- February 2nd, 2016
- No Comments
After a year filled with gargantuan corporate hacks and countless “little ones”, it’s time to face the reality that there is a decent chance that you or someone you love may become a victim of identity fraud sometime soon. While exact statistics for 2015 have not been released yet, in 2014 more than 70 million Americans had their sensitive information exposed in data breaches that could very easily lead to identity fraud.
Your old habits die hard
Not only victims of data breaches are at ID fraud risk. Many of our own day-to-day behaviors may be compromising our security. What’s more shocking is that according to a survey by consumerreports.com more than half of people involved in large scale data breaches fail to change their behavior in any significant way even though they are at a higher risk of having their ID’s stolen. The problem is that old habits die hard. We are so used to doing things on our own terms that we won’t change even when we know that our behavior is what is compromising our security.
Here are some things that lots of people do each day, making it appallingly easy for hackers to steal identities without even being involved in a corporate data breach and some tips to make sure you don’t make the same foolhardy mistakes
1. Answering security questions with easily accessible information
Think about this – You probably have a few accounts that have security questions to reset passwords or access information. Some of the most commons questions are “What is your mother’s maiden name?” or “Name the city you were born in”. All a hacker needs to do is a simple Google search to find out those answers.
Be aware, you are under no obligation to answer security questions truthfully. If you decide that the answer to that question should be lightning bolt (assuming that was not your mother’s maiden name or where you were born, of course), then make that your security question answer. No one will be able to Google that. Just make sure you can remember your non-truthful answer when a rep asks for it.
2. Using unsecured public WiFi
As we have mentioned before, using public WiFi may be convenient but it’s a recipe for disaster. You may be tempted to check your email or bank account from your local Starbucks but it’s super simple for a scammer to set up a fake network called “Cafe Coffee” or something similar that ropes you into thinking you have connected to the restaurant’s network. Meanwhile the hacker intercepts everything you do and can steal login information, passwords, banking credentials and more.
If you must use public WiFi, ask a cafe (or any other establishment you may be in) employee for their correct network name and IP address to be sure you connect to the correct one. Also, though it may be a drag, just stay off Amazon.com and all other e-commerce and banking websites until you get home.
3. Posting tons of information to social media
We all love sharing things like pictures of vacations, notices of our promotions and lots of other milestones on our social networks. While it’s a lot of fun to share these events with all of your 2000 nearest and dearest friends, chances are that you also have your work history and where you went to university listed, as well as family member’s names and potentially even your email address and date of birth. Taping all this information together gives hackers almost all the key elements they need to pull off identity fraud.
Consider changing your privacy settings on your social media accounts so only people you know can access your full profile and don’t include your date of birth. And really try to think about each thing you post – every detail you post helps scammers build a more accurate profile on you so most of the time it’s just not worth it.
4. Falling prey to phishing scams
Phishing is when criminals attempt to make people reveal sensitive information using digital means and their scams can take many forms. Sometimes criminals send emails that try to get the recipient to divulge information by pretending to be a real and respected entity like Amazon.com or your bank. Scammers may also copy real websites, giving just a slight tweak to domain names, like goooogle.com or bzzfeed.com. Then they wait for unsuspecting victims to land on their almost-perfect-but-not-quite versions, filling the victim’s computer with malware and more.
Whether it’s malware that records your keystrokes and phones that information home to remote bad guys or if it gives bad guys admin level access to all your files and settings, you’ve got a problem on your hands. So just play it safe and stay away from all emails asking for your details. If you think a particular email may just be legitimate, log on to the website from your browser, not from a link in the email, and get a phone number to confirm that the company really does or doesn’t need your information.
ZoneAlarm Extreme Security has a built-in download and URL scanner to help you steer clear of those fake-out URLs and malware-filled links in emails. And most modern email platforms have a built in spam filter to keep you from getting emails promising the best prices on Pr0zac and Cia1is. Sometimes an email may just get through though, so it’s up to you to use your head and ignore those emails from the First Lady of Ecuador, who so desperately needs your help in transferring huge sums of money to a foreign bank account.
Security measures in the non-digital world
There are also some non-digital steps you should take to make sure you don’t have your ID stolen such as:
- Shred all sensitive documents, like bank statement and checks before you throw them out
- Get a mailbox that locks so ID thieves cannot take mail from banks and credit card companies out of your mailbox before you do.
- Stop carrying your social security card in your wallet!
- Each and every time anyone asks for your SS number, verify if it’s absolutely necessary to give over or not. Even if it’s just to confirm your identity with your gas company, that’s typically not something they need but might just be in the habit of asking for. Unless they need it, don’t give it.
- Consider having your phone number unlisted in the phone book and in digital directories.
- Go through your bank and credit card statements regularly to check for any discrepancies or oddities.
Protecting yourself from ID fraud may not be easy or fun but it can save you years of heartache. It’s worth it to put in as much effort as you can to stay safe before something irrevocable happens.
What precautions do you usually take to protect yourself online?