by Brian Thompson | Apr 1, 2021 | Uncategorized
Last November I wrote an article titled The Cyber Threat Landscape Will Get Worse Before It Gets Better.
I wrote that article based on how information security and governance experts were alarmed at a “broken cyber market” and how cybersecurity professionals believed they were “outnumbered by cybercriminals” as attacks surged during the Covid-19 pandemic.
Well, just four months later I am writing the second part of my November article titled The Cyber Threat Landscape Will Get Worse Before It Gets Better: Part 2.
I am writing this month’s article based on the following news headlines from just the last two weeks:
Just when you think the cyber threat landscape cannot get any worse – CNA, the seventh-largest commercial insurance company in the world – and one of the leading cyber liability insurance underwriters, experienced a ransomware attack that forced the company to disconnect its systems, shut down its website, and adversely affected its corporate email.
How does this happen to one of the largest insurance companies in the world with more financial and information technology resources than most companies?
Unfortunately, this cyber-attack may have allowed cybercriminals to gain access to the cyber insurance policyholder’s confidential and detailed information.
This type of information could help a cybercriminal be more successful in determining a ransomware price that reflects the cyber coverage. This type of information could also help cybercriminals with targeted phishing emails.
As most of my readers know, targeted phishing threats are an elevated form of phishing virus attacks that use social engineering to get a specific person – in this case a CNA policyholder – to reveal sensitive and confidential information.
But it gets worse, as Javelin Strategy & Research released its annual identity fraud study and reported that “while total combined fraud losses climbed to $56 billion in 2020, identity fraud scams accounted for $43 billion of that cost” compared to the average annual fraud loss of $13 billion to $16 billion.
And it gets worse again with the unemployment benefits fraud debacle costing nearly $300 Billion because states were unprepared for the wave of applications resulting from the Covid-19 pandemic.
Lastly, and yes, it continues to get worse, as the FBI released its annual report on cybercrime affecting victims in the U.S., reporting on a record number of complaints and financial losses totaling over $4.2 billion to cybercrime in 2020.
To conclude and this is a hunch, I believe The Cyber Threat Landscape Will Get Worse before it gets better.
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | Jan 28, 2021 | Breach, General, Identity Theft, Uncategorized
Data Privacy Day, January 28th is a day that highlights what we can do in our personal and professional lives to ensure we are aware of the risks and doing our best to keep our data safe.
We all feel an increased exposure of our personal data. In fact, 79% of adults have concerns about how companies are using their information, according to a Pew Research Center study. But if we are serious about safeguarding ourselves and our customers there are some things we can learn about the data we create, how it is collected and ultimately used.
Here are a few simple but critical tips to consider when managing your personal data.
- Our personal information is a currency. We need to value and protect our personal information like money because it has a true value in the market. This data is valuable to companies as well as bad actors who are buying and selling our information on the dark web for profit. Our advice is to consider the benefits vs consequences of all the information you are providing online.
- Passwords, Passwords, Passwords… have you ever seen one of these lists without the reference to passwords? NO, and that is because we still have poor password habits. Make your passwords long and complex. Do not use the same password for multiple accounts and PLEASE do not use a post-it note with passwords stuck to your computer! Consider using a password vault app.
- 2-Factor Authentication. Great passwords are a start but 2-factor authentication for key accounts should also be used. Turn on these features for all of your financial accounts and any other account where it is available.
- Apps and Privacy Settings! Apps are more intrusive than you think! Many ask for your location, contact information, and access many other things before you can even use them. We suggest you manage your privacy settings to adjust them to your comfort level, NOT what they suggest or want. Every app you use has different privacy settings and features but the NCSA’ Manag Your Privacy Settings Page is very helpful in getting you started: https://staysafeonline.org/stay-safe-online/managing-your-privacy/manage-privacy-settings/
- Think before you CLICK! One-click can do so much damage to your privacy, customer data or create opportunities for Breach. If you are at home or at work, make sure you only click on links you are familiar with. If you are unsure, ask your IT team or leave it alone.
BONUS: What you share on social media may last forever. Think about what you are posting, who will see it, and how it could be used.
Data Privacy Day, January 28th gives us an opportunity to consider how to view our data and how we use it. More importantly, it gives us a chance to look at how we let others use it.
More Tips HERE:
by Brian Thompson | Nov 2, 2020 | Uncategorized
Cyber-Thieves and ID Theft criminals never rest and continue to stay ahead of law enforcement, businesses, and consumers.
And because of that fact, now is a great time for consumers and businesses to evaluate their cybersecurity posture – especially during the COVID-19 environment – with a focus on response and recovery.
