Yearly Archives: 2020

Home / 2020

Protecting Yourself from Holiday Identity Theft

Identity theft can happen to anyone at any time. However, people are more susceptible to identity theft during the holiday season. This is mostly because people are not only shopping more during this season, but also doing so in a distracted manner.  In this article, we will explore simple tips you can use to protect yourself from holiday identity theft.

Let’s dig in:

Use a secure network

Avoid using public Wi-Fi when shopping online or logging into your financial accounts. A network that is not secure puts your personal information, such as your credit card number, at risk. Consider using a VPN service when connecting to the internet using pubic Wi-Fi. A VPN (Virtual Private Network) encrypts your internet traffic and directs it through a secure and private network.

Only carry what you need

Are you fond of carrying all your credit cards and your social security card in one wallet? If you do, it’s time to start carrying only the essentials. While having everything with you might seem convenient, it’s the perfect set up for identity theft. Keep the documents you carry with you to a minimum.

Choose cash or credit over debit

Credit card companies monitor suspicious charges. This makes them more secure to use than debit cards, since debit cards only withdraw money from your account without offering the same level of protection.

Use trustworthy online shopping sites

There are signs that can help you gauge the security of a website. For instance, HTTPS in the web address and a locked padlock on the far left side of the website URL show that a site is secure.

To avoid phishing scams, you should also be careful about the promotional emails you receive in your inbox. Double check to ensure that the promotional links in such emails do not lead to altered links.  These altered links might at first sight appear to be legitimate websites.

Be vigilant when opening new retail credit accounts

Sometimes retail stores will offer you gifts and other incentives if you open a credit card account with them. However, you should be extra careful when giving out your information.

Ensure that no one is looking over your shoulder when writing down your details, and that there are no devices attached to the card reader that could skim your cards. You should also ask the sales assistant how they intend to discard your personal information once they have entered it into their system.

Keep your software updated

Software updates can seem like a drag, but they are meant to protect you from new security threats. If you see a message asking you to upgrade your software or operating system, do it right away. This way, you will always have the most up to date software, and will always be protected.

Final word

The holiday season means that people are on the search for the perfect gifts for their loved ones. Unfortunately, fraudsters are also on a hunting spree: for your information.  Although it’s not possible to completely protect yourself from identity theft, the steps we have discussed today can go a long way towards keeping your information safe.

 

 

 

5 Things To Do If Your Identity Is Stolen

 

While no one looks forward to identity theft, it is a reality that happens to at least one in ten people. This means that your personal details might fall into the wrong hands, and someone might use them to open new accounts and steal your money, among other fraudulent activities.

Fortunately, you can take steps to minimize possible damages and hopefully regain what you have lost. Here are five things to do if someone steals your identity:

1.     File a claim with your identity theft insurance

Perhaps you have insurance that protects you in cases of identity theft, either through an identity protection plan or through your employer. If so, your provider can help guide you through the steps you need to take. Once you notice that someone stole your identity, your insurance company or your human resource department should be one of the first places you call.

2.     Notify companies of your stolen identity

If identity thieves have taken over your accounts, they might have compromised your credit card number. However, this does not necessarily mean they already have access to your other personal information. You can quickly solve this issue by calling your credit card issuer and explaining that about the compromise of your identity.

On the other hand, if someone uses your identifying information such as your name and your social security number to open up new accounts, you may want to call as many companies as you can with which you have accounts.

If someone used your social security number to file false tax returns, you need to submit a form 14039 Identity Theft Affidavit to report the crime to the IRS.

Similarly, you should notify your healthcare insurance provider if someone is impersonating you to obtain medical care under your name or policy number.

3.     File a report with the Federal Trade Commission (FTC)

Though the Federal Trade Commission cannot pursue criminal charges, law enforcement agencies such as the FBI can use the information it gathers about identity theft and fraud to track down identity thieves.

To file a report with the FTC, visit the website www.identitytheft.gov.  It will provide you with a reporting plan and even get some pre-filled forms that you can use to file reports and dispute fraudulent charges.

4.     Contact your local police department

Once you file a report with the FTC, your next stop should be your local police department.

Notifying the police about the theft of your identity creates a paper trail. This can protect you in the future. For example, if an identity thief uses your identity to commit a crime, it would be much easier to clear your name if there is documentation.

