The Internet of Things (IoT) is exposing you more than you may think! The IoT allows smart technology products such as gaming devices, home appliances, medical wearables, sports equipment, cars, and toys to send and receive data over the internet and to be controlled remotely
After hearing the phrase “uncertain times” for the last six months, I believe that it may be overused. Most consumers tune out the meaning of overused words and phrases relating to risk and danger.
Unfortunately, words such as cybersecurity, data breach, identity theft, personal privacy, and stolen credentials are still not understood by consumers.
Consumers continue to read that weak passwords and phishing emails as common access points for hackers and they are!. But, the new access point is the IoT as hackers are taking advantage of unsecured access to smart technology.
Two IoT exposure examples:
Two recent examples include Why the Garmin Data Breach Should Be a Wakeup Call for Every CEO (please see here)
According to Chief Executive Magazine, “Garmin confirmed it had been the victim of a cyberattack that caused a days-long outage in late July, during which users worldwide were unable to upload their fitness data from the company’s sports devices. Garmin reportedly paid a sizable ransom to get its data back.”
And according to Threatpost – which is a leading source for IT and business security – “2019 saw an explosion of privacy issues and scandals for Amazon-owned Ring. Researchers found several flaws in the IoT device, including one that allowed attackers to spy on families, or one that exposed Wi-Fi network passwords.”
The good news is that smart technology has the potential to improve our lives from home security, energy conservation, to physical fitness. The bad news is that it increases exposure with poor security features and places the responsibility of security on the consumer.
The fact is smart technology devices collect, store, process, and use personal information. For example, information such as names, addresses, phone numbers, email addresses, payment account information, GPS-based location, and activity patterns.
Always check for and install the latest updates for every IoT device you own. This will keep you one step ahead of hackers and cybercriminals.
So, yes, the Internet of Things is exposing you but as described above, there are ways to mitigate that risk. Enjoy your smart technology devices, stay safe, change your default passwords, and stay up to date on the latest IoT updates.
By Mark Pribish
Vice President and ID Theft Practice Leader
Credit Freezes vs Credit locks, what you should know is that they are not exactly the same thing.
Credit freezes are now free, but credit bureaus are pushing you to lock your credit instead.
Why you want to know the difference
Consumers, in general, are more worried about identity theft than ever before and they should be. Identity theft is one of the fastest-growing crimes in the past years and will see a significant spike this year. According to a May 22, 2020 ComputerWeekly.com article titled Covid-19 will leave organizations exposed to higher cyber risks (please see here https://www.computerweekly.com/news/252483503/Covid-19-will-leave-organisations-exposed-to-higher-cyber-risks), “hacking attacks and phishing emails could become the new norm.”
The fact is the risk of a data breach event is now higher than ever based on the “increase in phishing email attacks, malicious keylogger attacks and the distribution of password-stealing software.” This means that consumers are more exposed now more than ever and might not know for months or even years that their Personally Identifiable Information (PII) was stolen.
Since the COVID-19 crisis began, state and federal law enforcement has reported on numerous cybersecurity attacks and phishing scams including:
Sophisticated COVID-19 related phishing attacks that use PDF attachments to bypass software security defenses
Fake shipping emails pretending to be from FedEx and UPS to trick customers into downloading malware
Phony LinkedIn “connect” and Facebook “friend” requests to trick users into downloading malware
Fraudulent small business lending emails targeting small business owners including small law firms
New and innovative “vishing” phone scams impersonating government organizations and charities to solicit donations
With the increase in cyber scams, breaches, and ID theft during the current COVID-19 crisis, consumers might consider placing a credit freeze on their credit report.
A credit lock and a credit freeze are similar forms of protecting your credit reports from being accessed by identity fraudsters. The two are often used interchangeably but they are different.
Freezing your credit with each of the three credit bureaus, Equifax, Transunion, and Experian restrict access to your credit for anyone attempting to access it. Access is granted only when you unfreeze your credit. Freezing and unfreezing your credit is free, by law, and requires you to use a password-protected account or pin number.
Locking your credit accomplishes the same restriction to your credit. But unlocking your credit is very easy and can be done immediately at any time. Unlocking can be done on your computer or your phone. This is beneficial because it is far easier to lock and unlock than it is to freeze and unfreeze. You will pay for the convenience of this service.
Both Freezing and Locking your credit prevent others from accessing your credit information, eliminating the possibility that a fraudster could open a new credit account in your name.
CREDIT FREEZES vs CREDIT LOCKS…The choice is yours but both options are worth considering to protect you and your family members.
With the growing Coronavirus impact on our society, scams are also growing exponentially. Below is a summary of several of the most common scams, and resources to help you stay ahead of this fraud in the midst of COVID-19.
