by Brian Thompson | Feb 9, 2022 | Breach, Identity Theft, Uncategorized
Two years ago I wrote an article asking the question Is Your Digital Identity Safe? Two days ago I read an Infosecurity Magazine article stating Identity Theft Will Get Worse. It appears that Hackers are coming after you in 2022!
Specific to your digital identity and today’s threat landscape for consumers and small businesses, cyber thieves and ID theft criminals have evolved to the point where hacking and data breaches will happen at any time and can affect anyone.
As for the statement “identity theft will get worse,” the fact is that 2021 surpassed the all-time record for data breaches exposing the Personally Identifiable Information (PII) of millions of Americans.
As a reminder, examples of PII include:
- Name: full name, maiden name, mother’s maiden name, or alias
- Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, employee or student identification number, financial account, or credit card number
- Address information: street address, or email address
- Telephone numbers
- Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
- Biometric data: retina scans, voice signatures, or facial geometry
- Information identifying personally owned property: VIN number or title number
- Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person
And now our digital world, combined with a two-year pandemic, has consumers and small businesses worried. There is so much uncertainty in our world and cybercriminals, and their new scams are adding to the challenge.
Consumer?
If you are a consumer, recent digital risk examples making today’s headline news include How to avoid buying fake Covid tests online and BBB warns consumers of hackers posing as apps like Paypal and Venmo to steal your money.
Cyber thieves and ID theft criminals depend on human nature and emotion such as an individual’s tendency to trust others (e.g. phishing and vishing) and desperation (e.g. the chaos of supply chain shortages such as Covid-19 tests). These phishing and vishing tactics and fake websites have gained attention in recent weeks over the increasing number of identity theft victims.
Small Business Owner?
If you are a small business owner – trusting others and desperation are common risk factors just like a consumer – but it gets worse as Cyber risks top worldwide business concerns in 2022.
According to the just-released 12th Annual Allianz Risk Barometer Survey, cyber incidents at the top of the list. This is only the second time cyber has been at the top of the list in the survey’s history.
Cyber incidents, ransomware attacks, data breaches, or major IT outages worry businesses more than anything else. They worry businesses even more than a business interruption, supply chain disruption, or the COVID-19 pandemic.
To conclude, cyber thieves and ID theft criminals continue to find new and innovative ways to steal your personal information.
Both consumers and small business owners need to keep security education and awareness top of mind. Protecting our digital identities is crucial because hackers are coming for you in 2022.
Mark Pribish
by Brian Thompson | May 17, 2021 | General, Identity Theft, Uncategorized
Most of you have heard of it, but what is a credit score?
The most widely used scoring model in the United States and Canada is the FICO credit score. Developed in 1956 by a company called Fair, Isaac & Company (FICO), this model is designed to determine how likely you are to become 90 days late on any payment within the next twenty-four months. The model calculates the probability of loan delinquency. It does so by comparing patterns in your credit history against the patterns of millions of other consumers.
FICO makes all these comparisons with software that uses complex equations and advanced analytics. The comparison evaluates all the data in your credit report and distills it into a standardized, three-digit score.
But, let’s back up a minute. Where does all the credit report data come from?
Each financial choice you make – how much you spend on credit, how responsibly you pay down your debts, how many credit-related accounts you have, etc. – gets reported to three credit reporting agencies: Equifax, Experian, and TransUnion. When a lender orders a copy of your credit report, they also usually request the accompanying FICO credit score. The report boils everything down into a single score based on that agency’s proprietary version of the FICO scoring model.
It’s important to note that while FICO works with the credit agencies, they do not control the information in your credit reports. Fico translates the data provided and returns a standardized score. So, to summarize:
- You make financial choices.
- The lending entities you interact with (banks, retailers, etc.) report your choices to the three credit reporting agencies.
- The agencies use the FICO software to turn your data into a single credit score, which is then delivered to the lender reviewing your application for credit.
It may seem like there are a lot of moving parts, but because the choices you make drive the entire process, ultimately you’re the one in control. In fact, statistics show that, given thirty days, over 80% of loan applicants have the potential to improve credit scores.
by Brian Thompson | Apr 29, 2021 | Identity Theft, Uncategorized
In August 2014, I wrote an article for the Arizona Republic titled Synthetic Identity Fraud Emerges As Growing Threat. In the article, I pointed to the fact that synthetic ID Theft & Fraud is getting worse. Stating that “synthetic identity theft and fraud often include a combination of fake and real credentials using names, Social Security numbers, driver’s licenses, and employee identification numbers to create new ‘synthetic’ or fake identities.”
