by Brian Thompson | Oct 3, 2022 | General, Identity Theft
The Identity Theft Resource Center (ITRC) published the 2022 ITRC Consumer Impact Report last week. It details a new scam known as “social media account takeover fraud,” in which cybercriminals and ID theft criminals hijack Facebook and Instagram accounts to steal personally identifiable information (PII).
Account takeover fraud (ATO), is when a fraudster successfully accesses your bank account, credit card account, cell phone account, utility account, Social Security account, or reward/loyalty card account. This occurs when malicious actors attempt to take control of an account using weak passwords, phishing, hacking, and/or credential stuffing.
What is happening…
Social media account takeover attacks have increased by more than 1,000% in the past 12 months, according to the ITRC. The results of a quick survey of victims who reported a social media account takeover are included in the 2022 Consumer Impact Report. The victims who participated in the micro-survey stated the following:
- 85 percent had their Instagram accounts compromised, while 25 percent had their Facebook accounts compromised.
- At least 48 percent of people clicked on a link they thought came from a friend,
- 22 percent of people fell for a cryptocurrency scam.
- 51 percent of victims who had their accounts compromised lost personal money or sales revenue
- 70 percent have been permanently locked out of their social media accounts
- 71 percent contacted friends listed in the social media account
- 67 percent report the criminal continued to post as the account owner after the lockout.
- 66% of victims claim to have experienced a strong emotional response after losing control of their social media account,
- including feelings of being:
- violated 92%
- suicidal 77%
- 83% worried or anxious
- 78% anger.
Eva Velasquez, President, and CEO of the ITRC, asserts that obtaining social media verification shows how reliable and credible your profile is. Scammers are, however, developing new methods of attack. According to Velasquez, “criminals offer to help people in the verification process.” After taking control of the account, they block the real owner and start posting as that person or company. ”
Velasquez recommends that “consumers follow the instructions for the verification process directly from platforms like Facebook and Twitter to get verified on social media safely.” Do not accept help from someone who says they can ‘assist’ you through the process. ”
When remote working began during the COVID-19 Pandemic, according to James Lee, the ITRC’s Chief Operating Officer, “social media account hijacking significantly increased.” Consumers should “be aware of suspicious messages from friends and not click on links found in emails or texts unless you are 100% sure they are safe,” according to Lee.
The article How Cybercriminals Use Public Online and Offline Data to Target Employees describes another social media account scam technique and shows how a LinkedIn post about a new job opportunity was actually a phishing scam.
We all need to be aware of how social media account holders are being set up for targeted attacks, including customers and business executives. Attackers may target your social media accounts if they have sufficient information about you or your online behavior.
What can you do, then?
With these five prevention suggestions, you can be proactive and avoid social media account takeovers:
- Never use the same password across multiple accounts, especially your social media ones.
- Use a strong passphrase with 20 characters or a password manager.
- Avoid clicking on any links or texts contained in shady (or unexpected) emails or texts.
- Use a VPN and two-factor authentication (2FA), especially when using public WiFi.
- Be wary of phishing scams that pose as well-known companies like LinkedIn, Microsoft, DHL, Amazon, Apple, Google, and Netflix.
Summary: Social Media Account Takeover Fraud
Cybercriminals and ID theft criminals hijack Facebook and Instagram accounts to steal personally identifiable information. Social media account takeover attacks have increased by more than 1,000% in the past 12 months. The quick survey results of victims are included in the Identity Theft Resource Center’s 2022 Consumer Impact Report. Scammers are developing new methods of attack to take control of social media accounts. Consumers can be proactive and avoid social media account takeovers. Use a VPN and two-factor authentication (2FA), especially when using public WiFi, to protect against account hijacking.
by Brian Thompson | Sep 22, 2022 | Breach, Identity Theft
So we hear ads about Identity Theft Protection pretty much every day now. But what’s ID Theft Protection, and what is the benefit?
Why should you care?
Because this is happening every day to people you know…causing stress, anxiety, problems at work and with family, and sleepless nights!
First, identity theft is not entirely avoidable, but there are things you can do to protect yourself. An Identity theft protection service can alert you to potential fraud and restore your identity if it gets stolen.
