by Brian Thompson | Feb 2, 2023 | Breach
Cybercrime is the third largest economy in the world, with costs estimated at around $8 trillion globally. This staggering figure highlights the alarming reality of the current digital landscape and the importance of taking cybersecurity measures seriously.
The United States and China, two of the largest economies in the world, are not immune to the threat of cybercrime. It is imperative that businesses, government organizations, and individuals take proactive steps to protect their assets and sensitive information. This includes investing in security measures such as firewalls, encryption technologies, and regular software updates, as well as preparing for potential breaches by having a comprehensive response plan in place.
Moreover, companies have a responsibility to protect their employees and customers from the damaging effects of a cyberattack. Personal information, financial data, and confidential business information must be kept secure to prevent identity theft, fraud, and loss of revenue.
Investing in cyber security is not just about protecting assets; it’s also about building trust with stakeholders. To ensure that they are protected against potential attacks, businesses must adopt a transparent and proactive security strategy. They must develop policies and procedures to protect their systems and invest in cutting-edge technology such as firewalls, anti-malware programs, and encryption software
Cybercrime is an alarming reality that is having a significant impact on the global economy. Companies and individuals must take proactive steps to secure their systems and protect sensitive information to avoid the devastating consequences of a cyberattack. The time to invest in cyber security is now, before it is too late.
Feeling unprepared for a breach?
We hear it all the time, breaches happening over and over again but what can we do to prepare for one? What plans do we have in place for when it happens? defend-id4B is here to give you a simple path to ensure you are ready.
defend-id4B provides your business with pre-breach response planning, post-breach regulatory response and notification services, and fully managed fraud recovery for compromised clients. Along with dark web monitoring, and business fraud restoration.
Related Breach article concerning the healthcare industry: Healthcare Breaches and Medical ID Theft
by Brian Thompson | Dec 28, 2022 | Breach, Identity Theft
Are financial companies protecting your personal data from Identity Theft and Fraud?
In July, I read that “cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion,” according to Juniper Research.
Online payment fraud includes losses such as those from digital sales, physical goods, banking transactions, and peer-to-peer payment apps.
I also read a November Consumer Affairs article titled “Scammers are using Facebook Marketplace, Zelle, and PayPal to snare new victims,” where “scammers are impersonating recognized businesses like Amazon, Apple, and other name-brand companies to appear reputable to their target, to then run off with their personal or financial information.”
Consumer Affairs reported, “the top 5 scams were bank/credit card (10.3%), debt/loan (6.6%), and free money (6.4%).”
According to Jim Luff, Corporate Communications Manager at Aurora Payments (a leading payment service and solutions provider), Aurora sent a March 2022 message to its merchants where Aurora Payments explained how the chargeback process is often used to commit fraud by claiming merchandise was not received, misrepresented or the result of “friendly fraud.”
In friendly fraud, online orders are placed by someone known to the cardholder, such as a child using a parent’s credit card without their knowledge. Aurora Payments shares detailed information about chargeback fraud in their merchant message, “The Great Chargeback Surge of 2022.
Consumer Affairs also reported that “many of the scams target consumers who use peer-to-peer payment services and other platforms connecting users directly to one another” and that “scammers were also “lurking” on P2P cash transfer apps Zelle (86%) and PayPal (31.8%).”
Fortunately, according to this November New York Times article titled “Banks Plan to Start Reimbursing Some Victims of Zelle Scams,” the seven banks that own Zelle (Bank of America, Capital One, JPMorgan Chase, PNC, Truist, U.S. Bank, and Wells Fargo) will now compensate customers who fall victim to certain kinds of Zelle related scams, including fake bank fraud texts, emails, and phone calls.
Which leads me to…
All of the above leads me to the Money20/20 USA Fintech Conference that I attended in October. It’s the largest global fintech event connecting the payments industry, including issuers (e.g., banks and credit unions providing debit, credit, or prepaid cards to consumers) and payment processors (e.g., Stripe, PayPal, or Square), along with payment networks such as American Express, Mastercard, and Visa.
During the conference, I picked up a copy of The State of Fraud and Financial Crime in the U.S., a survey of 200 financial institutions with assets of at least $5 billion. The surveyed executives held leadership positions in fraud and risk operations, money laundering, fraud strategy, fraud management, and technology and data science.