Why response and recovery? Because consumers and employees continue to click on phishing emails and organizations continue to experience data breach events such as ransomware.
Two recent examples include Blackbaud (Blackbaud Ransomware Attack Gets Worse) and Twitter (Twitter Hackers Posed as Company IT Officials Making a Support Call).
Blackbaud – a cloud technology company confirmed in early October that “stolen data also included bank account data and Social Security numbers, far more personally identifiable information than the company first thought.”
Specific to Twitter, the New York State Department of Financial Services released its findings and concluded: “the hack was relatively unsophisticated, caused by scammers who posed as members of Twitter’s IT help desk and directed employees to a phishing website designed to look like a company site.”
Blackbaud is your typical data breach example where their first statement on July 16, 2020, said while they were hacked, “that credit card information, bank account information, or Social Security numbers were not stolen.”
Fast forward 60 days later and Blackbaud now admits that their data breach “had access to more unencrypted data than previously disclosed, including bank account information, Social Security numbers, usernames and/or passwords.”
Unfortunately, the final story for most data breaches rarely reflect the initial news report and speak of what’s known at the moment, but never discuss the long-term – which is exactly what happened to Blackbaud and Twitter.
The fact is that a data breach or ID Theft event can be a lifelong problem affecting you long into the future.
In Blackbaud’s case, their data breach event has affected 6 million people so far.
With all the education and resources businesses continue to fail phishing tests (after cyber-awareness training) and still click phishing emails.
My advice to consumers and small businesses is a heightened awareness of phishing emails, unfamiliar links, and attachments, and to reconsider the information that is being shared on social media.
After all, Cyber-Thieves and ID Theft criminals never rest and are unpredictable!
by Mark Pribish
Check out our article on Full-Service Recovery HERE
by Brian Thompson | Sep 29, 2020 | Uncategorized
|
|
|
Pizza in Chicago, Gift Card in Montreal
WHAT?
|
|
|
When my card was rejected at a small café in Stockbridge, MA where we had just had lunch we made a quick call to our credit card company and they asked if we had purchased…
“…purchased 2 pizzas in Chicago and a $1000 gift
card to a fishing supply store in Montreal”. No Way!
Clearly, we did not order a Pizza in Chicago and we had been hacked. We canceled the card immediately. But what if I hadn’t used that card that day? Then what?
So began my education about Identity Theft. I vowed to look into an Identity Protection solution ASAP.
I learned that Credit Card Fraud is
not the same thing as Identity Theft.
Credit Card Fraud is a potential consequence of identity theft. Here, a thief steals your credit card information and then makes purchases in a store or online. Most credit card companies have a liability limit of $50. This means that even if a thief has charged thousands of dollars to your card, you’d likely only have to pay $50. More often than not, credit card companies simply wipe out any charges that are the result of fraud.
But, Identity Theft involves much
more than a few fraudulent charges.
Identity thieves can steal your personal information to open a new line of credit, open a new credit card, or obtain a false ID in your name. Unlike credit card fraud, there’s no liability limit. That means you might end up paying for all the damage caused by an identity thief.
With identity theft, the impact can be much greater, lasting for years or even decades. With some types of identity theft, such as medical identity theft you may not realize you’re a victim until you get a call from a collections agency. *By then, the identity theft may be so embedded in your personal records that it feels like taking on a part-time job just to clear your name. You’ll not only deal with whatever bills are in the collection, but also credit bureaus, lenders, other financial institutions, and possibly even law enforcement.
*The real value in an Identity Protection
plan is to help in the recovery process.
defend-id’s “Fully Managed Recovery” feature provides the peace of mind of a dedicated certified Recovery Advocate. Your advocate will work on your behalf to perform all of the tasks necessary to restore your identity, completing and filing forms, research, and contacting all companies, agencies, and financial institutions necessary to ensure that any and all fraudulent activity that has been identified is addressed and resolved.
|
|
|
|
|
Identity theft happens every 2 seconds in the U.S.
Identities are stolen…
hours are spent in trying to dig out of the mess…
lives are turned upside down.
So if you ever have a “Pizza in Chicago…What?”, moment know there is a better way to resolve it!
|
|
|
|
|
|
|
|
|
|
|
by Brian Thompson | Jul 2, 2020 | Uncategorized
Since people started working from home due to the COVID-19 crisis, risk has had gone up! Medical ID Theft, financial and non-financial identity theft, fraud and scams have significantly increased.
Keyword phrases such as cybercrime, cyber thieves, data breach, digital spying, identity theft, personal privacy, phishing, and reputational risk have been reported and written about relating to both individuals and businesses more than ever.