Please note that there is little that the police can do if someone from overseas stole your identity. However, your report can help them track down the perpetrator if it’s someone you know or a local.

However, it is still important to file a report with the police even if the identity theft happened online.

5.     Place a fraud alert on your credit reports

The next step is to call the major credit reporting agencies such as TransUnion, Equifax, and Experian. Request that they place a fraud alert on your credit reports. A fraud alert stays on your credit report for a year. It lets the institutions that pull your credit report know that your identity has been compromised.

Although you only have to report to one credit reporting bureau, because they will notify the other two, there is no harm in calling all three. Here are their telephone numbers:

Equifax: 1-888-766-0008

Experian:  1-888-397-3742

TransUnion: 1-800-680-7289

For added security, freeze your credit so that no one can access your credit reports. It’s also a good idea to freeze your children’s credit because they can also have their identity stolen.

Final word

These simple steps can go a long way in enabling you to stop identity thieves from causing further damage to your reputation. In some cases, they can help you recover what you have lost and even prevent you from paying for crimes you didn’t commit.

Don’t forget to monitor your financial statements and check for any payments or accounts you did not create. Also, make it a habit to thoroughly examine your statements from time to time.  It is also a good idea to financial institutions about how you can best avoid identity theft in the future.

 

 

 

5 Tips to Prevent Social Engineering

Social engineering is effective for criminals and dangerous for businesses.  It takes advantage of human behavior to gain access to systems.  Consequently, no antivirus can work to prevent an attack if a criminal manipulates the target into making security mistakes.

So, how can you prevent such cyber-attacks? Here are five proven tips that can help you prevent social engineering attacks:

1.      Train Your Employees

Cybersecurity relies heavily on human behavior. Therefore, your employees should be the first line of defense in detecting, and preventing social engineering attacks.

You must ensure that your employees understand the tricks cyber criminals use to perform a social engineering attack. Additionally, they should know the signs to look for to detect such an attack.

Some of the things your employees should never do include:

  • Disclosing sensitive information over phone, text or email
  • Opening attachments from unknown sites
  • Allowing people into protected areas if they do not have the credentials and authorization to be in the protected area (some criminals use tailgating to enter protected areas)
  • Warning your employees against responding to instructions that seem to be from executives or seniors at your organization without confirming via a call to that person.

Train your employees to remain skeptical when they receive requests that often seem urgent or have negative consequences when ignored.

Moreover, you can take your training a notch higher by conducting phishing simulations to help you detect how well your employees can identify a phishing attack.

2.      Use Antivirus and Endpoint Security Tools

While social engineering attacks target your employees directly, you can prevent these schemes from reaching your employees by installing antivirus and endpoint security measures on all your company’s devices.

Fortunately, modern endpoint security tools and antivirus software are often capable of blocking links to malicious websites, obvious phishing messages, and IP addresses that are listed as threats.

3.      Conduct Penetration Testing

Cybercriminals often find ways to penetrate your organization’s defenses. Unfortunately, they constantly look for angles to exploit the weaknesses in your security system. You can prevent this by working with an ethical hacker who uses his or her skills to identify these weaknesses by attempting to exploit them.

Together with an ethical hacker, you can learn the weaknesses your security system has and the social engineering techniques to which your company is most susceptible.

4.      Update Your Software

Businesses that use updated software have lower chances of experiencing a social engineering attack. Specifically, updated software comes with security fixes to existing vulnerabilities.

Therefore, it is important to ensure that your firewall and antivirus software are from reputable organizations and are regularly updated.

However, cybercriminals continue to take advantage of businesses that have not yet updated their software.

5.      Implement a Good Policy for Social Media Privacy and Posting

Social media sites provide the personal information that criminals require to plan and execute social engineering attacks.

So, if your employees post too much information about themselves and your business, it could lead to massive loss of sensitive data from your business.  Therefore, establish a good policy on social media privacy and posting. This policy should include:

  • Keeping personal and company social media accounts separate
  • The information that can and cannot be shared on personal or business social media accounts
  • Providing minimum information on job listings to prevent divulging information that criminals could misuse

Final Word

Protecting data should be a priority for every cyber-aware business. Unfortunately, even if you are a small business, you stand the risk of losing sensitive data about your accounts, accounts of your clients and customers, and other valuable information.