According to the survey, sponsored by PYMNTS, 62% of financial institutions reported an increase in financial crime year over year. Additional survey highlights included the following:
- The average cost of scams to each financial institution was $102 million.
- Fraud rates and losses increased for nearly all payment types in 2021.
- Smaller financial institutions are getting attacked the most.
- Authorized and unauthorized fraud types currently appear to be relatively equal, but scams are on the rise within authorized fraud.
- Criminal approaches are becoming more sophisticated, and most financial institutions consider this to be a problem.
What does all this mean? It means that while consumers are big targets for identity theft, fraud, and scams, financial institutions are bigger targets.
So back to the title of this article: are Are financial companies doing enough to protect your personal data from Identity Theft and Fraud? My answer is threefold:
- First, and based on my experience at the Money 20/20 Conference, I believe the payments processing industry is doing a good job managing fraud prevention to help make payment transactions safer for both consumers and businesses.
- Second, Zelle’s proposed rule change for early next year requiring the network’s member banks to compensate customers who fall victim to certain kinds of scams is very positive.
- Finally, based on the reality of bad actors such as nation states, cyber thieves, and identity theft criminals, the financial services industry will continue to be heavily targeted by identity thieves due to a large consumer account base and the significant amount of personal data these institutions collect and store.
by Mark Pribish
Practice Leader, Identity Theft, and Data Breach Services
43% of Breaches Affect Small Businesses
Why Provide Identity Theft Protection as an Employee Benefit?
by Brian Thompson | Dec 8, 2022 | Breach, Identity Theft
Gift card fraud rises during the holidays every year. So many of us love buying and using gift cards as gifts. They are practical, simple to purchase, simple to use, and simple to give as gifts. They typically let the recipient choose exactly what they want, and they are frequently given as rewards for actions.
According to estimates, the market for gift cards is worth hundreds of BILLIONS of dollars. Nobody dislikes receiving a free gift card, right? BUT, gift cards are unfortunately frequently used by con artists to defraud their victims of money.
There are many ways gift cards can be used by scammers, here are the top three, as noted by KnowBe4:
You Have to Use Gift Cards to Pay a Bill
One very typical scam involves a potential victim being contacted by someone, usually via voice call (although it can also be done via text message or email), and being informed that either their regular payment to a reliable service has been declined or that there is a new emergency charge. A good illustration of the former is when a con artist calls pretending to be the victim’s electric company. They will claim that the victim’s regular electricity payment was rejected and that unless they visit a store and pay the bill with gift cards, their electricity will be turned off in a matter of hours. Who would use gift cards to pay their electricity bill? You would be shocked. A who’s who of medical professionals, attorneys, and even law enforcement. People who previously thought they were too savvy to get scammed are often on the victim list.
A good illustration of the latter scam is when a caller pretends to be from the IRS or law enforcement and informs the victim that they owe an unpaid fine and that they will be arrested if they don’t pay right away. Who would think that the police or the IRS would take gift cards as payment for a fine? Once more, a higher proportion than you might guess.
How can you avoid this scam?
There is a very high chance that a request for an emergency payment is fraudulent, especially if it involves gift cards. If the caller is willing to provide their contact information, you can take it. If you ask them for their contact information, they typically hang up the phone immediately. In either case, get in touch with the company. Using a known phone number or email address and inquire about how to confirm the request’s legitimacy. The legitimate company will put you in touch with their billing department so you can confirm the request and pay the bill if it is genuine.
Gift Cards That Have Been Maliciously Modified in Stores
In this scheme, thieves steal department store gift cards, discover their personal PIN numbers, and then put them back on the shelves where a victim will find them. The fraudster can frequently spend the value of the gift card faster than the victim when the victim purchases the previously tampered with card and activates it. To find out when the gift card is activated and how much money is still on it, the fraudster can repeatedly call the store’s gift card number.
How can you avoid this scam?
When you purchase a gift card, check to see if it has been tampered with in any way. Choose gift cards from the bottom of the stack; this is not foolproof but may help. Most major retailers who use gift cards are aware of these scams, and many will you to guard against them. Some of them may even offer to reimburse you if you lose money.
“Win a free gift Card!”
This is a huge scam, particularly during the holidays. It’s a common gimmick to offer “Win a free $100 Amazon Gift Card!” Either you are required to download and run a file to “transfer” the gift card to you, or they will request personally identifiable information from you, such as your social security number or bank account information. There are thousands of legitimate circumstances where anyone can win a free gift card, which makes this particular phishing scam effective.