Identity Theft providers do the hard work for you. They do this by searching for your personal information on the dark web, social media, and other databases that can indicate bad actors have your information. Victims who are protected with an Identity theft protection program can turn to recovery advocates. Recovery advocates work for the provider and are specialists in Identity Theft Recovery services. The advocate will take over and complete tasks on behalf of the victim to ensure all concerns and steps are taken care of properly. Many services also offer insurance that can offset legal fees and other expenses related to restoring your identity.
What is identity theft protection?
Identity theft protection services monitor websites and databases for signs of your personal information, such as your social security, driver’s license number, medical ID, and bank account numbers.
When the provider finds your information where it should not be, they will send an alert suggesting a variety of actions. Monitoring will include a variety of places including sources such as, but not limited to:
- Dark web
- *Credit Monitoring
- Social media
- Change of Address Monitoring USPS
- Home Title Changes
- Court Records
- Utility, cable, or wireless services
- Payday loan applications
- Public Records
*Many identity theft protection services also include credit monitoring features. This generally provides notifications when credit is pulled and for changes to your credit report. Changes such as an increase in a credit card balance or a new account opened in your name, can indicate fraud.
And if your information is compromised, identity theft protection services kick in and help you resolve the issue. Most providers also include identity theft insurance, which offers up to $1 million for eligible expenses associated with resolving and restoring your identity, plus assistance from experts.
Buy or not to buy?
Identity theft protection services provide “Peace of Mind with a Place to Turn”. They help you detect fraud early, making it easier to stop the damage before it becomes an even bigger headache. These services are not free but they are a proactive solution to securing your personal information.
Before you sign up for one of these services, take time to understand how these services work to spot fraud and help you restore your identity. Just like in any industry, not all programs are the same. Pay close attention to the Recovery aspect of the service specifically!
Mitigate, Insure against losses, and be a resource when identity theft happens. The peace of mind comes with a nominal fee. Ask your employer if they offer Identity Theft Protection as an employee benefit!
by Brian Thompson | Sep 14, 2022 | Identity Theft
The Realities of Identity theft include Emotional Loss, Psychological Pain, Helplessness, Anger, Isolation, and Betrayal.
The report uncovered intense “pervasiveness of identity fraud against U.S. consumers” and found the following:
- 47 percent of U.S. consumers surveyed experienced identity theft
- 37 percent experienced application fraud (i.e. the unauthorized use of one’s identity to apply for an account)
- 38 percent of consumers experienced account takeover (i.e. unauthorized access to a consumer’s existing account).
The Aite Group report found an estimated 42 percent increase in identity-related losses from 2019 to 2020. This demonstrates how identity theft is “rapidly growing in severity and will continue to flourish.”
The report also found serious consumer dissatisfaction with the assistance provided to victims following an identity theft attack. Among those dissatisfied said they were unlikely to do business with the at-fault financial institution in the future.
Beyond the known financial events of identity fraud crimes, ITRC explores the emotional and psychological impact of identity theft. Of which includes “an all-time high number of victims who say that they have contemplated suicide.”
Most consumers (and businesses) only view the financial impact of identity theft. Very few understand and have empathy for the emotional impact of identity theft. Not knowing that the victim is dealing with emotional loss, psychological pain, helplessness, anger, isolation, and betrayal.
Whether the perpetrator of an identity theft victim is a stranger, family member, or friend, identity theft triggers deep emotions. Emotions related to financial security, physical safety, the safety of family members, the ability to trust again, and the feeling of being violated. All of which can lead to extreme stress, sleepless nights, and bouts of depression.
Highlighting how many respondents who were identity theft victims had “definable emotional impacts, physical consequences and lost opportunities”. And reported that “10 percent of victims said they considered suicide.”
“The 2021 Consumer Aftermath Report shows that the effects of identity theft, particularly during COVID-19, are far-reaching and accelerating,” said Eva Velasquez, president, and CEO of the Identity Theft Resource Center.
Velazquez noted “in the report, you see the range of emotions – anger, frustration, fear, hopelessness – in their own words. It is crucial we share these findings so others can better understand the ramifications of identity crimes. Additionally, we can help force change to better support these victims.”
And while the ITRC survey responses are somewhat of a surprise to me – I was really surprised by the comment from Dr. Brandn Green, a Ph.D. Research Scientist at Bethesda, Maryland-based Development Services Group.
