New Ways to Prevent Identity Theft During the Holiday Season

Written By CURO Wealth Management

by Christopher Elliott of Forbes.com

It's too easy to tune out advice about new ways to prevent identity theft and other threats to your personal information, even as the holiday shopping season gets into full swing. That seems like someone else's problem.

But if you feel that way, then check out this video, taken last month in Sacramento, Calif. The Placer County Sheriff’s Office was looking for two men caught on security cameras trying to withdraw money from stolen accounts.

That could be your money.

Or talk to Amie O'Shaughnessy, a travel agency owner from Piedmont, Calif., who contacted me this morning.

"Someone posed as me in an email to my finance manager and had her wire $50,000 out of our business account," she told me."I was powerless to influence or control what happened with the funds once they left the account, yet I’m 100% liable for the loss. This doesn’t seem right."

It's not right.

"Personal data is increasingly valuable," says Chris Dimitriadis, a board director for ISACA, an international professional association focused on IT governance. ISACA's latest report on cybersecurity suggests IT budgets are increasing as companies gear up for a war against cybercriminals.

"The cyber-threat landscape is expanding," adds Dimitriadis.

The fix? Understanding the extent of the problem (it's bigger than you thought), learning a few new strategies (they're not what you expect) and knowing when you've been compromised (believe it or not, you probably already have been).


You can prevent identity theft and other kinds of digital mayhem

Last month, Chubb hosted a panel with industry experts from ADT, Carnegie Mellon University and CyberScout outlining a range of cyber threats. The panel described real-life examples and anecdotes, and offered some best practices individuals and businesses can take to safeguard their personal information against some of today's biggest cyber risks. Here's the full video.

More than 10 billion consumer records have been compromised in 8,000 reported data breaches, according to Chubb. An astounding 64% of American adults have been victimized by one or more of these breaches, it found.

"Global economic costs of cybercrime are rising into the trillions of dollars annually," said Patrick Thielen, Chubb's senior vice president for cyber and technology product lead in North America, who led the panel discussion. "A large portion of that falls squarely on the shoulders of consumers."

If you don't have cyber insurance on your homeowner's policy, then you're out of luck and need a consumer advocate to help sort through it. This is where my advocacy team and I come in. But once the money is gone, it's really difficult to recover it, as my Forbes colleague Laura Shin recently explained.

How bad is the identity theft problem?

How bad is the identity theft problem at this time of year? Very bad, according to experts.

The National Retail Federation predicts that online and nonstore sales would increase by 10% to 12% in 2018, which means that more consumers are shopping online, and they are conducting more individual transactions.

"More transactions mean more opportunities for bad guys to trick users, hijack sessions, and steal personal information," says Chris Duvall, senior director at The Chertoff Group, a global security advisory firm.

It's not just more purchases, but our increased usage of phones and computers to complete those transactions. To prevent identity theft, you have to factor that into the equation.

"Our reliance on technology and, as a consequence, our digital footprints, are growing at an exponential rate," says Sean McGrath, a privacy expert and cybersecurity advocate at BestVPN.com. "As long as this trend continues, our personal information will always be more at risk now than it has at any other point in history. It’s simple math."

As if that's not enough, criminals are becoming more sophisticated, too.

"Cybercriminals are getting smarter with their attacks," says Idan Udi Edry, CEO of Trustifi, a secure email platform. Experts say the emails they're sending to would-be victims look more authentic than ever -- and have never been more effective.

Here are a few new ways to prevent identity theft

Experts say there are new ways to prevent identity theft during the holiday shopping season.

First, there's the sniff test.

“Beware of pricing that is too good to be true," says Scott Grissom, a vice president for Legal Shield, a legal services company. "Check reviews on greatly discounted items to make sure they do not have major problems. Online scammers often set up dummy websites, auction listings or ads that offer popular items far below market value. Trust your instincts and beware of scam sales.”

Use a credit card

Michael Bancroft, co-host of Globalive Media’s Beyond Innovation on Bloomberg Television, says plastic can protect you. "Consider using a credit card rather than a debit card because they tend to offer more robust fraud protections, and the money isn’t coming directly from your bank account," he says.

