by Brian Thompson | Dec 9, 2021 | Breach, Identity Theft
The last two years have created an opportune environment for bad actors ensuring the Cyberdemic will continue into 2022.
As we continue to migrate our lives into the digital world with remote workforces and comfort we increase cybercriminals’ opportunity for attack. This year we have seen a significant shift in the focused attacks on supply chains, home networks, and a gigantic increase in healthcare breaches.
In its latest Data Breach Industry Forecast released Monday, Experian has 5 predictions that underscore the ongoing impact of the pandemic on cybersecurity. Criminals will continue to focus on the remote workforce, the healthcare system, and will begin to narrow their targets to exploit the weakest technologies.
5 Breach Trends for 2022
- Remote Workforce
Those working from home will certainly be targets for those looking to hack into your business. According to the report, home wireless networks are more vulnerable than business VPN’s. Businesses will need to focus on securing employee connections and education.
- Infrastructure
Biden’s infrastructure bill and the trillions of dollars approved by Congress will be a target. Electrical grids, dams, and transportation networks will be heavily targeted by foreign and domestic cybercriminals. Criminals will likely be looking to target funds at disbursement by using phishing and CEO fraud.
- Digital Assets
Cryptocurrencies and NFT’s (Non-Fungible Tokens)– will become greater targets for hackers as they gain more popularity. As we begin to understand and accept these assets as normal and useful, so will the criminals. Chances are, they are just waiting to realize their worth and inevitability.
- Natural Disasters
Natural disasters often bring out the best in those doing their best to help. People will donate to organizations that aim to give aid and help those who have been affected. Criminals will take advantage of our distress and target charitable giving by phishing and masking themselves as the organizations we trust. To complicate things further, supply chains will be broken and unreliable, making important emergency goods difficult to source… another vulnerability that hackers will exploit.
- Gambling
As more and more states are legalizing gambling, phishing scams will target the growing online gambling community. Common scams will include stolen credit card information, account hijacking, or creating sites that appear to be legitimate casinos.
The Identity Theft Resource Center reports that there have been 1,291 breaches in 2021 as of September. There were 1,108 in all of 2020, which is a 17% increase in just three quarters of the year.
The past two years have caused so many disruptions in our way of living and working but we need to increase our personal and professional focus on privacy. As a result, the Pandemic has created an abundance of opportunities ensuring the Cyberdemic will continue into 2022.
by Brian Thompson | Sep 1, 2021 | Breach, Identity Theft
Consumer behavior can help reduce the hacker threat we are all facing. With education and awareness, we can not only protect ourselves but the companies we work with and for.
Author (Matt Burgess) of Wired UK Magazine recommends six action items for consumers to help protect themselves including (6 Things You Need to Do to Prevent Getting Hacked | WIRED):
- The use of multi-factor authentication
- Password manager
- Learn how to spot a phishing attack
- Update/backup everything
- Encrypt everything and
- Wipe your digital footprint.
4 Personal Resolutions to help you
Nearly three years ago I published a similar article on January 18, 2019, titled 4 Personal Privacy Resolutions to Protect Yourself From ID Theft to help consumers with their privacy concerns, by writing about four resolutions including:
-
Social Media: you should reconsider the data you share on social media including Facebook, Twitter, Instagram, Snapchat, and even LinkedIn – as all five of these social media leaders have experienced one or more data breach events. Your resolution is to stop using social media, take a break, or reduce how much time you spend on it.
-
Password Management: using new and strong passwords is one of the best ways to protect yourself from identity theft. Using passwords that there are weak – and might even be used for multiple accounts, puts you at risk. Your resolution is to use a password manager that creates new, strong passwords. A PW manager will also scan existing passwords to flag reused and weak passwords.
-
Terms & Conditions: whenever I speak on the topics of cybersecurity, data breach, identity theft, and personal privacy – I always ask the audience “how many of you” have read the terms and conditions of your social media accounts or apps on your smartphones? The response is always zero. Your resolution is to read the terms and conditions of all new and current accounts. Reading T&C’s will help you understand what personal information that is being collected, used, and sold for marketing purposes.
-
Virtual Private Network (VPN): VPN software scrambles your IP address, encrypts data sent between your computer and the websites you visit, and masks your true location and service provider. This is important if you use public Wi-Fi. Your resolution to use a VPN will prevent hackers from seeing your traffic and potentially scraping sensitive information such as financial details. Public WiFi is Putting You at Risk
While I agree that consumers should be concerned about the recent T-Mobile data breach event where current and former customers are at a high risk of identity theft, consumers should be equally concerned about their behavior relating to social media, the internet of things, human error, and bad habits.
Consumer behavior can help reduce the threat of hackers but we have to educate ourselves and remain diligent.
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | Jun 23, 2021 | Breach, Identity Theft
Reality…no company can prevent a breach! Earlier this month I was a guest speaker at the 2021 Nebraska Credit Union League Annual Meeting & Convention.