In conclusion, your business should be aware of social engineering attacks, how they happen, and ways in which you can prevent these attacks.

 

What Is Social Engineering?

Social engineering is a type of psychological manipulation which utilizes human interactions and vulnerabilities to trick victims into disclosing sensitive information.

The information could be personally identifiable data such as social security numbers, log-in details, or corporate financial information. Once cybercriminals collect this information, they can use it to commit fraud or identity theft.

Social engineering taps into the natural instinct of trust. Through carefully worded emails, texts, or voicemail messages, criminals manipulate victims into disclosing sensitive and confidential information.

The social engineering life cycle follows the following steps:

·       Preparation

The first stage of a social engineering attack is preparation. The criminal identifies the victim and gathers background information about the target. The criminal then formulates the attack strategy.

Where victims are organizations, the criminal gathers information including their structure and the roles and responsibilities of all employees. They also collect data about behaviors and susceptibilities the targets could succumb to.

Criminals conduct this research through the company’s website, social media profiles, in-person visits, or stalking.

·       Execution

In this step, the criminal deceives the victim in order to gain a foothold. This stage often involves a story that manipulates the victim into the desired emotion, such as fear, desperation, or loyalty.

At this point, the criminal has taken control of the interaction, and the victim will likely provide the requested information or complete the required transactions.

For example, execution could involve an ostensible email of the CEO requesting an employee to wire money to the given account, or to send the password to a certain database.

Criminals are manipulative and patient at this stage until they get what they desire.

·       Exit

Social engineering masterminds prefer exiting without a trace of their being in the affected location or arousing suspicion. They will siphon the data they need, remove the malware they used, and cover their tracks.

Criminals using social engineering employ six key principles to deceive their targets:

·       Authority

A person is more likely to obey a person in authority, often without objection.

·       Scarcity

Cyber criminals utilize the fear of missing out to their advantage. They will convince you that this is a rare opportunity for you to make the most of your money, encouraging you to invest in whatever they are selling.

·       Reciprocity

Sometimes, a criminal will gain trust by doing you a favor, for instance by helping you detect a vulnerability in your company’s system. Afterwards, you are more likely to “return the favor”, sometimes against your best interests.

·       Commitment and Consistency

A social engineering criminal might lead you to commit to an idea or responsibility, which you are then likely to follow through with because of the human propensity to follow through with commitments.

·       Social Proof

Trends are an example of social proof. People will do what they see others doing, either from fear of missing out or out of curiosity. This makes it easy for criminals to use enticing headlines, or text to lure you into installing malware or providing sensitive information.

·       Liking

Likability significantly influences humans into making decisions, including buying decisions. Cyber criminals will often wear a likeable veil to persuade their victims to provide the details or take actions that the criminal wants.

In a nutshell

Social engineering uses psychology to manipulate people into giving up sensitive information about themselves or their companies rather than using technology or breaking into the victim’s data.

These schemes manipulate victims by triggering feelings of fear, greed, curiosity, helpfulness, and urgency to trigger the desired response.

 

 

5 Biggest Data Breaches Of The 21st Century

Data breaches occur when hackers infiltrate a computer network system and access sensitive information.  This can include financial records, security numbers, passwords and personal identifying information.

In the 21st century, data breaches affecting hundreds of millions or even billions of users are gradually becoming the order of the day. In this post, we will explore five biggest data breaches in recent memory.

1.     Yahoo

Yahoo fell victim to the biggest data breach in history so far. Back in 2014, amidst sales negotiations with Verizon, Yahoo experienced a data breach affecting all of its 3 billion user accounts.

The information stolen from its computer network included names, emails, hashed passwords, dates of birth, and security questions. The data breach was so bad that it compelled Yahoo to sell to Verizon at $350 million less than previously planned. Yahoo claimed that the attack was state-sponsored activity,

2.     First American Financial Corporation

The 2019 data breach of First American Financial Corporation exposed 885 million records. These records contained sensitive information including social security numbers, bank account details, mortgage information, and wire transactions.

The breach exposed information dating as far back as 2003. The company was mostly to blame for its complete lack of security. Its records had no form of encryption, making them extremely vulnerable to data breaches.

3.     Marriott International

A 2014 hack of Marriot International exposed 500 million records. The hack led to the leak of hard to find data such as travel schedules, passport numbers, and contact information.  It was not discovered until 2018.

