Protecting Your Digital Identity
Chuck's Cyber Wall
With identity theft on the rise, it’s essential to protect your digital identity. Using Phishing Scams, cybercriminals send fraudulent emails and create fake websites to steal credentials and personal information. Among the more common scams are links that lead to malicious sites to gather information and infect your phone or computer with malware.
This is nothing new.
Hackers have been preying on people for decades, creating a sense of urgency with fear of loss, prizes, and threats, among other despicable tactics. Weaponizing the anxiety caused by missed opportunities, financial loss, and legal trouble are among the most effective situations they’ve exploited, but now they’re using data scraped off social media and from other hacks to personalize these scams.
You must protect yourself if you don’t want to be a victim.
Many services monitor cyber threats, but there are things you can do without having to pay anyone. That’s what we’re going to focus on here.
IDENTITY THEFT IS SERIOUS
As scary as Identity Theft can be, don’t be freaked out by the horror stories. There are a lot of worst-case scenarios running around out there, from someone opening a new credit card in your name to cyber criminals having access to your bank accounts. Although concerning, these shouldn’t be your primary concerns. Sadly, family or friends are far more likely to threaten your finances than cyber criminals.
AVOID GIVING AWAY INFORMATION
You’ve probably heard the old axiom, an ounce of prevention is worth a pound of cure. There is no place those words are more relevant than online.
I’m always talking about phishing scams, social media awareness, and using strong passwords in blogs, articles, and posts. All of it comes down to awareness. The first and most vital step to preventing identity theft online is to be aware of the threats that are out there. You would never leave your wallet or purse unattended in an unlocked car. Why? Because someone, most likely your parents, told you what would happen. Someone made you aware of the danger, and you take appropriate actions to protect yourself.
Being aware and taking action to secure your identity online is the same thing, but you must take it seriously.
SECURE YOUR ACCOUNTS
As I’ve pointed out many times – and will continue to point out until something better comes along – there is no single security measure as effective online as a Strong Password. Not using a Strong Password is like putting a plastic lock on your door and expecting it to keep your valuables safe. That being said, just as important as having a Strong Password is storing it in an
encrypted location, not on a sticky note under your keyboard.
Another great way to secure your accounts is not to reuse passwords. Hackers are attacking organizations all the time. In the past couple of months on the dark web, security experts have discovered:
- 500,000+ user names and passwords from data hacks
- 80,000 email addresses scraped from social media sites
- 1,600 shared social media apps stealing personal information
And these are just a few examples. With stolen passwords, hackers use a simple tool called “password stuffing” to access accounts with the same email address and password. If you are reusing a password, you are putting your digital identity at risk.
CHECK FOR BREACHES
If you’re not monitoring your digital identity, you should start now. When your credentials are compromised, the first thing you need to do is change your password. Remember, your password is your first line of defense against cyber criminals.
But how do you know if an account has been breached?
There are some great, easy-to-use breach monitoring tools available such as:
- Have I Been Pwned – at this site, simply enter your email address and see if it’s been exposed in a data breach.
- Firefox Monitor – built right into the web browser, see what sites you’ve accessed have been breached and mark them resolved once you’ve changed the password
- HPI Identity Leak Checker – this site maintains a database of leaked sites and crosschecks it with your email address
- Hack Notice – here, you can check for vendor leaks and take advantage of a variety of services for individuals or businesses
All these sites offer additional pay services, but the free services are enough to make you aware. They’re great for not only the websites you currently use but also those that you haven’t used in a long time or just checked out once. If you used a common password back when you signed up for LiveJournal or MySpace or Soundcloud, it doesn’t matter how long it’s been since you’ve last logged in, if they’ve been breached, you are at risk.
Breaches are rarely found quickly, and your email address and password must be discovered in a data file on the dark web for it to be reported. That means that even if you are diligent about checking, it’s likely that your information has been available to hackers for a while. That means that when you find out that your account has been breached, you can’t afford to wait.
Log in and change the password immediately.
This is also an excellent time to determine if you really need that account. We tend to sign up for a lot of services. Something might look entertaining or useful, but once that interest runs its course, we tend to forget them and move on to the next thing, leaving those accounts ripe for hackers. If you see something in a breach report you haven’t used for a long time, change the password and evaluate its usefulness. There’s no point in leaving accounts open that you will not use.
Cleaning up your digital footprint with Strong Passwords and deleting accounts you no longer use will help to keep your identity secure.
BE WARY OF PHISHING ATTACKS
Emails. Text messages. Instant messages. Social media posts. Visiting websites.
Cybercriminals can use every single way that you digitally connect with another human being to try to steal information from you. Seriously, all of them. There is no way that you can communicate with another person on the internet that hackers can’t find a way to exploit.
Another thing I talk about a lot is Phishing. I post about it and write blogs about it because awareness is your greatest defense. For that reason, I send out as many warnings as possible about it.
And yet people still click those links…
So here are a few things to look out for:
- False vendors selling products too good to be true
- Fraudulent investment sites
- Spoofed government and health organization communications
- Fake threats of legal actions
- Scam employment posts
- Phony charity donation offers
I can’t say it often enough, think before you click. As a general rule, don’t click on a link in your email, especially if it’s unsolicited. Go to the address bar and search for the website. Also, no government agency will ever send updates about anything through email, especially financial information. If you see something like that, don’t click on it.
Be skeptical of anything that tries to manufacture a sense of urgency, especially if it uses the phrase “limited time.”
Many factors have led to recent rises in identity theft, including:
- cyberattacks becoming more complex and ambitious
- a significant increase in hijacking credit card data and payment forms
- new account fraud is more effectively targeting mortgages, student loans, car loans, and credit cards
- credential phishing is allowing for a significant increase in account takeovers
And the people most vulnerable to identity theft are:
- children – hackers use their social security numbers to establish fraudulent accounts with a “clean slate”
- seniors – multiple studies have concluded that no demographic falls for Phishing scams more often than seniors
- military personnel – deployed, active-duty members of the military are particularly vulnerable
- social media users – so much information is unwittingly shared on social media, both in posts and through interactive games like quizzes, that this is one of the most vulnerable groups
- repeat victims – anyone who has been affected by identity theft is likely to be attacked again because their information is actively being traded out on the dark web
Although, when it comes down to it, anyone with a social security number is a potential victim. And the greatest enemy of security is complacency. Hackers hope that we are too busy, lazy, or inexperienced to be aware of their efforts so that they can use our information to make money.
With a little effort, you can protect your digital identity.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com