One of my talking points was about the reality of data breaches and how the final story for most data breach events rarely reflects the initial news report. Initial reports speak of what is currently known about the breach. But those reports never cover the long-term impact of affected individuals and small businesses.
In case you missed it, some of the notable data breaches so far in 2021 include CNA, Experian, Facebook, GEICO, Instagram, LinkedIn, Microsoft, Tesla, and Microsoft.
The irony to these data breaches is that these businesses pride themselves on safeguarding PII (Personally Identifiable Information). An additional irony is that these businesses have more financial and information technology resources than most other businesses, and yet they still cannot prevent a data breach event from happening.
Reality
The reality of data breaches is that they occur almost every day – whether it is an accidental release (which is a polite phrase for carelessness, incompetence, or simply stupidity) or malicious intent (with the insider threat a common focal point, although the media heavily focuses on hacking events).
To help add clarity to the above, the recently released 2021 Verizon Data Breach Investigations Report (Verizon 2021 Data Breach Investigations Report Released) provides the latest data breach-related trends and statistics that can help both consumers and employees be proactive in mitigating their exposure to identity theft and data breaches.
This year’s Data Breach Investigations Report (DBIR) helps define words in an accurate and complete manner such as “incident” and “breach” and highlights the reality of data breaches that can support a cyber-risk management strategy for all businesses in general but small business in particular.
Things to know
- Social engineering is the most successful attack
- The top hacking vector in breaches is web application servers
- Denial of service is the most frequent way incidents occur
- 85 percent of breaches involved a human element
- Financially-motivated attacks are the most common
- Organized crime continues to be the number one attacker
- Compromised External cloud assets, more than on-premises assets
- The exploitation of Unpatched older vulnerabilities by attackers
- Credentials remain one of the most sought-after data types, followed by personal information
- Employees continue to make mistakes that cause incidents and breaches
- Lost and Stolen devices
- Misuse of Privileges
- Business Email Compromises were the second most common form of social engineering (COMPLACENCY MAKES HACKERS SUCCESSFUL)
- The majority of social engineering incidents were discovered externally
DBIR also states “phishing continues to be a top cause of data breaches, followed by stolen credentials and ransomware. Threat actors ‘will first exfiltrate the data they encrypt’ and threaten to reveal it publicly if the ransom isn’t paid.”
To conclude and while this year’s Verizon report highlights “the importance of building a culture of cybersecurity vigilance,” I believe that having a response and recovery program in place is just as important as having an information security and governance program in place.
Why, because I believe the reality of data breaches is that “no one company can ever prevent itself from experiencing a data breach event”. This is something I have been writing and speaking about for the last 15 years.
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | May 20, 2021 | Breach, Identity Theft
The danger of complacency makes hackers successful at phishing and ransomware.
The recent Colonial Pipeline cyberattack forced Colonial to shut down the pipeline. The shutdown created widespread fuel shortages in 11 states and Washington, D.C. All pointing to the true vulnerability of our companies and the detrimental effects of being complacent.
Complacency and phishing emails that spread malware are the main reason for the success of cybercriminals and ransomware attacks.
According to a December 2020 Digital Guardian blog titled A History of Ransomware Attacks, “ransomware has been a prominent threat to enterprises, SMBs, and individuals alike since the mid-2000s.”
Separately, according to the National Cyber Investigative Joint Task Force (NCIJTF), crimes such as financial fraud and identity theft are being exploited via the internet and technology through “the global cyber domain” every day.
To address this “evolving cyber challenge,” the NCIJTF released this FBI-IC3 Ransomware PDF Fact Sheet to educate the public on the ransomware threat.
The FBI’s Internet Crime Complaint Center (IC3) defines ransomware as; “a form of malware targeting both human and technical weaknesses in an effort to make critical data and/or systems inaccessible.
The irony to this evolving cyber challenge is that ransomware was originally intended to target individual consumers. Consumers are low stake opportunities but are still targets.
Instead, cybercriminals have taken ransomware to a more lucrative level by targeting higher-stakes opportunities such as:
- healthcare (hospitals, medical groups, and dental groups),
- professional services (law firms, accounting firms, and consulting firms),
- education (high schools, community colleges, and colleges),
- government agencies (law enforcement, city, and federal agencies).
In addition, digital money or cryptocurrencies such as Bitcoin and Ethereum are now targets. Cryptocurrencies are difficult to trace and can be transferred electronically without financial institutions that are regulated by governments. This fact has made ransomware more profitable than stealing data and selling it on the Dark Web.
What to do about it.
Consumers and employees – especially small business employees – should receive security training on a regular basis. Education about the latest security threats via online education and phishing simulation tests can dramatically reduce the threat.
The reality is that cybercriminals depend on the phrase “breach fatigue” and for consumers and employees to be complacent and careless about cybersecurity.
Two good examples of email security threats that consumers and employees need to be aware of are (1) spoofing and phishing and (2) Business Email Compromise.