These scams can be easy to recognize because, despite the fact that they purport to be from a well-known, reputable company, the gift card URL, phone number, or email address is not from that company. Instead, they appear at random in emails or texts. But, again, this can be challenging because many trustworthy businesses hire outside contractors to handle their real free gift card distribution. It’s possible that the URLs, phone numbers, and email addresses you see don’t correspond to the actual, legitimate vendors.
When the offer is simply too good to be true, it more than likely is.
There are tons Gift Card Frauds During the Holidays. It’s typically a scam if someone contacts you and demands that you use a gift card to pay a bill. Simply ignore them if you can’t positively, unquestionably confirm that the gift card reward or request is legitimate or that a card hasn’t been tampered with. A $100 gift card is not worth the risk of losing your bank account and personal information.
Here is some guidance from the FTC regarding gift card fraud.
by Brian Thompson | Sep 22, 2022 | Breach, Identity Theft
So we hear ads about Identity Theft Protection pretty much every day now. But what’s ID Theft Protection, and what is the benefit?
Why should you care?
Because this is happening every day to people you know…causing stress, anxiety, problems at work and with family, and sleepless nights!
First, identity theft is not entirely avoidable, but there are things you can do to protect yourself. An Identity theft protection service can alert you to potential fraud and restore your identity if it gets stolen.
Identity Theft providers do the hard work for you. They do this by searching for your personal information on the dark web, social media, and other databases that can indicate bad actors have your information. Victims who are protected with an Identity theft protection program can turn to recovery advocates. Recovery advocates work for the provider and are specialists in Identity Theft Recovery services. The advocate will take over and complete tasks on behalf of the victim to ensure all concerns and steps are taken care of properly. Many services also offer insurance that can offset legal fees and other expenses related to restoring your identity.
What is identity theft protection?
Identity theft protection services monitor websites and databases for signs of your personal information, such as your social security, driver’s license number, medical ID, and bank account numbers.
When the provider finds your information where it should not be, they will send an alert suggesting a variety of actions. Monitoring will include a variety of places including sources such as, but not limited to:
- Dark web
- *Credit Monitoring
- Social media
- Change of Address Monitoring USPS
- Home Title Changes
- Court Records
- Utility, cable, or wireless services
- Payday loan applications
- Public Records
*Many identity theft protection services also include credit monitoring features. This generally provides notifications when credit is pulled and for changes to your credit report. Changes such as an increase in a credit card balance or a new account opened in your name, can indicate fraud.
And if your information is compromised, identity theft protection services kick in and help you resolve the issue. Most providers also include identity theft insurance, which offers up to $1 million for eligible expenses associated with resolving and restoring your identity, plus assistance from experts.
Buy or not to buy?
Identity theft protection services provide “Peace of Mind with a Place to Turn”. They help you detect fraud early, making it easier to stop the damage before it becomes an even bigger headache. These services are not free but they are a proactive solution to securing your personal information.
Before you sign up for one of these services, take time to understand how these services work to spot fraud and help you restore your identity. Just like in any industry, not all programs are the same. Pay close attention to the Recovery aspect of the service specifically!
Mitigate, Insure against losses, and be a resource when identity theft happens. The peace of mind comes with a nominal fee. Ask your employer if they offer Identity Theft Protection as an employee benefit!
by Brian Thompson | Jul 20, 2022 | Breach, healthcare, Identity Theft
Do healthcare breaches and Medical ID Theft go hand in hand?
I first want to refer back to an article from about two years ago titled Telehealth Creates Creates Cyber Risks. In the article, I stated that “the COVID-19 pandemic has increased consumer risks through cyber scams and medical identity theft.”
Fast forward one year to August 4, 2021 article titled Healthcare Data Breaches Most-Common Threats to Date in 2021. The article states, “the healthcare sector is once again in the top position as the most breached economic sector” and “healthcare has been at or near the top of the (data breach) chart since at least 2017.”
And again this year, we have seen the trend continue. Hackers hit health companies, insurers with increasing regularity – Inside
But Why Medical Records?
A primary reason ID theft criminals and cyber thieves target healthcare providers is the Electronic Health Record or EHR. EHR is the collection of patient information into a digital record. EHRs significantly improve administrative efficiency and medical proficiency through shared networks and exchanges.