This Forbes article includes a brief summary of synthetic identity theft and fraud and made me think of how both small businesses and consumers need to increase their knowledge and awareness of their digital risk.
Think about it, both consumers and small businesses have entered the digital world where we are all at risk. Examples of digital risk include a phishing attack; a hacking attack; or when your personal privacy or data privacy is exposed; or when your cloud computing or cloud storage vendor is hacked.
And to be clear – digital services such as the internet, website marketing, Apple and Google apps, and more, make it possible for small businesses to deliver more new products and services. These same digital services also create more satisfying customer experiences.
However, with these great new digital services comes risk – or should I say “digital risk”. As I mentioned above, digital risk means unwanted and often unexpected outcomes. Outcomes that stem from digital business processes and digital consumer services.
So what does all this mean?
First, there was a significant increase in the number of identity theft cases in 2020. These cases are mainly due to the Covid-19 pandemic with employees working from home and students studying remotely.
Second, as businesses and consumers try to mitigate their exposure to data breaches and identity theft, cybersecurity experts anticipate another significant increase in identity theft and fraud in 2021.
One of those expected trends and contributing factors in cybercrime in 2021 will be the use of synthetic identity theft and fraud.
With synthetic identity theft and fraud helping in the authentication of an unauthorized individual by combining real and fake information, ID theft criminals are creating a completely new identity that looks so real – both businesses and consumers cannot tell the difference.
So what can be done? Cybersecurity experts are working on new technologies where financial companies can know verify consumers’ identity securely.
In addition, small businesses and consumers can help manage their digital risk by:
- Using stronger passwords and passphrases
- Implementing two-factor authentication to minimize the risk of identity theft and unauthorized login.
By Mark Pribish
Vice President and ID Theft Practice Leader
April 2021
by Brian Thompson | Apr 1, 2021 | Uncategorized
Last November I wrote an article titled The Cyber Threat Landscape Will Get Worse Before It Gets Better.
I wrote that article based on how information security and governance experts were alarmed at a “broken cyber market” and how cybersecurity professionals believed they were “outnumbered by cybercriminals” as attacks surged during the Covid-19 pandemic.
Well, just four months later I am writing the second part of my November article titled The Cyber Threat Landscape Will Get Worse Before It Gets Better: Part 2.
I am writing this month’s article based on the following news headlines from just the last two weeks:
Just when you think the cyber threat landscape cannot get any worse – CNA, the seventh-largest commercial insurance company in the world – and one of the leading cyber liability insurance underwriters, experienced a ransomware attack that forced the company to disconnect its systems, shut down its website, and adversely affected its corporate email.
How does this happen to one of the largest insurance companies in the world with more financial and information technology resources than most companies?
Unfortunately, this cyber-attack may have allowed cybercriminals to gain access to the cyber insurance policyholder’s confidential and detailed information.
This type of information could help a cybercriminal be more successful in determining a ransomware price that reflects the cyber coverage. This type of information could also help cybercriminals with targeted phishing emails.
As most of my readers know, targeted phishing threats are an elevated form of phishing virus attacks that use social engineering to get a specific person – in this case a CNA policyholder – to reveal sensitive and confidential information.
But it gets worse, as Javelin Strategy & Research released its annual identity fraud study and reported that “while total combined fraud losses climbed to $56 billion in 2020, identity fraud scams accounted for $43 billion of that cost” compared to the average annual fraud loss of $13 billion to $16 billion.
And it gets worse again with the unemployment benefits fraud debacle costing nearly $300 Billion because states were unprepared for the wave of applications resulting from the Covid-19 pandemic.
Lastly, and yes, it continues to get worse, as the FBI released its annual report on cybercrime affecting victims in the U.S., reporting on a record number of complaints and financial losses totaling over $4.2 billion to cybercrime in 2020.
To conclude and this is a hunch, I believe The Cyber Threat Landscape Will Get Worse before it gets better.
