Scams and data hackings are increasingly common – whether it is a credit bureau (Equifax in 2017), a hotel (Marriott in 2018), an online game producer (Zynga in 2019) or federal government agency (OPM in 2015). So what can you do to protect yourself?
Two of the most common scams are phone calls and emails claiming to be from a trusted service provider, like your bank, the Social Security Administration, or the IRS.
In each of these cases, customers’ personal data could be compromised, including:
- Email addresses
- Login credentials
- Credit card numbers
- Birth dates
- Social Security numbers
There may also be fraudulent requests to transfer money by wire, reveal computer login credentials, or purchase gift cards and give fraudsters the numbers above the bar code.
What to do to avoid falling prey?
Below are seven suggestions to protect private information and reduce your chances of becoming a fraud victim:
Practice cyber hygiene
Successful fraudsters successfully reach victims through their “weakest link.” It might be something as simple as a weak password or someone revealing TMI (too much information) online.
Consider your potential fraud exposures (e.g., reusing the same password/user name combination). While nobody is 100% immune from fraud, the objective is to make yourself a harder target so fraudsters find victims elsewhere.
Mix up your log-in credentials
Fraudsters know that most people use the same username and password in multiple places. When they obtain personal information from a data breach or the Dark Web, they try to exploit it in multiple places using scripts, a process is known as “credential stuffing.” It will probably take several hours to create a multitude of unique passwords. Once you are done, be sure to record them in a digital assets inventory.
Click cautiously
Some people accidently click on links, or even photos that take them to a website that requests personal data or installs malware on their computer that later obtains sensitive data. Often, this happens as a result of a phishing email.
A good cyber hygiene practice is to not click on any link if you do not know the sender and/or you receive a cryptic message (e.g., check this out!) and do not know what the link is for.
Another hygiene practice is using strong passwords with a variety of types of characters.
Set up two-factor authentication
Every personal website should have a two-factor authentication process where a unique one-time password is sent via email or a text message and is necessary to access an account.
Personal websites such as:
- Banks
- Investment accounts
- Pension
- Social Security
Some accounts also have challenge questions for account access. Typically, two-factor access is a very simple process to set up through the “settings” and “privacy” functions on a website.
Again, it’s all about not being an easy target.
Update your computer
Another piece of cyber hygiene is keeping an operating system current by installing updates as they become available. Ditto for anti-virus and anti-malware programs.
Some experts also advise using a password manager program with two-factor authentication as well as strict privacy settings for social media. Another common recommendation is text alerts or emails from financial institutions when making changes to an account.
Stay current
Many pundits are predicting a future without passwords. Instead, there will be new authentication protocols such as facial biometric scans and fingerprint swiping.
Another promising protocol is behavioral monitoring of users’ typical spending patterns to identify “out of the ordinary” behavior.
“Keeping current” also means paying attention to scams that feed off current events such as COVID-19, tax season, wars and natural disasters.
For more information about keeping information safe, review the Consumer Financial Protection Bureau website.
If you're a member of Arizona Financial, be sure to take advantage of ID ProtectTM, a FREE identity theft protection service that is included with your membership.