Staying Vigilant Against Fraud in the Midst of COVID-19
In the midst of the COVID-19 pandemic, frauds and scams are emerging. Americans need to be aware that there are individuals attempting to profiteer from this emergency through online phishing scams, door-to-door COVID-19 testing offers, falsely promising free care, etc.
Report Suspected COVID-19 Fraud to National Center for Disaster Fraud Hotline:
Below is a list of 5 scams designed to defraud you in the midst of the COVID-19 pandemic.
Phishing Scams
We are all looking to keep up with all that is happening with the Coronavirus. Our eagerness and fear may be making us more vulnerable to fake coronavirus update emails, and texts. Think before you click on links, ask yourself if it makes sense. You may be one click away from being infected by malware and adding more stress to your life. Do not give out any personal information over the phone!
Fake Government Representations
The bad guys are pretending to be government representatives. Don’t respond to texts and emails about checks from the government. The details are still being worked out. Anyone who tells you they can get you the money now is a scammer.
Here is an example of a fake Government Representation:
As the U.S. government considers a financial relief package for citizens, false claims of the government sending a $1000 relief check to individuals are already in the works by scammers who seem to be a step ahead of any official decision. Fraudsters are posing as the government to collect your personal information such as Social Security numbers or bank account numbers to send out your “coronavirus financial aid” deposit.
Update and Donation Sites Websites designed to collect your Personal Identifiable Information (PII) are being published.
Some examples we have seen:
Coronavirus updates
Emergency Response Plan Sites
Donation Sites
Others include the “sale” of things like facemasks, sanitizer, test kits etc.
NO CURE… The FTC and FDA have jointly issued warning letters to seven sellers of unapproved and misbranded products, claiming they can treat or prevent the Coronavirus. The companies’ products include teas, essential oils, and colloidal silver.The FTC says the companies have no evidence to back up their claims — as required by law. The FDA says there are no approved vaccines, drugs or investigational products currently available to treat or prevent the virus. Read more about the warning letters.
Fake Jobs This has affected all of us in one way or another. Unfortunately, some have lost their jobs and are looking for a solution. The dirtbags know this and are creating fake job postings to entice some of us to participate in a scam or to provide PII. Make sure you know what you are applying for and do your research before you provide any information.
We are all dealing with this in our own ways but we need to be careful. Careful with each other but also with potential fraud in the midst of COVID-19.
If you think you have been a victim, please do not hesitate to reach out to us here at defend-id. Or if you spot a fraud please report it:
Report Suspected COVID-19 Fraud to National Center for Disaster Fraud Hotline:
John Iannarelli, former FBI Special Agent offers 4 SMB Cybersecurity tips. Is your business safe from the cybersecurity threat?
According to the Allianz Risk Barometer for 2020, cyber incidents ranked as the number one business risk in its ninth annual survey of risk experts.
Based on the above, I just interviewed former FBI Special Agent John Iannarelli (http://fbijohn.com/) in between his national television appearances on Fox News and Fox Business.
Mr. Iannarelli retired from the FBI after more than 20 years of service, during which time he was the FBI’s National Spokesperson, on the FBI Cyber Division executive staff, an FBI SWAT team member, and the Assistant Special Agent in Charge of the FBI’s Phoenix Division, where he oversaw all Criminal, Cyber, and Counter Intelligence investigations throughout Arizona.
Since leaving the FBI, Mr. Iannarelli is an active contributor for national news outlets, keynote speaker, author, and security consultant.
I asked Mr. Iannarelli for simple advice on how to keep small businesses safer in 2020. Here are his 4 cybersecurity tips for small businesses and sole proprietors:
Ransomware
“Maintaining a strong firewall, keeping your security software up to date, and the patching of vulnerable software is critical”, said Iannarelli. He also said, “The restoration of your computer files from a backup is the fastest way to safely regain access to your data.” Mr. Iannarelli recommends “to not pay the ransom as there is no guarantee that you will be able to regain access to your files and that once you pay the cybercriminals they are likely to attack again.”
Hackers steal consumer data from devices connected to unsecured networks by positioning themselves between you and the connection point. This means that instead of talking directly with the hotspot, you end up sending your data to the hacker. Mr. Iannarelli recommends “use of VPNencryption to help prevent cybercriminals from hacking into your Wi–Fi connection and intercepting the data you send and receive.”
Vendor Due Diligence
According to the Ponemon Institute, third-party breaches remain a dominant security challenge for small and large businesses. Over 63% of data breaches are linked to a third party. He said, “Small businesses should establish information security and governance best practices including a data breach and incident response policy and plan.”. A plan will protect your business, help win new business, and elevate your due diligence profile.