Recently, Marriott has been the victim of yet another data breach exposing more than 5.2 million accounts between January and February 2020.

4.     Equifax

Equifax is one of the leading credit bureaus in the US and experienced one of the biggest data breaches in the 21st century.  A vulnerability in the company’s website compromised the personal information of 147.9 million customers.  Some of the stolen information included birth dates, social security numbers, driver’s license numbers, addresses, and credit card data.  Unfortunately, the company was partly to blame for the breach due to failure to segment its systems or to patch security vulnerabilities.

5.     eBay

eBay fell victim in 2014, revealing passwords, names, email addresses and dates of birth of all of its 145 million users.  Interestingly, the breach occurred over 229 days, during which hackers had complete access to the company’s network. The hackers used the credentials of three top corporate employees to infiltrate eBay’s computer network.

Even though hackers exposed this information, the breach did not affect the bottom-line of the company.  However, it did lead to a significant decline in user activity.

Protecting your Business from Data Breaches

Cyber security continues to be an elusive goal for many companies.  This is especially true for those with sensitive data such as addresses, contact information, credit card or bank details, and personal identifying information. Therefore, this data is usually the target of identity thieves.

Detecting a data breach is usually the most crucial step in responding to and mitigating the effects of the breach.  Thus, you can detect a breach by hiring cyber security experts, updating your technology and employee education, and by constantly monitoring your organization.

5 Cyber Security Best Practices For Your Business

Cyber attacks are a growing concern for small and medium enterprises. Some research findings reveal that 43% of cybercrimes target small businesses, and 60% of small companies that fall victim to a cyber attack are out of business within just six months.

As a small business owner, you don’t want to be the next victim. Here are five cybersecurity best practices your business should implement:

1.     Use a firewall and antivirus software

Firewalls provide a barrier between your computer network and cybercriminals. Firewalls work by assessing the data packets which arrive at your computer network.  They either accept or reject them based on the data they contain.

Your business should invest in both hardware and software firewalls to monitor incoming data for risks that could expose your business to attacks.

Use antivirus software in addition to firewalls to add an extra layer of security against threats that manage to get past the firewall.

2.     Keep your software updated

In a highly automated environment, it is easy for business owners to rely on automatic software updates.

But if you are concerned about the security of your data, you must ascertain that your operating systems and software are up-to-date (and that you are using high-quality security software).

Software updates look for and fix potential weaknesses that criminal hackers could exploit. Therefore, by having the latest software updates, you protect your business data from the vulnerabilities of older software.

3.     Train your employees

Employees are one of the greatest risks to your business. This risk stems from unawareness on the importance of cybersecurity and of the protective measures they can take to keep your business safe, such as installing firewalls to their home networks.

Employees are also vulnerable to phishing scams, which cybercriminals could use to install malware onto your computer network.

Cybersecurity education should not end with the IT department, but should reach every employee. Educate them on cybersecurity measures, your business’ cybersecurity policies, ways of identifying cybersecurity breaches, and responses to such incidents.

4.     Back up your data regularly

Cyber-attacks can happen to the most protected system, and your business should be ready for this eventuality. Back up all your data, including documents, spreadsheets, databases, financial and other business files to the cloud or on separate hardware devices.

You should store these backups in separate places for added security, preferably at an offsite location or in the cloud.

Your business should implement cloud computing (for easy and efficient backup systems) and a local back up in case the data on the cloud falls prey to cybercriminals.

Backing up data protects businesses from loss in case of natural disasters, human errors, ransomware, and hacking.

5.     Set strong passwords and multifactor authentication

Lost, stolen, and weak passwords lead to about 63% of data breaches , which should inspire businesses to enforce their password policies.

Businesses should use strong passwords that contain a mix of lower and upper case letters, numbers, and symbols. They should also change these passwords every 60-90 days.

Multifactor authentication adds an extra layer of security to strong passwords by requiring additional steps before one access your business data. Therefore, even if a cybercriminal manages to crack your password, the multifactor authentication could prevent further access.

Final word

Cybercriminals keep advancing and finding better ways to breach security systems. Your business security depends on a proactive approach in implementing security measures such as the use of firewalls, antivirus software, employee training, regular data backups, strong password policies, and multifactor authentication.