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | Jan 28, 2021 | Breach, General, Identity Theft, Uncategorized
Data Privacy Day, January 28th is a day that highlights what we can do in our personal and professional lives to ensure we are aware of the risks and doing our best to keep our data safe.
We all feel an increased exposure of our personal data. In fact, 79% of adults have concerns about how companies are using their information, according to a Pew Research Center study. But if we are serious about safeguarding ourselves and our customers there are some things we can learn about the data we create, how it is collected and ultimately used.
Here are a few simple but critical tips to consider when managing your personal data.
- Our personal information is a currency. We need to value and protect our personal information like money because it has a true value in the market. This data is valuable to companies as well as bad actors who are buying and selling our information on the dark web for profit. Our advice is to consider the benefits vs consequences of all the information you are providing online.
- Passwords, Passwords, Passwords… have you ever seen one of these lists without the reference to passwords? NO, and that is because we still have poor password habits. Make your passwords long and complex. Do not use the same password for multiple accounts and PLEASE do not use a post-it note with passwords stuck to your computer! Consider using a password vault app.
- 2-Factor Authentication. Great passwords are a start but 2-factor authentication for key accounts should also be used. Turn on these features for all of your financial accounts and any other account where it is available.
- Apps and Privacy Settings! Apps are more intrusive than you think! Many ask for your location, contact information, and access many other things before you can even use them. We suggest you manage your privacy settings to adjust them to your comfort level, NOT what they suggest or want. Every app you use has different privacy settings and features but the NCSA’ Manag Your Privacy Settings Page is very helpful in getting you started: https://staysafeonline.org/stay-safe-online/managing-your-privacy/manage-privacy-settings/
- Think before you CLICK! One-click can do so much damage to your privacy, customer data or create opportunities for Breach. If you are at home or at work, make sure you only click on links you are familiar with. If you are unsure, ask your IT team or leave it alone.
BONUS: What you share on social media may last forever. Think about what you are posting, who will see it, and how it could be used.
Data Privacy Day, January 28th gives us an opportunity to consider how to view our data and how we use it. More importantly, it gives us a chance to look at how we let others use it.
More Tips HERE:
by Brian Thompson | Nov 2, 2020 | Uncategorized
Cyber-Thieves and ID Theft criminals never rest and continue to stay ahead of law enforcement, businesses, and consumers.
And because of that fact, now is a great time for consumers and businesses to evaluate their cybersecurity posture – especially during the COVID-19 environment – with a focus on response and recovery.
Why response and recovery? Because consumers and employees continue to click on phishing emails and organizations continue to experience data breach events such as ransomware.
Two recent examples include Blackbaud (Blackbaud Ransomware Attack Gets Worse) and Twitter (Twitter Hackers Posed as Company IT Officials Making a Support Call).
Blackbaud – a cloud technology company confirmed in early October that “stolen data also included bank account data and Social Security numbers, far more personally identifiable information than the company first thought.”
Specific to Twitter, the New York State Department of Financial Services released its findings and concluded: “the hack was relatively unsophisticated, caused by scammers who posed as members of Twitter’s IT help desk and directed employees to a phishing website designed to look like a company site.”
Blackbaud is your typical data breach example where their first statement on July 16, 2020, said while they were hacked, “that credit card information, bank account information, or Social Security numbers were not stolen.”
Fast forward 60 days later and Blackbaud now admits that their data breach “had access to more unencrypted data than previously disclosed, including bank account information, Social Security numbers, usernames and/or passwords.”
Unfortunately, the final story for most data breaches rarely reflect the initial news report and speak of what’s known at the moment, but never discuss the long-term – which is exactly what happened to Blackbaud and Twitter.
The fact is that a data breach or ID Theft event can be a lifelong problem affecting you long into the future.
In Blackbaud’s case, their data breach event has affected 6 million people so far.
With all the education and resources businesses continue to fail phishing tests (after cyber-awareness training) and still click phishing emails.
My advice to consumers and small businesses is a heightened awareness of phishing emails, unfamiliar links, and attachments, and to reconsider the information that is being shared on social media.
After all, Cyber-Thieves and ID Theft criminals never rest and are unpredictable!
by Mark Pribish
Check out our article on Full-Service Recovery HERE