Beware of phishing emails from a business

Odia Kagan, partner and chair of GDPR compliance and international privacy at the law firm Fox Rothschild, says be on the lookout for any emails asking for information like passwords coming from a retailer. "Those could be phishing emails intended to use your data," says Kagan. "These emails are getting increasingly sophisticated, could contain personal information of yours and are no longer full of spelling mistakes."

Use a password vault

That's the advice of Araz Feyzi, the co-founder of Syfer, a cyber security device. "Let’s face it," he says. "Very few people manage their passwords properly. Most people pick easy-to-remember passwords, reuse them over and over, and change them very infrequently." Instead, he recommends using a password vault like 1Password or LastPass, which allow you to create, store, and manage your passwords.

Browse safer

"All information should be transferred to your browser from the server and vice versa through HTTPS -- and not HTTP," says Mihai Corbuleac, a senior IT consultant at ComputerSupport.com. "Verify that your session is encrypted and that your connection is secure." Corbuleac also recommends keeping your browser, operating system and the antivirus solution updated. Why? Unpatched software remains one of the most common causes of malware infections.

Avoid the "easy" check-out

Hani Mustafa, CEO of Jazz Networks, a cyber intelligence company, advises avoiding saving your personal information online. "Often, when booking flights, rental cars, or hotels, you're asked to create a profile to save your credit card information for an easier check-out,” he says. "More like an easier data loss!" Don't save your personal information on websites, and if you can't follow this advice, make sure you don't reuse a password, he says.

Practice safe computing

That's what Scott Shackelford, an associate professor of business law and ethics in the Indiana University Kelley School of Business, recommends. He recommends a program like Spirion (formerly Identity Finder) to find and encrypt sensitive information on your computer. "Also," he adds, "Don’t bank on your mobile phone, and consider using a separate secure wi-fi connection or other computer for personal computing at home.”

How do you know if you're compromised?

What's even harder than preventing your data from being compromised? Knowing if you've been hacked.

You can find out if your account has been compromised by checking Haveibeenpwned.com.

"One of the best and immediate signs is unknown charges or withdrawals that you did not make showing up on your statement," says William Rials, associate director of applied computing programs at Tulane University School of Professional Advancement. "During the holiday season, it is essential to keep a close look at all of your financial statements. Don’t wait until the end of the month to reconcile your accounts during the financial season. The more often you monitor and verify all charges and withdrawals, the better chance you have at stopping identity theft."

And it's not just the computer.

"Every time the phone rings," says Robert Siciliano, a security analyst with HotspotShield, "beware of scammers."

Better to keep your personal information safe using these practical strategies. Don't star in a police video -- or become an anecdote in one of my stories. Only you can prevent identity theft this holiday shopping season.

Christopher Elliott is the founder of Elliott Advocacy, a 501(c)(3) nonprofit organization that empowers consumers to solve their problems and helps those who can't. He's the author of numerous books on consumer advocacy and writes weekly columns for King Features Syndicate, USA Today, and the Washington Post. If you have a consumer problem you can't solve, contact him directly through his advocacy website. You can also follow him on TwitterFacebook, and LinkedIn, or sign up for his daily newsletter.

Christopher Elliott is an author, journalist, and consumer advocate. He's written several books about customer service, including 'Scammed: How to Save Money and Find Better Service in a World of Schemes, Swindles, and Shady Deals' and 'How to Be The World's Smartest Traveler.’ He writes weekly columns for the Washington Post, USA Today and King Features Syndicate. And he's founded three nonprofit organizations devoted to consumer advocacy, including Elliott Advocacy (Elliott.org). For help with a consumer problem, contact him directly at chris@elliott.org.



Breaches from 2016 to 2018

Trust me, it’s not hype. It’s real. And as consumers of these services, we can’t stop these data breaches from happening. But depending on the breach, it usually takes only a couple of key actions to reduce how you’ll be affected, if at all.

The Breach Game Plan

No breach is the same; there is no list of the “top three ways” to reduce impact across the board. Can the same steps be followed when your bank, your pizzeria rewards club, or your fantasy football service gets hacked? Absolutely not.

