Identity theft is on the rise again.
A big reason for this is Covid-19 scams. Hackers are sending fraudulent emails and creating fake websites with information about the virus, stimulus packages, and legitimate public health resources. Among the more common scams are links that claim to lead you to a map of “Covid-19 cases nearby,” which infects your phone or computer with malware.
This is nothing new.
Hackers have been preying on people for decades, creating a sense of urgency with fear of loss, prizes, and threats, among other despicable tactics. Weaponizing the anxiety caused by natural disasters is among the most effective situations they’ve exploited, and this pandemic is no exception. If anything, they see this pandemic as a global opportunity to steal as much from you as they can.
If you don’t want to be a victim, you have to protect yourself.
There are a lot of services out there you can pay to monitor cyber threats, but there are things you can do without having to pay anyone. That’s what we’re going to focus on here.
Don’t Be Afraid, Be Serious!
Seriously, don’t be freaked out by the horror stories. There are a lot of worst-case scenarios running around out there, from someone opening a new credit card in your name to hackers having access to your bank accounts. Although concerning, these aren’t the first things you should be worried about. Sadly, your finances are far more likely to be threatened by family and friends than cybercriminals.
Online, your first concern is to avoid giving away information.
You’ve probably heard the old axiom, an ounce of prevention is worth a pound of cure. There is no place those words are more relevant in today’s world than online.
Phishing scams.Social media awareness. Using strong passwords. These are things we’re always talking about. All of it comes down to awareness. The first and most vital step to preventing identity theft online is to be aware of the threats that are out there. You would never leave your wallet or purse unattended in an unlocked car. Why? Because someone, most likely your parents, told you what would happen. Someone made you aware of the danger and you take appropriate actions to protect yourself.
Being aware and taking action to secure your identity online is exactly the same thing, but you have to take it seriously.
Secure Your Accounts
As we have pointed out a multitude of times – and will continue to point out until something better comes along – there is no single security measure as effective online as a Strong Password. Not using a Strong Password is like putting a plastic lock on your door and expecting it to keep your valuables safe. That being said, just as important as having a Strong Password is making sure to store it in an encrypted location, not on a sticky note under your keyboard.
Another great way to secure your accounts is not to reuse passwords. Hackers are attacking organizations all the time. In the past couple of months on the dark web, security experts have discovered:
- 500,000+ Zoom user names and passwords
- 8,000 email addresses and passwords associated with Disney+
- 1,600 Ring passwords
And these are just a few examples. With stolen passwords, hackers use a simple tool called “password stuffing” to access all of the accounts with the same email address and password. If you are reusing a password, you are putting your digital identity at risk.
Check For Breaches
If you’re not monitoring your digital identity, you should start now. When your credentials are compromised, the first thing you need to do is change your password. Remember, your password is your first line of defense against hackers.
But how do you know if an account has been breached?
There are some great, easy to use breach monitoring tools available such as:
- Have I Been Pwned – at this site, simply enter your email address and see if it’s been exposed in a data breach.
- Firefox Monitor – built right into the web browser, see what sites you’ve accessed have been breached and mark them resolved once you’ve changed the password
- HPI Identity Leak Checker – this site maintains a database of leaked sites and crosschecks it with your email address
- Hack Notice – here you can check for vendor leaks and take advantage of a variety of services for individuals or businesses
All of these offer additional pay services, but the free services they offer are enough to make you aware. They are great for not only the websites you currently use but also those that you haven’t used in a long time or just checked out once. If you used a common password back when you signed up for LiveJournal or MySpace or Soundcloud, it doesn’t matter how long it’s been since you’ve last logged in, if they’ve been breached, you are at risk.
Breaches are rarely found quickly and your email address and password have to be found in a data file on the dark web for it to be reported, which means that even if you are diligent about checking, it’s likely that your information has been available to hackers for a while. That means that when you find out that your account has been breached, you can’t afford to wait.
Log in and change the password immediately.
This is also a good time to determine if you really need that account. We tend to sign up for a lot of services. Something might look entertaining or useful, but once that interest runs it’s course we tend to forget them and move on to the next thing, leaving those accounts ripe for hackers. If you see something in a breach you haven’t used for a long time, change the password, and then evaluate its usefulness. There’s no point in leaving accounts open that you’re not going to use.
Cleaning up your digital footprint with Strong Passwords and deleting accounts you no longer use will help to keep your identity secure.
Be Wary of Phishing Attacks
Emails. Text messages. Instant messages. Social media posts. Visiting websites.
Every single way that you can digitally connect with another human being, hackers can use to try to steal information from you. Seriously, all of them. There is no way that you can communicate with another person on the internet that hackers can’t find a way to exploit.
Another thing we talk about a lot is Phishing. We post about it. We write blogs about it. Because awareness is your greatest defense, we send out as many warnings as possible about it.
And yet we still click those links…
So here are a few things to look out for:
- False e-commerce vendors for masks, sanitizers and test kits
- Fraudulent investment sites
- Spoofed government and health organization communications
- Fake vaccines or “miracle cures”
- Scam employment posts
- Phony charity donation offers
We can’t say it often enough, be careful where you click. As a general rule, don’t click on a link in your email, especially if it’s unsolicited. Go to the address bar and do a search for the website. Also, no government agency will ever send updates about anything through email, especially financial information. If you see something like that, don’t click on it.
Be skeptical of anything that tries to manufacture a sense of urgency, especially if it uses the phrase “limited time”.
There are many factors leading to this increase in identity theft including:
- cyberattacks are becoming more complex and ambitious
- there has been a significant increase in hijacking credit card data and payment forms
- new account fraud is more effectively targeting mortgages, student loans, car loans, and credit cards
- credential phishing is allowing for a significant increase in account takeovers
And the people most vulnerable to identity theft are:
- children – hackers use their social security numbers to establish fraudulent accounts with a “clean slate”
- seniors – multiple studies have concluded that no demographic falls for Phishing scams more than seniors
- military personnel – deployed, active-duty members of the military are particularly vulnerable
- social media users – so much information is unwittingly shared on social media, both in posts and through interactive games like quizzes that this is one of the most vulnerable groups
- repeat victims – anyone who has been affected by identity theft is likely to be attacked again because their information is actively being traded out on the dark web
Although, when it comes down to it, anyone with a social security number is a potential victim. And the greatest enemy of security is complacency. Hackers hope that we are too busy, lazy, or inexperienced to be aware of their efforts so that they can use our information to make money.
With a little effort, you too can protect your digital identity.
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades I’ve worked as a technician, trainer, technical writer, and manager with small businesses, enterprise level organizations, and government, picking up a lot of skills on my journey. In addition, I’m an author, having published multiple works available online and in print.