A typical EHR includes
- medical history,
- medications,
- allergies,
- immunizations,
- laboratory test results,
- and radiology images.
Your EHR also includes your
- billing information such as personal information (e.g. date of birth, home address, and Social Security Number),
- insurance information,
- and financial information (e.g. credit card number).
Unfortunately, ID theft criminals and cyber thieves are mostly interested in your personal, insurance, and billing information. For this fact alone, healthcare data breaches continue to be “in the top position as the most breached economic sector.”
Things to Think About
Every health insurance plan you have ever had has your and your family’s Social Security Number (SSN). Almost every healthcare provider (such as a doctor of medicine or osteopathy, podiatrist, dentist, chiropractor, clinical psychologist, optometrist, nurse practitioner, nurse-midwife, or clinical social worker) that you or a family member have been to has your Social Security Number.
So back to the title of this article – Do healthcare breaches and Medical ID Theft go hand in hand? – the answer is a resounding YES based on the Personal Health Information or PHI that is collected, stored, and transferred through your Electronic Health Record.
To make matters worse, this article titled Organization Wide PHI Access is Commonplace at Most Healthcare Orgs reported that “nearly 20 percent of (PHI) files were open to every employee at a given healthcare organization starting on their first day of employment, pointing to troubling data security issues and poor PHI access controls.”
Based on the fact that cyber thieves are stealing healthcare data and are finding new ways to monetize phishing (fraudulent emails), vishing (fraudulent phone calls and voice mail messages) and smishing (fraudulent text messages), consumers need to pay attention to data breach news in general and healthcare data breach news in particular.
To conclude, consumers can also reduce their risk of medical identity theft by safeguarding their health insurance cards, and regularly reviewing credit reports, medical benefit explanations, medical bills, and prescription bills.
by Brian Thompson | Jun 29, 2022 | Breach, Identity Theft
Whether you are a consumer or a small-business owner Identity Theft should be top of mind. Protect yourself and your business by using these 10 tips to reduce your risk of identity theft.
First, what is Breach Fatigue or Alarm Fatigue?
Alarm fatigue is when we get desensitized to safety alerts and as a result, ignore or fail to respond appropriately to warnings. Breach Fatigue however is more specific. It’s when small business owners and consumers start to ignore the headlines of identity theft and data breaches. Fatigue desensitizes both business owners and consumers to be less likely to proactively protect themselves against the risks of identity theft.
Be proactive and prepared with these 10 Tips
Being proactive and prepared can reduce your exposure to the risks of identity theft.
Personal privacy
- Be more vigilant and hands-on with your personal-privacy settings. Also, be aware that most apps lack basic security defenses and create some sort of privacy issue.
- Stop ignoring terms and conditions. Read, understand, and use privacy settings and be diligent about your social networking. Beware of fake accounts unless you want to be a partner in your own identity theft.
- Protect your vehicle documents as if they were cash and regularly check for unusual activities after purchasing a vehicle.
- Read and understand the privacy policies of every organization you have a relationship with. Know how your information is protected, saved, analyzed, sold, and/or disclosed.
Identity theft
- Synthetic identity theft and fraud is an emerging threat. Check your credit-bureau report quarterly at no cost through annualcreditreport.com.
- No password is “unbreakable”. Do not make it easy for identity theft criminals by using weak passwords, or the same passwords.
- The best defense against phishing is to be aware that it happens every day. Assume you are being “phished” until you verify the source of an unexpected e-mail or call.
Cybersecurity
- Businesses need to understand that a data breach is inevitable. Your business profits, brand, and reputation depend on your data-breach response plan.
- Create a data breach response plan to safeguard your business against insider threats. Conduct pre-employment background screening, regularly test your business and information-security access controls, and regularly review your data retention policy.
- Cyber insurance may be a good option to help your business minimize today’s cyber-risks. Work with your insurance broker to determine your cyber-risks and the best coverage for your organization.
“the best defense is a good offense”. This strategic principle used in business, sports, and military combat for years and is very relevant for this discussion.
Protect yourself and your business by using these 10 tips to reduce your risk of identity theft. Because being proactive instead of having a passive attitude (e.g., breach fatigue) will help both small business owners and consumers be better prepared against everyday threats.
By Mark Pribish
Practice Leader, Identity Theft and Data Breach Services