Dr. Green, a Sociologist investigating the social and environmental determinants of behavioral health, stated “the risk of having one’s identity stolen and used to perpetrate fraud may be the least studied, and most common criminal experience that individuals can encounter.”
As we began the realities of Identity theft include Emotional Loss, Psychological Pain, Helplessness, Anger, Isolation, and Betrayal. Now, you have more understanding and can help point them in a constructive direction.
Businesses Struggle with Rising Cases of Identity Theft
by Brian Thompson | Sep 6, 2022 | General, Identity Theft
ISP’s are spying on your family. But what’s an ISP and why should I care? An ISP, or Internet Service Provider, is a company that lets you access the internet from home, usually via a monthly subscription. It’s like a cable company, but instead of connecting you with TV channels, an ISP connects you to the internet. An ISP may sell one or more types of internet service, also called connection types.
Your Internet Service Provider (ISP) is the first connection point between the Internet and your computer. And you should know that ISPs represent one of the many potential threats to online security. After all, you connect to the outside world through their network. Your IP address is the one they assign to you for the duration of your session.
Is my ISP really spying on me?
In a word, yes. Your ISP is likely looking at the websites you visit online. They track you so they can sell your browsing history to other companies. Ever notice how creepy ads follow you around the Internet? This is because you are being tracked.
ISPs can see almost everything you’re doing online. They know the websites you visit, your streaming services, and more. And if you’re not using an encrypted connection, they may even be able to see the usernames and passwords you are using.
What is my ISP doing with my information?
Here in the U.S. ISPs have had the right to sell your private browsing history since 2017, as long as they anonymized your personal data. Major ISPs like AT&T, Comcast, and Verizon said their customers would be able to opt out of data collection, but they make it really hard to do that. Resource: How to Opt Out of your ISP’s Data Collection
Also, ISPs learn a lot by analyzing metadata, which provides them with general information about the kind of user you are. For instance, they could get information on size, timing, and destination of your data packets, which could tell them whether you’re browsing the web, using Skype, downloading files with BitTorrent or streaming movies from Netflix.
This means that ISPs may have more information about you than Google or Facebook, which we all know stores tremendous amounts of data about us.
A good rule of thumb: if you are not taking steps to protect your privacy online, then you should assume that everything you do online, including your emails, are being tracked.
How can I protect myself?
ISPs obviously know a lot about you, but the good news is that you can do a few things to protect your privacy online:
- Only visit secured websites: When you visit a secure website (they start with https://), ISPs can’t see what you’re doing there. The entire communication between you and the secure website you are visiting is encrypted, leaving your ISPs with ciphers it can’t read. The good news is that the most popular services are using HTTPS connections these days.
- Use a VPN like Private WiFi – Using a VPN like Private WiFi on all of your devices is the best way to mask what you do online, including from your ISP. Private WiFi encrypts the connection and routes your connection through the VPN’s server. This encryption prevents your ISP from seeing what you’re doing online.
So what are you waiting for? ISP’s – Spying on your family but defend-id can help secure your connection with Private WiFi. Contact us today to learn more!
Related Articles:
Home WiFi isn’t Safe from Hackers
I use a VPN whenever I work remotely
by Brian Thompson | Aug 25, 2022 | General, Identity Theft
Unfortunately, scammers often see students as easy targets for identity theft. Assuming, as young adults, they are less knowledgeable about identity theft and fraud. Often, students are more likely to fall victim to identity fraud and a lot of that has to do with the environment they are in, the way they communicate, and the information they have to share with the school. With these 7 student identity theft protection tips, students will be better prepared as they embark on their college life.
7 Student Identity Theft Protection Tips
- Don’t overshare.
Social media can make it easy for a scammer to learn personal details about you. Be careful what information you share on these sites because you never know who might see your posts. Your birthday, address, previous schools, and even your pets’ names could be used to gain access to your passwords and accounts if you’ve used them as answers to security or password retrieval questions.
- Speaking of oversharing, be particularly protective of your Social Security number. There are very few instances when it is necessary to provide it (possibly when you’re applying for financial aid or for a job). Make certain that the party requesting your SSN is reputable. Ask them why it’s needed and how they will keep your number secure. Never carry your Social Security card with you; keep it, along with any other documents containing your personal information, in a safe or other secure location.