State and Federal Notification Laws
Since the United States does not have a Federal Privacy law. Mr. Iannarelli stated“understanding current state privacy laws where your small business conducts business is critical to responding to a data breach event in a timely and effective manner.”
If you have been victimized by an online scam or any other cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office.
By Mark Pribish
Vice President and ID Theft Practice Leader
Every consumer and small business owner needs to make a stronger cybersecurity commitment in 2020 to safeguard personal and business information.
To help with your cybersecurity commitment, we are highlighting three important topics:
Identity theft terms,
consumer need-to-knows,
and small business best practices.
First, Consumer Affairs has an identity theft glossary that serves as a great reminder to the current threat environment including:
Keylogger: A keylogger is a computer program that records a person’s keystrokes to obtain confidential data.
Phishing: Phishing is a popular type of internet scam in which fraudsters send emails claiming to be from a reputable company to trick individuals into revealing personal information.
Smishing: Similar to phishing, smishing (or SMS phishing) is when someone attempts to mine sensitive information under a fake identity through text messages.
Vishing: Like phishing or smishing, vishing is when an identity thief attempts to gain sensitive information over the phone.
Second, consumers need-to-know how to protect themselves from becoming a victim of ID theft:
Take the time to track credit and debit card transactions by regularly checking online banking activity for any suspicious activity.
Have a heightened awareness of harmful phishing, smishing and vishing scams that can be extremely harmful.
Third, small business needs to implement cybersecurity best practices to help mitigate their exposure from identity theft and data breach events:
Annual employee education should be the No. 1 priority. Education is key, the threat level is rising and you don’t want it to sink your business because your employees are not educated.
Consider adding cyber liability insurance to help respond to evolving state and federal breach notification laws since most small businesses lack the financial and human resources to respond to a data breach.
Unfortunately, as we learn and get better, so do the criminals. It is our responsibility to stay educated and protect ourselves and employees. Ring in 2020 with a stronger cybersecurity commitment to help reduce your cybersecurity risks.
By Mark Pribish
Vice President and ID Theft Practice Leader
Verizon built this report upon the analysis of 41,686 security incidents and 2,013 confirmed data breaches, the Verizon DBIR digs into the overall threat landscape, the actors, actions, and assets that are present in breaches.
The 2019 Verizon Data Breach Investigations Report (DBIR) Key Takeaways (please see here) highlights 12 key takeaways including:
Financial gain remains the most common motivate behind data breaches (71%)
43% of breaches affect small businesses
A third (32%) of breaches involved phishing
The nation-state threat is increasing, with 23% of breaches by nation-state actors
More than half (56%) of data breaches took months or longer to discover
Ransomware remains a major threat and is the second most common type of malware reported
Criminals increasingly target Business Executives with social engineering attacks.
Crypto-mining malware accounts for less than 5% of data breaches, despite the publicity it didn’t make the top ten malware listed in the report
Espionage is a key motivation behind a quarter of data breaches
60 million records breached due to misconfigured cloud service buckets
Continued reduction in payment card point of sale breaches
The hacktivist threat remains low, the increase in the DBIR 2012 report appears to be a one-off spike
An interesting takeaway:
Cyber attackers target the network, where executives are “six times more likely to be a target of social engineering than they were only a year ago; and, C-level executives are 12 times more likely to be the target.”
This means that Business Email Compromises (BEC) are proving successful for ID theft criminals and cyber thieves.
Verizon stated that BEC breaches represented 248 (18%) confirmed breaches out of the 2,013 confirmed data breaches. In addition, Risk-Based Security recently announced the release of its Q1 2019 Data Breach QuickView Report highlighting how over 1,900 data breach events — exposing over 1.9 billion records — were reported in the first three months on 2019.
According to Risk Based Security, “no other first quarter has seen this level of activity, putting 2019 on pace to be yet another ‘worst year on record’ for the number of publicly reported breaches.”
The report found “that 67.6% of records compromised in Q1 were due to exposure of sensitive data on the Internet.”
Freezing your credit with each of the three credit bureaus, Equifax, Transunion, and Experian restrict access to your credit for anyone attempting to access it. Access is granted only when you unfreeze your credit. Freezing and unfreezing your credit is free, by law, and requires you to use a password-protected account or pin number.
Locking your credit accomplishes the same restriction to your credit. But unlocking your credit is very easy and can be done immediately at any time. Unlocking can be done on your computer or your phone. This is beneficial because it is far easier to lock and unlock than it is to freeze and unfreeze. You will pay for the convenience of this service.
