New Ways to Prevent Identity Theft During the Holiday Season
by Christopher Elliott of Forbes.com
It's too easy to tune out advice about new ways to prevent identity theft and other threats to your personal information, even as the holiday shopping season gets into full swing. That seems like someone else's problem.
But if you feel that way, then check out this video, taken last month in Sacramento, Calif. The Placer County Sheriff’s Office was looking for two men caught on security cameras trying to withdraw money from stolen accounts.
That could be your money.
Or talk to Amie O'Shaughnessy, a travel agency owner from Piedmont, Calif., who contacted me this morning.
"Someone posed as me in an email to my finance manager and had her wire $50,000 out of our business account," she told me."I was powerless to influence or control what happened with the funds once they left the account, yet I’m 100% liable for the loss. This doesn’t seem right."
It's not right.
"Personal data is increasingly valuable," says Chris Dimitriadis, a board director for ISACA, an international professional association focused on IT governance. ISACA's latest report on cybersecurity suggests IT budgets are increasing as companies gear up for a war against cybercriminals.
"The cyber-threat landscape is expanding," adds Dimitriadis.
The fix? Understanding the extent of the problem (it's bigger than you thought), learning a few new strategies (they're not what you expect) and knowing when you've been compromised (believe it or not, you probably already have been).
You can prevent identity theft and other kinds of digital mayhem
Last month, Chubb hosted a panel with industry experts from ADT, Carnegie Mellon University and CyberScout outlining a range of cyber threats. The panel described real-life examples and anecdotes, and offered some best practices individuals and businesses can take to safeguard their personal information against some of today's biggest cyber risks. Here's the full video.
More than 10 billion consumer records have been compromised in 8,000 reported data breaches, according to Chubb. An astounding 64% of American adults have been victimized by one or more of these breaches, it found.
"Global economic costs of cybercrime are rising into the trillions of dollars annually," said Patrick Thielen, Chubb's senior vice president for cyber and technology product lead in North America, who led the panel discussion. "A large portion of that falls squarely on the shoulders of consumers."
If you don't have cyber insurance on your homeowner's policy, then you're out of luck and need a consumer advocate to help sort through it. This is where my advocacy team and I come in. But once the money is gone, it's really difficult to recover it, as my Forbes colleague Laura Shin recently explained.
How bad is the identity theft problem?
How bad is the identity theft problem at this time of year? Very bad, according to experts.
The National Retail Federation predicts that online and nonstore sales would increase by 10% to 12% in 2018, which means that more consumers are shopping online, and they are conducting more individual transactions.
"More transactions mean more opportunities for bad guys to trick users, hijack sessions, and steal personal information," says Chris Duvall, senior director at The Chertoff Group, a global security advisory firm.
It's not just more purchases, but our increased usage of phones and computers to complete those transactions. To prevent identity theft, you have to factor that into the equation.
"Our reliance on technology and, as a consequence, our digital footprints, are growing at an exponential rate," says Sean McGrath, a privacy expert and cybersecurity advocate at BestVPN.com. "As long as this trend continues, our personal information will always be more at risk now than it has at any other point in history. It’s simple math."
As if that's not enough, criminals are becoming more sophisticated, too.
"Cybercriminals are getting smarter with their attacks," says Idan Udi Edry, CEO of Trustifi, a secure email platform. Experts say the emails they're sending to would-be victims look more authentic than ever -- and have never been more effective.
Here are a few new ways to prevent identity theft
Experts say there are new ways to prevent identity theft during the holiday shopping season.
First, there's the sniff test.
“Beware of pricing that is too good to be true," says Scott Grissom, a vice president for Legal Shield, a legal services company. "Check reviews on greatly discounted items to make sure they do not have major problems. Online scammers often set up dummy websites, auction listings or ads that offer popular items far below market value. Trust your instincts and beware of scam sales.”
Use a credit card
Michael Bancroft, co-host of Globalive Media’s Beyond Innovation on Bloomberg Television, says plastic can protect you. "Consider using a credit card rather than a debit card because they tend to offer more robust fraud protections, and the money isn’t coming directly from your bank account," he says.
Beware of phishing emails from a business
Odia Kagan, partner and chair of GDPR compliance and international privacy at the law firm Fox Rothschild, says be on the lookout for any emails asking for information like passwords coming from a retailer. "Those could be phishing emails intended to use your data," says Kagan. "These emails are getting increasingly sophisticated, could contain personal information of yours and are no longer full of spelling mistakes."
Use a password vault
That's the advice of Araz Feyzi, the co-founder of Syfer, a cyber security device. "Let’s face it," he says. "Very few people manage their passwords properly. Most people pick easy-to-remember passwords, reuse them over and over, and change them very infrequently." Instead, he recommends using a password vault like 1Password or LastPass, which allow you to create, store, and manage your passwords.
"All information should be transferred to your browser from the server and vice versa through HTTPS -- and not HTTP," says Mihai Corbuleac, a senior IT consultant at ComputerSupport.com. "Verify that your session is encrypted and that your connection is secure." Corbuleac also recommends keeping your browser, operating system and the antivirus solution updated. Why? Unpatched software remains one of the most common causes of malware infections.
Avoid the "easy" check-out
Hani Mustafa, CEO of Jazz Networks, a cyber intelligence company, advises avoiding saving your personal information online. "Often, when booking flights, rental cars, or hotels, you're asked to create a profile to save your credit card information for an easier check-out,” he says. "More like an easier data loss!" Don't save your personal information on websites, and if you can't follow this advice, make sure you don't reuse a password, he says.
Practice safe computing
That's what Scott Shackelford, an associate professor of business law and ethics in the Indiana University Kelley School of Business, recommends. He recommends a program like Spirion (formerly Identity Finder) to find and encrypt sensitive information on your computer. "Also," he adds, "Don’t bank on your mobile phone, and consider using a separate secure wi-fi connection or other computer for personal computing at home.”
How do you know if you're compromised?
What's even harder than preventing your data from being compromised? Knowing if you've been hacked.
You can find out if your account has been compromised by checking Haveibeenpwned.com.
"One of the best and immediate signs is unknown charges or withdrawals that you did not make showing up on your statement," says William Rials, associate director of applied computing programs at Tulane University School of Professional Advancement. "During the holiday season, it is essential to keep a close look at all of your financial statements. Don’t wait until the end of the month to reconcile your accounts during the financial season. The more often you monitor and verify all charges and withdrawals, the better chance you have at stopping identity theft."
And it's not just the computer.
"Every time the phone rings," says Robert Siciliano, a security analyst with HotspotShield, "beware of scammers."
Better to keep your personal information safe using these practical strategies. Don't star in a police video -- or become an anecdote in one of my stories. Only you can prevent identity theft this holiday shopping season.
Christopher Elliott is the founder of Elliott Advocacy, a 501(c)(3) nonprofit organization that empowers consumers to solve their problems and helps those who can't. He's the author of numerous books on consumer advocacy and writes weekly columns for King Features Syndicate, USA Today, and the Washington Post. If you have a consumer problem you can't solve, contact him directly through his advocacy website. You can also follow him on Twitter, Facebook, and LinkedIn, or sign up for his daily newsletter.
Christopher Elliott is an author, journalist, and consumer advocate. He's written several books about customer service, including 'Scammed: How to Save Money and Find Better Service in a World of Schemes, Swindles, and Shady Deals' and 'How to Be The World's Smartest Traveler.’ He writes weekly columns for the Washington Post, USA Today and King Features Syndicate. And he's founded three nonprofit organizations devoted to consumer advocacy, including Elliott Advocacy (Elliott.org). For help with a consumer problem, contact him directly at email@example.com.