- This also means keeping your Federal Student Aid (FSA) ID private. For questions about financial aid, contact the Federal Student Aid Information Center at studentaid@ed.gov or 1-800-4-FED-AID — don’t give out personal information over the phone unless you initiated the contact.
- Keep your devices secure.
Would the thief be able to access any private information? Use your security settings to their fullest and be careful what you store on your hard drive. Saved logins and easily accessible personal data make it easy for whoever stole your device to take over your identity.
- Build strong passwords and change them frequently.
It may be tempting to use the same passwords across your accounts so they are easy to remember, but don’t! Make passwords stronger by taking out vowels and adding in special characters. Most sites have their own requirements for what makes a password strong; typically, they should be unique, around 10 characters long, and not easy to guess.
-
Know what to watch for
Think before you click, phishing scams come in all shapes and sizes. For example, fake scholarships and loan listings can be used to target college students. Before sharing any personal information on an application, be sure that the institution is reputable. Look closely for anything suspicious. If a scholarship application asks you to pay an application fee or provide your bank account information, it’s probably NOT legitimate.
- Secure your connection with a VPN, (Virtual Private Network).
Unsecured computer networks make it easy for others to hack your personal information. Since secure network connections are not always available in libraries, student centers, or other public places, use a VPN to encrypt your online activity. Related Article: Public WiFi is Putting You at Risk
- Monitor and track your accounts and transactions.
Review your financial accounts frequently. Monitoring your bank statements, credit card bills, and credit score can help you notice suspicious activity and resolve it quickly. Enable two-factor authentication, which makes it more difficult for scammers to get access. Set up transaction alerts to be notified of suspicious account activity. And always log out of online banking and other secure sites before exiting. If you ever notice questionable account activity, whether login attempts from unknown devices or purchases you didn’t make, report them to the related institution immediately. That institution will provide you with the next steps, such as freezing the account or sending you a new card, to help protect your identity.
- Shred financial documents.
Financial documents often include personal information that you don’t want out in the open. Shred or black out the information printed on credit card offers, as well as on any bank or credit card statements you may receive in the mail, before disposing of them
So stay diligent, think before you click, and use these 7 Student Identity Theft Protection Tips. Identity theft can follow a student well into their professional career and family life. Do what you can now to prevent issues in the future.
Students Targeted for Identity Theft
Online Students are Targeted
by Brian Thompson | Aug 18, 2022 | General, Identity Theft
Schools across the nation are kicking off the new school year, and students are targeted for Identity Theft and Fraud schemes! Schemes that we never worried about in the early 2000s. Student life was simple, desktops were for papers, no smartphones, no social media, and socializing was actually in person!
That is not today’s reality
Now more than ever, devices, Social Media, and advanced schemes have increased the risk for students. Risks that now are more prevalent due to the majority of students having constant connectivity.
A significant increase in phony LinkedIn, Facebook, and other social media friend requests placing many students at risk coupled the daily inundation of information/misinformation has given cybercriminals an endless resource to implement their attacks.
It’s not just college kids though…
K-12 districts across the U.S. have become targets as well.
The worst-hit states include:
- New York with 89
- Texas with 79
- Illinois and Ohio each with 60
- Florida with 58
Overall, Colleges account for 74% of education data breaches.
Please see this dated but still relevant, July 14, 2020 article titled FBI warning-cybercrimes are up and school districts could be the target, for more information.
What students and parents can do to mitigate risk?
Students and Parents can mitigate exposure to cyber scams and identity theft in the following ways.
- The COVID-19 pandemic has new email phishing attacks that try to trick parents working and students studying remotely into giving away credentials for access to their employers’ and college/university networks. You need to stay vigilant and be careful with every email.
- A new voice phishing scam uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from again – both parents and students.
- Limit what you share online, use, and regularly change strong passwords on devices.
- Know your rights. “Student rights” under the Federal Educational Rights and Privacy Act (FERPA) protect the privacy of student records.
Online students are being targeted by Identity Theft criminals now more than ever. As these criminals continue to use student information to obtain employment, rent an apartment, open a utility, cell phone, or bank account, or access government benefits be ever aware of new and emerging scams.
