COMPLACENCY MAKES HACKERS SUCCESSFUL

COMPLACENCY MAKES HACKERS SUCCESSFUL

The danger of complacency makes hackers successful at phishing and ransomware.

The recent Colonial Pipeline cyberattack forced Colonial to shut down the pipeline.  The shutdown created widespread fuel shortages in 11 states and Washington, D.C.  All pointing to the true vulnerability of our companies and the detrimental effects of being complacent.

Complacency and phishing emails that spread malware are the main reason for the success of cybercriminals and ransomware attacks.

According to a December 2020 Digital Guardian blog titled A History of Ransomware Attacks, “ransomware has been a prominent threat to enterprises, SMBs, and individuals alike since the mid-2000s.”

Separately, according to the National Cyber Investigative Joint Task Force (NCIJTF), crimes such as financial fraud and identity theft are being exploited via the internet and technology through “the global cyber domain” every day.

To address this “evolving cyber challenge,” the NCIJTF released this FBI-IC3 Ransomware PDF Fact Sheet to educate the public on the ransomware threat.

The FBI’s Internet Crime Complaint Center (IC3) defines ransomware as; “a form of malware targeting both human and technical weaknesses in an effort to make critical data and/or systems inaccessible.

The irony to this evolving cyber challenge is that ransomware was originally intended to target individual consumers. Consumers are low stake opportunities but are still targets.

Instead, cybercriminals have taken ransomware to a more lucrative level by targeting higher-stakes opportunities such as:

  • healthcare (hospitals, medical groups, and dental groups),
  • professional services (law firms, accounting firms, and consulting firms),
  • education (high schools, community colleges, and colleges),
  • government agencies (law enforcement, city, and federal agencies).

In addition, digital money or cryptocurrencies such as Bitcoin and Ethereum are now targets.  Cryptocurrencies are difficult to trace and can be transferred electronically without financial institutions that are regulated by governments.  This fact has made ransomware more profitable than stealing data and selling it on the Dark Web.

What to do about it.

Consumers and employees – especially small business employees – should receive security training on a regular basis.  Education about the latest security threats via online education and phishing simulation tests can dramatically reduce the threat.

The reality is that cybercriminals depend on the phrase “breach fatigue” and for consumers and employees to be complacent and careless about cybersecurity.

Two good examples of email security threats that consumers and employees need to be aware of are (1) spoofing and phishing and (2) Business Email Compromise.

To conclude, the potential for cybercriminals to shut down your home computer, the company you work for, or critical infrastructures such as gas pipelines, electric grids, and water supplies; along with mass transportation, railways, bridges, tunnels, and even airlines – should be enough motivation for consumers and employees to NOT be complacent.  Because… Complacency makes hackers successful!

By Mark Pribish
Vice President and ID Theft Practice Leader

What is a Credit Score?

What is a Credit Score?

Most of you have heard of it, but what is a credit score?

The most widely used scoring model in the United States and Canada is the FICO credit score. Developed in 1956 by a company called Fair, Isaac & Company (FICO), this model is designed to determine how likely you are to become 90 days late on any payment within the next twenty-four months. The model calculates the probability of loan delinquency.  It does so by comparing patterns in your credit history against the patterns of millions of other consumers.

FICO makes all these comparisons with software that uses complex equations and advanced analytics.  The comparison evaluates all the data in your credit report and distills it into a standardized, three-digit score.

But, let’s back up a minute. Where does all the credit report data come from?

Each financial choice you make – how much you spend on credit, how responsibly you pay down your debts, how many credit-related accounts you have, etc. – gets reported to three credit reporting agencies: Equifax, Experian, and TransUnion. When a lender orders a copy of your credit report, they also usually request the accompanying FICO credit score.  The report boils everything down into a single score based on that agency’s proprietary version of the FICO scoring model.

It’s important to note that while FICO works with the credit agencies, they do not control the information in your credit reports. Fico translates the data provided and returns a standardized score. So, to summarize:

  • You make financial choices.
  • The lending entities you interact with (banks, retailers, etc.) report your choices to the three credit reporting agencies.
  • The agencies use the FICO software to turn your data into a single credit score, which is then delivered to the lender reviewing your application for credit.

It may seem like there are a lot of moving parts, but because the choices you make drive the entire process, ultimately you’re the one in control. In fact, statistics show that, given thirty days, over 80% of loan applicants have the potential to improve credit scores.

 

Businesses Struggle with Rising Cases of Identity Theft

Businesses Struggle with Rising Cases of Identity Theft

Each year your businesses struggle with rising cases of identity theft and it’s affecting everything.  ID Theft can be detrimental to your employees, productivity, your reputation, revenue, and profit.    