To conclude, the potential for cybercriminals to shut down your home computer, the company you work for, or critical infrastructures such as gas pipelines, electric grids, and water supplies; along with mass transportation, railways, bridges, tunnels, and even airlines – should be enough motivation for consumers and employees to NOT be complacent. Because… Complacency makes hackers successful!
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | May 6, 2021 | Breach, Identity Theft
Each year your businesses struggle with rising cases of identity theft and it’s affecting everything. ID Theft can be detrimental to your employees, productivity, your reputation, revenue, and profit.
You take all the necessary measures to secure your systems and prevent data breach incidents. But what about personal data stolen from elsewhere? Is your company being defrauded by that data? What can you do to prevent identity fraud despite business efforts to protect their information assets?
What is happening?
Insider solo hackers and criminal gangs steal millions of consumer records each year from companies around the globe. Bad actors take advantage of weaknesses in the system security and operations. The stolen information is traded on the dark web and used by identity thieves around the world to quickly defraud businesses, governments, and individuals.
They, under someone else’s name:
- open new credit lines
- empty bank accounts
- seek expensive medical services
- receive government assistance
- buy merchandise or services
- and collect tax refunds
Identity theft may make your company vulnerable, regardless of how or where the consumer information is obtained. However, you have the option to mitigate identity theft and reduce fraud losses by implementing an effective identity theft program that incorporates training for your employees, management teams, board members, and customers to collectively prevent identity fraud.
What can you do?
You can implement an employee identity theft protection program with defend-id. defend-id has developed integrated resources to help businesses mitigate the risks of identity theft with our employee identity monitoring tools. defend-id will insure against identity fraud and provide full-service recovery for your employees when it does happen.
Can your organization protect against identity theft and keep employees, shareholders, customers, and auditors happy?
You don’t have to be one of the businesses that struggle with rising cases of identity theft. Contact defend-id or your benefits agent today to inquire about a program for your business today. www.defend-id.com
by Brian Thompson | Mar 4, 2021 | Breach, Identity Theft
The Criminal Investigation Division of the Internal Revenue Service (IRS) announced in its annual report that they “uncovered $2.3 billion in tax fraud during the 2020 fiscal year”. (IRS Releases Annual Report Identifying $2.3 Billion in Tax Fraud). These numbers put Tax and Unemployment fraud at epidemic levels!
The IRS said that its focus included Covid-19-related fraud, cybercrime, and other identity theft-related tax crimes.
Further explaining that their investigation into the Dark Web includes “terrorist financing cyber-enabled campaigns” where U.S. authorities seized millions of dollars. The IRS was able to take over 300 cryptocurrency accounts, four websites, and four Facebook pages all related to the criminal activity.
Then in January of this year, the Federal Trade Commission (FTC) released its annual identity theft and fraud report known as the “FTC Consumer Sentinel Network Data Book” (2020 FTC Consumer Sentinel Network Data Book).
The 2021 FTC report states that identity theft was once again the number one consumer complaint in the United States, with nearly twice as many identity theft victims in 2020 as there were in 2019.
The big story from this year’s FTC report is a 2,000 percent increase in government document or benefits fraud, such as unemployment insurance fraud. The Covid-19 pandemic created a windfall for individual scam artists and international cybercrime rings.
And just when we thought the news of identity theft and fraud could not be any worse, a February report was published on how “billions of dollars of unemployment aid ended up in the wrong hands. A result of fraudsters that exploited and overwhelmed state agencies” (How Fraudsters and Cyber Criminals Stole Billions of Dollars in Unemployment Aid).
While the Labor Department Inspector General is in the process of completing an investigation, estimates of at least $63 billion of unemployment aid, and possibly $100 billion of stolen taxpayer funds due to identity theft and fraud.
According to our partners at Merchants Information Solutions – Jeremy Villanueva, Manager of Customer Support Operations said that the defend-id/MIS ID Theft Restoration Center “experienced a massive increase in government documents and benefits fraud cases since the pandemic started last year.”
Villanueva stated, “the significant increase in unemployment insurance fraud is a direct result of ID theft criminals and fraudsters taking advantage of individual states willingness to quickly pay unemployment benefits without proper vetting of these claims.”
In the case of MIS, Villanueva said that “since March of 2020 when the country shut down for Covid-19 precautions, our restoration center realized a 1,600% increase over the previous year specific to unemployment insurance fraud cases.”
If you receive a 1099-G form in the mail showing benefits disbursed that you did not apply for or receive, your employer or you should take steps to make sure your personal information is secure by completing the following action items:
- If you receive a 1099-G form, contact your state unemployment benefits agency as this form does not come from the IRS.
- File an ID theft affidavit with the FTC and a local police report.
- Review your credit reports at annualcreditreport.com.
- Contact one of the reporting agencies and put a fraud alert on your account.
If you are a member or customer of defend-id services and need guidance, call 800-487-0160 to open a case with your professionally trained Recovery Advocate.
Not a member or customer yet? Visit https://www.defend-id.com/ to learn more!
by Mark Pribish