As if it was not enough to constantly fight hackers and scammers at the office, most American workers are now fighting the same hackers, scammers and ID theft criminals remotely, from our “private” homes.
Understanding that many people live their lives online through social media, dating websites, reading the news, and the use of smartphones – the COVID-19 crisis has increased access points to the American consumer and worker more than ever.
One example of a new access point for many consumers is Telehealth.
According to the Centers for Disease Control (CDC) June 10, 2020 update titled Using Telehealth to Expand Access to Essential Health Services during the COVID-19 Pandemic (please see here), “Telehealth services help provide necessary care to patients while minimizing the transmission risk of the COVID-19 virus to healthcare personnel (HCP) and patients” and “while telehealth technology and its use are not new, widespread adoption among Healthcare Providers and patients beyond simple telephone calls has been relatively slow.”
The CDC stated that recent policy changes during the COVID-19 pandemic have reduced barriers to telehealth access and have promoted the use of telehealth as a way to deliver acute, chronic, primary and specialty care that can help improve patient health outcomes.
However, and while Telehealth is a timely, valuable and useful tool, this June 22, 2020 article titled Security Experts Warn Of Elevated Threat Of Medical ID Theft During Coronavirus Pandemic (please see here) reported that “the coronavirus pandemic presents a greater threat for medical identity theft as patients interact with the health care system.”
One security expert, Randy Pargman, a former senior computer scientist with the Federal Bureau of Investigation (FBI) said that “companies across the board are more susceptible to theft of personal information during this pandemic because the attackers know they can take advantage of this situation.”
Pargman also said, “patient files are rife with personal data ranging from social security numbers to insurance information.”
Whether it is a cybercriminal hacking medical files or the insider threat stealing medical files, I am certain that Telehealth services have just as many vulnerabilities as the many healthcare systems, hospitals, and medical groups that have already experienced data breach events.
As we continue to work from home, we need to be more vigilant than ever about the cyber scams, phishing scams, hackers, and insider threats that are targeting our online presence – including Telehealth services.
by Mark Pribish
Learn more: Health Care Schemes & COVID-19 Pandemic
by Brian Thompson | Nov 15, 2019 | General, Identity Theft, Uncategorized
Have you ever thought about how installing smart or connected devices such as a residential doorbell or security camera using a Wi-Fi connection can put your personal or business data at risk of being hacked or sold to third parties like advertisers? Personal privacy and the internet of things should be on all of our minds as we continue to become more and more connected.
Day to Day Convenience
An October 1, 2019 article titled Smart Home Devices and Privacy Risk (please see here) states “while ‘smart home’ or internet of things (IoT) devices have become more prevalent and may make every day or business tasks more convenient, they also diminish consumers’ privacy and introduce serious risks, for both users and device developers and manufacturers.”
According to Statista, a leading provider of market and consumer data, there will be 75 billion connected devices worldwide by 2025 (please see here).
Connected Devices
When I think of connected devices I think of business sectors such as
- Utilities (programmable thermostats),
- Residential Security (residential doorbells with surveillance cameras and microphones),
- Smart and Self-Driving Automobiles (onboard computers, infotainment/entertainment systems, and apps) and
- Healthcare (medical devices such as a pacemaker and mobile apps) to name a few.
Benefits
In each instance, these connected business sectors and devices help save money, increase efficiencies and improve our quality of life.
The Risks
The same business sectors and devices can also give hackers and insider threats the opportunity to steal personally identifiable information (PII) leading to any consumer becoming a victim of identity theft.
Think about it, if you can unlock the front door of your house remotely – so can a hacker. If you can start your car or unlock the door locks of your car remotely – so can a hacker?
And if any of your devices or service providers are connected to the cloud to collect, store and/or transfer information – hackers and insider threats can collect, store and/or transfer the same information.
While consumers are excited to have a more connected lifestyle, consumers should also be concerned about the increased risk of identity theft and data breach events.
So what can you do about it?
Consumers can protect themselves in a number of ways including:
- By changing their default usernames and passwords
- Setting strong passwords
- Updating their security software regularly
- Check the device for default privacy and security settings
- Disabling remote access to your IoT devices (where applicable)
Every IoT device comes with a built-in web interface to configure the settings mentioned above. In addition to securing any new smart devices, be sure to configure any existing IoT devices you already have.
Personal Privacy and the Internet Of Things is a concern we should consider seriously and take the precautionary steps needed with these increased risks.
By Mark Pribish
ID Theft Practice Leader
Keywords: #Personal Privacy, #Internet of Things, #Smart Devices, #Identity Theft