You take all the necessary measures to secure your systems and prevent data breach incidents.  But what about personal data stolen from elsewhere?  Is your company being defrauded by that data?  What can you do to prevent identity fraud despite business efforts to protect their information assets?  

What is happening?

Insider solo hackers and criminal gangs steal millions of consumer records each year from companies around the globe.  Bad actors take advantage of weaknesses in the system security and operations.  The stolen information is traded on the dark web and used by identity thieves around the world to quickly defraud businesses, governments, and individuals. 

They, under someone else’s name:

  • open new credit lines
  • empty bank accounts
  • seek expensive medical services
  • receive government assistance
  • buy merchandise or services
  • and collect tax refunds

Identity theft may make your company vulnerable, regardless of how or where the consumer information is obtained. However, you have the option to mitigate identity theft and reduce fraud losses by implementing an effective identity theft program that incorporates training for your employees, management teams, board members, and customers to collectively prevent identity fraud.  

What can you do?

You can implement an employee identity theft protection program with defend-id.  defend-id has developed integrated resources to help businesses mitigate the risks of identity theft with our employee identity monitoring tools.  defend-id will insure against identity fraud and provide full-service recovery for your employees when it does happen. 

Can your organization protect against identity theft and keep employees, shareholders, customers, and auditors happy?

You don’t have to be one of the businesses that struggle with rising cases of identity theft.  Contact defend-id or your benefits agent today to inquire about a program for your business today.  www.defend-id.com

Synthetic ID Theft & Fraud to get WORSE

Synthetic ID Theft & Fraud to get WORSE

In August 2014, I wrote an article for the Arizona Republic titled Synthetic Identity Fraud Emerges As Growing Threat.   In the article, I pointed to the fact that synthetic ID Theft & Fraud is getting worse. Stating that “synthetic identity theft and fraud often include a combination of fake and real credentials using names, Social Security numbers, driver’s licenses, and employee identification numbers to create new ‘synthetic’ or fake identities.”

Fast forward to 2021 – nearly seven years later – and this April 26, 2021, Forbes article titled Identity Frauds That Might Pose A Threat To Your Company In 2021.

This Forbes article includes a brief summary of synthetic identity theft and fraud and made me think of how both small businesses and consumers need to increase their knowledge and awareness of their digital risk.

Think about it, both consumers and small businesses have entered the digital world where we are all at risk.  Examples of digital risk include a phishing attack; a hacking attack; or when your personal privacy or data privacy is exposed; or when your cloud computing or cloud storage vendor is hacked.

And to be clear – digital services such as the internet, website marketing, Apple and Google apps, and more, make it possible for small businesses to deliver more new products and services.  These same digital services also create more satisfying customer experiences.

However, with these great new digital services comes risk – or should I say “digital risk”. As I mentioned above, digital risk means unwanted and often unexpected outcomes.  Outcomes that stem from digital business processes and digital consumer services.

So what does all this mean?

First, there was a significant increase in the number of identity theft cases in 2020.  These cases are mainly due to the Covid-19 pandemic with employees working from home and students studying remotely.

Second, as businesses and consumers try to mitigate their exposure to data breaches and identity theft, cybersecurity experts anticipate another significant increase in identity theft and fraud in 2021.

One of those expected trends and contributing factors in cybercrime in 2021 will be the use of synthetic identity theft and fraud.

With synthetic identity theft and fraud helping in the authentication of an unauthorized individual by combining real and fake information, ID theft criminals are creating a completely new identity that looks so real – both businesses and consumers cannot tell the difference. 

So what can be done?  Cybersecurity experts are working on new technologies where financial companies can know verify consumers’ identity securely.

In addition, small businesses and consumers can help manage their digital risk by:

  1. Using stronger passwords and passphrases
  2. Implementing two-factor authentication to minimize the risk of identity theft and unauthorized login.

By Mark Pribish
Vice President and ID Theft Practice Leader

April 2021

Tax & Unemployment Fraud at Epidemic Levels

Tax & Unemployment Fraud at Epidemic Levels

The Criminal Investigation Division of the Internal Revenue Service (IRS) announced in its annual report that they “uncovered $2.3 billion in tax fraud during the 2020 fiscal year”. (IRS Releases Annual Report Identifying $2.3 Billion in Tax Fraud).  These numbers put Tax and Unemployment fraud at epidemic levels!

The IRS said that its focus included Covid-19-related fraud, cybercrime, and other identity theft-related tax crimes.

Further explaining that their investigation into the Dark Web includes “terrorist financing cyber-enabled campaigns” where U.S. authorities seized millions of dollars.  The IRS was able to take over 300 cryptocurrency accounts, four websites, and four Facebook pages all related to the criminal activity.

