by Brian Thompson | Dec 1, 2020 | Breach, Identity Theft
The Cyber Threat Landscape Will Get Worse Before (and if) it Gets Better!
Based on the three “headline news” articles below, I believe no one organization can prevent a data breach event:
To prove this point, while the total number of data breaches was down in the first six months of 2020, over 27 billion records have been exposed so far this year (please see here) which is more than four times higher than any previously reported equivalent time period.
This leads me to believe two things:
- All the financial and IT resources of the U.S. government and private industry – no organization can prevent a data breach.
- Cyber threats and attacks are no longer just a technology risk – but a business and consumer risk.
So what can be done?
We need to create a new security culture with a new sense of urgency for both business and consumers.
If you are a business and you are not proactively monitoring the ongoing risk associated with cyber threats and attacks across your entire enterprise, including the Board/C-Suite level, you’re putting the viability of your business in serious jeopardy and creating liability by not adequately protecting your business assets along with your customer information.
And if you are a consumer – especially with employees working from home and students studying remotely – and you are not proactively monitoring your and your family members’ Personally Identifiable Information (PII), then you are increasing your risk to hackers and online scammers especially during the COVID crisis.
As the cyber threat landscape gets worse and COVID working environment changes, employers and consumers become more reliant on technology. We need to have a plan to respond and recover from a data breach and/or identity theft event.
When life is perfect and there are no data breach and identity theft events, we can relax. Unfortunately, life is not perfect. Recent FBI cybersecurity warnings reveal, a broken cybersecurity market, and a shortage of cybersecurity workers, we need to be careful.
So an important question to ask the organization you work for is what is the formal response and recovery plan that is in place in the event of a data breach or hacking event?
And as an individual consumer, the question to ask yourself is, are you doing everything you can to protect yourself and your family members against hackers and online scammers?
By Mark Pribish
Vice President and ID Theft Practice Leader
More Articles here: ID Theft Criminals Never Rest, Online Students are Targeted, Fraud in the Midst of COVID-19
by Brian Thompson | Nov 2, 2020 | Uncategorized
Cyber-Thieves and ID Theft criminals never rest and continue to stay ahead of law enforcement, businesses, and consumers.
And because of that fact, now is a great time for consumers and businesses to evaluate their cybersecurity posture – especially during the COVID-19 environment – with a focus on response and recovery.
Why response and recovery? Because consumers and employees continue to click on phishing emails and organizations continue to experience data breach events such as ransomware.
Two recent examples include Blackbaud (Blackbaud Ransomware Attack Gets Worse) and Twitter (Twitter Hackers Posed as Company IT Officials Making a Support Call).
Blackbaud – a cloud technology company confirmed in early October that “stolen data also included bank account data and Social Security numbers, far more personally identifiable information than the company first thought.”
Specific to Twitter, the New York State Department of Financial Services released its findings and concluded: “the hack was relatively unsophisticated, caused by scammers who posed as members of Twitter’s IT help desk and directed employees to a phishing website designed to look like a company site.”
Blackbaud is your typical data breach example where their first statement on July 16, 2020, said while they were hacked, “that credit card information, bank account information, or Social Security numbers were not stolen.”
Fast forward 60 days later and Blackbaud now admits that their data breach “had access to more unencrypted data than previously disclosed, including bank account information, Social Security numbers, usernames and/or passwords.”
Unfortunately, the final story for most data breaches rarely reflect the initial news report and speak of what’s known at the moment, but never discuss the long-term – which is exactly what happened to Blackbaud and Twitter.
The fact is that a data breach or ID Theft event can be a lifelong problem affecting you long into the future.
In Blackbaud’s case, their data breach event has affected 6 million people so far.
With all the education and resources businesses continue to fail phishing tests (after cyber-awareness training) and still click phishing emails.
My advice to consumers and small businesses is a heightened awareness of phishing emails, unfamiliar links, and attachments, and to reconsider the information that is being shared on social media.
After all, Cyber-Thieves and ID Theft criminals never rest and are unpredictable!
by Mark Pribish
Check out our article on Full-Service Recovery HERE
by Brian Thompson | Oct 9, 2020 | Breach, General, Identity Theft
The Internet of Things (IoT) is exposing you more than you may think! The IoT allows smart technology products such as gaming devices, home appliances, medical wearables, sports equipment, cars, and toys to send and receive data over the internet and to be controlled remotely
After hearing the phrase “uncertain times” for the last six months, I believe that it may be overused. Most consumers tune out the meaning of overused words and phrases relating to risk and danger.
Unfortunately, words such as cybersecurity, data breach, identity theft, personal privacy, and stolen credentials are still not understood by consumers.
Consumers continue to read that weak passwords and phishing emails as common access points for hackers and they are!. But, the new access point is the IoT as hackers are taking advantage of unsecured access to smart technology.
Two IoT exposure examples:
- Two recent examples include Why the Garmin Data Breach Should Be a Wakeup Call for Every CEO (please see here)
- Amazon Ring Leaks Thousands of Customer Data (please see here).
According to Chief Executive Magazine, “Garmin confirmed it had been the victim of a cyberattack that caused a days-long outage in late July, during which users worldwide were unable to upload their fitness data from the company’s sports devices. Garmin reportedly paid a sizable ransom to get its data back.”
And according to Threatpost – which is a leading source for IT and business security – “2019 saw an explosion of privacy issues and scandals for Amazon-owned Ring. Researchers found several flaws in the IoT device, including one that allowed attackers to spy on families, or one that exposed Wi-Fi network passwords.”
The good news is that smart technology has the potential to improve our lives from home security, energy conservation, to physical fitness. The bad news is that it increases exposure with poor security features and places the responsibility of security on the consumer.
