.
  • He changes the address.
  • The bills go to him, but he never pays them.
  • That means the credit card company thinks you are not paying the bills.
  • That will hurt your credit.

This is the kind of trouble identity theft can cause for you.

Your best defense against identity theft and social engineering attacks is to educate yourself of their risks, red flags, and remedies. To that end, stay alert and avoid becoming a victim.


References:

  1. https://www.consumer.gov/articles/1015-avoiding-identity-theft#!what-it-is
  2. https://us.norton.com/internetsecurity-emerging-threats-what-is-social-engineering.html
  3. https://www.usnews.com/360-reviews/identity-theft-protection

Cyber Security for Small Business – Social Engineering

Social engineering is a cyber criminals favorite way to manipulate and attack small businesses

Small businesses remain extremely exposed to cyberattacks. And, cybersecurity remains one of the primary operational risks for most small businesses . Similarly, many small businesses demonstrate problematic cybersecurity practices in their daily operations.

Almost 60 percent of business executives report an increase receipt of suspicious email over the past year, proving an increasing cyber concern for small businesses. Adapting new technology system without proper knowledge or preparation is another problem of small businesses that may lead to preventable problems like small business owners that may refrain from two-step factor authorization during password setups on a site.

To avoid becoming a victim,  it is important for small businesses to implement proper security measures. From consequences that unpreparedness can bear to reasons behind small businesses as targets, prioritizing cyber-security is extremely critical as hackers get much smarter and more determined.

Cyber security weakest link

People are the weakest link when it comes to cyber security, which is why psychological manipulation of cyber attack victims is so common. Phishing scams, for instance, is an effective form of social engineering in email format that can be sneakily disguised as arriving from legitimate sources. This can fool employees into clicking a virus-filled link.

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. This is used to gather information, initiate cyber fraud, or gain unauthorized IT system access.

Preventing an attack

For small businesses, there are plenty of ways on preventing cyber-attacks – from enforcing simple measures or hiring specialized teams to stay alert on the issue. Along with employing IT teams/specialists, training workers on the current dangers of cyber-security is a necessity as it can avert various issues (such as phishing scams as mentioned earlier). Installing security software and investing in proper cyber-security insurance is also vital in securing businesses from these attacks.

With the extent of small business being large targets for attackers, acquiring proper cyber-security is becoming increasingly important and a necessity, particularly in 2020. As small businesses adopt remote work methods, risks and dangers arise, proving that implementing proper precautions like an IT team or training results to be beneficial.

There are many effective practices that small businesses can implement to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity. It is recommended that small businesses consider implementing the following effective practices:

  • Developing identity and access management protocols for staff, including managing the granting, maintenance and termination of access to business and customer data;
  • Limiting access only to their own customers’ data and related reports;
  • Setting minimum password requirements and multi-factor authentication for access to systems and applications employees, vendors, contractors and other insiders;
  • Prohibiting the sharing of passwords among firm staff;
  • Prohibiting the storage of sensitive customer or data in unapproved or prohibited locations (e.g., a file server, cloud provider or thumb drive and without encryption or transmitted without encryption);
  • Establishing minimum encryption standards for all hardware used to access firm systems, including laptops, desktops, servers, mobile devices and removable media devices;
  • Requiring adherence to minimum encryption standards for data-in-transit, such as emails and file transfers that include customer sensitive information;
  • Ensuring only secure, encrypted wireless settings for office and home networks;
  • Maintaining regular patching, anti-virus protection, anti-malware and operating system updates for all computers and servers that access data in a manner that is consistent with industry standards;
  • Developing physical security protocols for all portable devices used to access data and systems, including laptops and mobile devices;
  • Mandating all vendors meet business’ security requirements, especially if the data or other sensitive information will be accessed or maintained by the vendor; and
  • Creating processes and selecting approved vendors for the secure disposal of hard copy records and firm computer hardware (e.g., hardware listed in the firm’s inventory) that may contain sensitive information.

References:

  1. https://cyber-security.mytechmag.com/cyber-security-for-small-businesses-is-important-now-1379.html
  2. https://www.pcworld.idg.com.au/article/636083/10-alarming-cybersecurity-facts/#:~:text=%2010%20alarming%20cybersecurity%20facts%20%201%20There,are%20more%20than%203%20billion%20active…%20More%20