Then in January of this year, the Federal Trade Commission (FTC) released its annual identity theft and fraud report known as the “FTC Consumer Sentinel Network Data Book” (2020 FTC Consumer Sentinel Network Data Book).

The 2021 FTC report states that identity theft was once again the number one consumer complaint in the United States, with nearly twice as many identity theft victims in 2020 as there were in 2019.

The big story from this year’s FTC report is a 2,000 percent increase in government document or benefits fraud, such as unemployment insurance fraud.  The Covid-19 pandemic created a windfall for individual scam artists and international cybercrime rings.

And just when we thought the news of identity theft and fraud could not be any worse, a February report was published on how “billions of dollars of unemployment aid ended up in the wrong hands.  A result of fraudsters that exploited and overwhelmed state agencies” (How Fraudsters and Cyber Criminals Stole Billions of Dollars in Unemployment Aid).

While the Labor Department Inspector General is in the process of completing an investigation, estimates of at least $63 billion of unemployment aid, and possibly $100 billion of stolen taxpayer funds due to identity theft and fraud. 

According to our partners at Merchants Information Solutions – Jeremy Villanueva, Manager of Customer Support Operations said that the defend-id/MIS ID Theft Restoration Center “experienced a massive increase in government documents and benefits fraud cases since the pandemic started last year.”

Villanueva stated, “the significant increase in unemployment insurance fraud is a direct result of ID theft criminals and fraudsters taking advantage of individual states willingness to quickly pay unemployment benefits without proper vetting of these claims.”

In the case of MIS, Villanueva said that “since March of 2020 when the country shut down for Covid-19 precautions, our restoration center realized a 1,600% increase over the previous year specific to unemployment insurance fraud cases.

If you receive a 1099-G form in the mail showing benefits disbursed that you did not apply for or receive, your employer or you should take steps to make sure your personal information is secure by completing the following action items:
  • If you receive a 1099-G form, contact your state unemployment benefits agency as this form does not come from the IRS.
  • File an ID theft affidavit with the FTC and a local police report.
  • Review your credit reports at annualcreditreport.com.
  • Contact one of the reporting agencies and put a fraud alert on your account. 

If you are a member or customer of defend-id services and need guidance, call 800-487-0160 to open a case with your professionally trained Recovery Advocate.

Not a member or customer yet?  Visit https://www.defend-id.com/ to learn more!

by Mark Pribish

ID Theft Protection Market Outlook

ID Theft Protection Market Outlook

The id theft protection market outlook is anticipated to achieve a Compound Annual Growth Rate (CAGR) of 13.06% during the period of 2020-2028.  The “Global Identity Theft Protection Services Market Outlook 2028” report from ResearchAndMarkets.com‘s is out.

Identity Theft Protection Services refers to varying services giving people protection and peace of mind against identity theft and fraud. Services can include credit monitoring, ID theft monitoring, and other services that help you if you been targeted.

Factors of growth.
Factors such as the increasing occurrences of cybercrime and identity thefts around the globe, backed by the growing utilization of electronic identity and other advanced technologies are anticipated to promote the growth of the identity theft protection services market.

Additionally, increasing concerns for cyber crimes and identity thefts that has increased significantly in recent years.  These, along with the fear of mishandling important data, is raising the need to increasingly adopt identity theft protection services.  All are anticipated to drive the growth of the global identity theft protection services market.

The global identity theft protection services market consists of various segments.  These segments include type, services, end-user, and region. The theft type segment is further divided into monitoring services and identity recovery & identity theft insurance services. Among these segments, the monitoring services registered the largest share along with a value of around USD 3000 million in the year 2019.

Additionally, the segment is anticipated to cross a value of around USD 8600 million by growing at a CAGR of around 13% during the forecast period. The monitoring services segment is further divided into credit monitoring and identity monitoring. Out of these, the identity monitoring segment registered the largest market share and is further anticipated to grow at a CAGR of around 12% during the forecast period.

Get involved

defend-id is an identity theft protection provider designed for the agency and wholesale channel.  Dedicated to the channel, defend-id, puts the power in the agent’s hands to protect employee groups of all sizes.  The ID Theft Protection Market Outlook is great!  Don’t miss out on this timely, relevant benefit, check out defend-id today!

defend-id Agency Partnership Opportunities: https://www.defend-id.com/opportunities

Agency Sign up Process: https://youtu.be/bOQ2VU1meW0

Relevant Articles: Breached Records Skyrocketed in 2020

error

Enjoy this blog? Please spread the word :)