The fact is smart technology devices collect, store, process, and use personal information. For example, information such as names, addresses, phone numbers, email addresses, payment account information, GPS-based location, and activity patterns.
A new security report from Palo Alto Networks states that “57% of IoT devices are vulnerable to cyberattacks of medium to high severity.”
The Palo Alto report offered best practices to protect IoT devices from cyberattacks including:
So, yes, the Internet of Things is exposing you but as described above, there are ways to mitigate that risk. Enjoy your smart technology devices, stay safe, change your default passwords, and stay up to date on the latest IoT updates.
By Mark Pribish
Vice President and ID Theft Practice Leader
An additional article about the Internet of things: PERSONAL PRIVACY AND THE INTERNET OF THINGS (IOT)
or… How public Wifi is putting you at risk: Public WiFi is Putting You at Risk
by Brian Thompson | Sep 29, 2020 | Uncategorized
|
|
|
Pizza in Chicago, Gift Card in Montreal
WHAT?
|
|
|
When my card was rejected at a small café in Stockbridge, MA where we had just had lunch we made a quick call to our credit card company and they asked if we had purchased…
“…purchased 2 pizzas in Chicago and a $1000 gift
card to a fishing supply store in Montreal”. No Way!
Clearly, we did not order a Pizza in Chicago and we had been hacked. We canceled the card immediately. But what if I hadn’t used that card that day? Then what?
So began my education about Identity Theft. I vowed to look into an Identity Protection solution ASAP.
I learned that Credit Card Fraud is
not the same thing as Identity Theft.
Credit Card Fraud is a potential consequence of identity theft. Here, a thief steals your credit card information and then makes purchases in a store or online. Most credit card companies have a liability limit of $50. This means that even if a thief has charged thousands of dollars to your card, you’d likely only have to pay $50. More often than not, credit card companies simply wipe out any charges that are the result of fraud.
But, Identity Theft involves much
more than a few fraudulent charges.
Identity thieves can steal your personal information to open a new line of credit, open a new credit card, or obtain a false ID in your name. Unlike credit card fraud, there’s no liability limit. That means you might end up paying for all the damage caused by an identity thief.
With identity theft, the impact can be much greater, lasting for years or even decades. With some types of identity theft, such as medical identity theft you may not realize you’re a victim until you get a call from a collections agency. *By then, the identity theft may be so embedded in your personal records that it feels like taking on a part-time job just to clear your name. You’ll not only deal with whatever bills are in the collection, but also credit bureaus, lenders, other financial institutions, and possibly even law enforcement.
*The real value in an Identity Protection
plan is to help in the recovery process.
defend-id’s “Fully Managed Recovery” feature provides the peace of mind of a dedicated certified Recovery Advocate. Your advocate will work on your behalf to perform all of the tasks necessary to restore your identity, completing and filing forms, research, and contacting all companies, agencies, and financial institutions necessary to ensure that any and all fraudulent activity that has been identified is addressed and resolved.
|
|
|
|
|
Identity theft happens every 2 seconds in the U.S.
Identities are stolen…
hours are spent in trying to dig out of the mess…
lives are turned upside down.
So if you ever have a “Pizza in Chicago…What?”, moment know there is a better way to resolve it!
|
|
|
|
|
|
|
|
|
|
|
by Brian Thompson | Sep 1, 2020 | General, Identity Theft
With colleges and universities beginning the new school year, online students are targeted in ID Theft and Fraud schemes! Online Fraud Schemes that we did not have to worry about when I was in school. I had the time of my life and made many lifetime friends when I attended the University of Dayton! Student life was simple, no laptops, no smartphones, no social media, socializing at the library, and the music was fantastic.
But what is happening now?
Now more than ever, Laptops, Smartphones, Social Media, and advanced schemes have increased the risk for students. Risks that now are more prevalent due to the majority of students studying online remotely, due to the COVID-19 pandemic, creating higher risk. And this May 27, 2020, Federal Trade Commission (FTC) article titled COVID-19 scams targeting college students confirms it.
With a significant increase in phony LinkedIn, Facebook, and other social media friend requests placing many students at risk – as this August 12, 2020 article titled COVID-19 is shattering cyberattack records highlights – the daily inundation of misinformation has given cybercriminals an endless resource of information to implement their attacks.
But college students are not the only targets
California had the most educational data breaches accounting for 157 of the 1,328 breaches (11.8 percent).
The worst-hit states include:
- New York with 89
- Texas with 79
- Illinois and Ohio each with 60
- Florida with 58
Overall, Colleges account for 74% of education data breaches.
Please see this July 14, 2020 article titled FBI warning-cybercrimes are up and school districts could be the target, for more information.
What students and parents to do mitigate risk?
Students and Parents can mitigate exposure to cyber scams and identity theft in the following ways.
- The COVID-19 pandemic has new email phishing attacks that try to trick parents working and students studying remotely into giving away credentials for access to their employers’ and college/university networks. You need to stay vigilant and be careful with every email.
- A new voice phishing scam uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from again – both parents and students.
- Limit what you share online, use, and regularly change strong passwords on devices.
- Know your rights. “Student rights” under the Federal Educational Rights and Privacy Act (FERPA) protects the privacy of student records.
Online students are being targeted by ID theft criminals now more than ever. As these criminals continue to use student information to obtain employment, rent an apartment, open a utility, cell phone, bank account, or to access government benefits be ever aware of new and emerging scams.
by Mark Pribish
VP and ID Theft Practice Leader
Related COVID-19 Fraud articles:
Fraud in the Midst of COVID-19
Telehealth Creates Cyber Risks
Coronavirus Fear and Anxiety Drives Phishing Scams