The secret lies in pinpointing the specific information that’s at risk. Ask yourself, if attackers were to get ahold of this account, what could they access? From there, you can devise a simple game plan for almost any breach. Getting in this mind-set will help you as a consumer, but you can also impart this invaluable wisdom to your clients.

Credit and debit card information. We can always be safer with how we use our credit and debit cards, such as by entering payment information online only at HTTPS sites (as opposed to HTTP), never storing payment information on sites, and doing business only with companies we trust. But even so, our payment information will get out there, considering the amount of online shopping we do.

After catching wind of any breach of credit or debit card information, it’s best to:

  • Review your recent activity to see if any unauthorized charges occurred.

  • Report any unauthorized charges to your bank or credit card company.

  • Request a replacement card.

It’s also important to note that not all data breaches are properly disclosed—and many are disclosed months (or even years) after the compromise took place. Get in the habit of regularly monitoring your financial activity, and report anything suspicious as soon as you can.

Passwords. In the past few years, we’ve learned that LinkedIn, Yahoo, and Twitter passwords were all exposed on a mass scale. What should you do when something like this happens again? Change your password, but also ask yourself, Have I used this password or a similar password for other online accounts?

Even if you have the strongest password of all time (if such a thing could exist), if you use it in multiple places—and one of those places is breached—someone could access all accounts that use that password. Think about the benefits of breaking this “password reuse” habit. Next time an incident happens, all you would have to do is change that one breached site’s password. Adopting a password manager is one way to simplify this process.

Enabling multifactor authentication can also help protect your account behind an additional layer of security—like a smartphone or e-mail notification every time you use your password. So, if your password were exposed, an attacker would still need that other form of authentication to log in, which he or she is unlikely to have.

Social security number. Unlike a password, you can’t change a social security number and call it a day. What you can do is freeze your credit. As of September 2018, freezes are free, and they’re the most heavy-duty tool at your disposal for protecting your credit. It’s a preventive measure against (1) new lines of credit being opened in your name and (2) hard inquiries.

Some other tools worth looking into for an exposed social security number include:

  • Fraud alerts: These encourage companies to verify with you before opening new lines of credit.

  • Credit monitoring: These tools monitor your credit in real time for any changes. These are reactive and not proactive; they alert you after the unauthorized activity happens.

  • Identity theft protection services: For a hands-off approach to identity protection, these products offer tools and resources for one subscription fee.



Putting the Formula into Practice

Let’s apply what we’ve learned to a breach that doesn’t fit so cleanly into these categories: the 2018 Facebook breach.

First, some background: Facebook discovered a weakness that allowed attackers to take over any account. Attackers could find and reuse anyone’s unique access token, allowing them to authenticate users’ accounts. There was no known evidence of misuse, only the potential for it. Affected accounts were notified by Facebook via e-mail.

If you received such a message today, what would you do?

Making your own to-do list. Again, ask yourself: What does this account have access to? With social media specifically, the answer depends on how you use your account.

  • Does your profile have your real birth date?

  • What third-party applications do you have connected to your Facebook account?

  • Do you use Facebook Connect to log in to other online accounts—ones that might store your payment information?

  • Have you ever messaged a family member your Netflix password, credit card information, or even social security number?

Without the impossible one-size-fits-all list for remediating such a breach, I hope this line of thinking can help you create your own list. Once you identify what’s at stake, what steps do you take to lock it down? Can you separate those connected apps—or at least change their passwords? Do you need to limit the type of information you post on Facebook? Can you monitor anything else that may have been exposed, like a credit card number?



Will You Be Ready for the Next One?

When news of another breach hits the headlines, there’s no need to panic, but there is the need to take action. Getting in the mind-set we’ve laid out here can help you be proactive without going overboard. If a breach does affect you personally—to the point where someone is abusing your information and you can’t figure out what to do next—we recommend checking out the helpful resources at IdentityTheft.gov.

CURO Wealth Management
Previous

Data Breaches: A Guide to Reducing Impact
Next

Freezing Credit Will Now Be Free. Here's Why You Should Do It.