By Debbie Walkowski, Security Threat Researcher, F5 Labs
“Why would cybercriminals want to steal my identity? I’m a nobody.” You’re not. Everyone is fair (and likely) game when it comes to identity theft.
Statistically, most cybercriminals tend to eschew “important” and high-value targets. It’s the vast numbers of easy (and easily distracted) targets that are most prominently in their crosshairs. That is true at the best of times, but the COVID-19 pandemic has only intensified and emboldened their hunt for the susceptible and vulnerable.
Identify theft can suddenly and violently turn your life upside down. In some cases, it can send your credit score plummeting and, depending on the type and extent of the fraud, it can take months and thousands to recover.
The following suggestions are best practices for anyone that wants to proactively guard against identity theft:
· Use a password manager. The average person has around 70 to 80 passwords, which inevitably results in hand-written notes. Worse still, according to a Harris Poll conducted by Google, two out of three users admit to reusing passwords across multiple accounts. A password manager is your friend here, helping to create strong, unique passwords for each account. It also encrypts and stores them in a secure password vault – you only need to remember one master password. It is possible for attackers to hack a password manager app, but your encrypted passwords will be useless. If you keep your master password safe, you should be too.
Those still unconvinced about password managers should, at the very least, start creating unique passphrases that use the maximum number of characters allowed. Remember to reset a password immediately if an account is breached. As a general rule, don’t allow your browser to memorize passwords for accounts, and never use your credentials from one site (such as social media) to create an account or sign in to other (third-party) sites. Wherever possible, create usernames that do not include your name, email address, or birthdate clues. This just gives cybercriminals half of the information they need to crack your accounts.
· Use multifactor authentication. Get over being annoyed by the “inconvenience” of multifactor authentication, which requires you to enter a code sent via text message after supplying a username and password. It’s an effective, additional layer of security that should be used for every account that makes it available to you.
· Stop oversharing online. Rethink how and what you share online. Nothing makes you an easier target for identity thieves than a wealth of voluntarily shared personal information. Combine that digital bounty with all the “quiet” data that’s been piling up behind the scenes, and there are criminals that can assume your identity in minutes.
To stay safe, it is a good idea to scrub social media and networking accounts of personal information (date or place of birth, maiden name, mother’s maiden name, address, phone number, pet’s name, hobbies, etc.). Only use the most stringent privacy settings, choose your “friends” carefully (including reporting duplicate friend requests). Resist social media quizzes or games (most are designed to collect personal information). Don’t download apps from unknown sources and be wary of links and/or ads in your social media feed, including those from people you know (since their accounts may have been hacked). Disable location tagging and avoid sharing content like photos if you’re not at home. It is of course impossible to list every precaution, but try to continually ask yourself “why is this information needed? Who does it benefit? Could it hurt my privacy or compromise my identity?”
· Protect your privacy at home. Secure your home wireless network (try these tips from Norton), only use IoT devices that let you change the password and manage security settings, and securely dispose of old phones, laptops, and storage devices. Furthermore, it is important to not overlook “lo-tech” measures like securing your mailbox, collecting your mail daily, opting out of direct mail advertising, and using a crosscut or microcut shredder to discard all documents with personal information (including junk mail). As ever, double check that you don’t leave valuables (i.e. passports, ID cards, wallets) in cars or other publicly accessible places.
· Protect your privacy in public. It’s hard to believe anyone needs this reminder, but public Wi-Fi is incredibly susceptible to eavesdropping. Never use it for online banking, shopping (any activity that involves a credit card), or medical- and health-related services. Do not share private information (such as credit card numbers, date of birth, social security number, or any membership numbers) on voice calls when in public places. You should also protect PINs, membership numbers, and other identifiers when using point-of-sale systems. Pay attention when you swipe a card (beware of hard-to-spot skimmers!) and, remember, cash still works in most places.
Avoid Being an Easy Target
Consumers are often baffled, frustrated, or shocked by the endless variety of clever schemes fraudsters devise to pull off scams. Such is the constant drip-feed of news on the subject that the average person can end up feeling overwhelmed and, in some cases, helpless. In an ideal world, that should never happen and taking a few simple steps (such as those listed above) can make a huge difference. Scammers don’t like obstacles, so the more stumbling blocks you put in their way, the better. The key is to avoid becoming an easy target. Know what you need to do (within your realm of possibility) and remain vigilant about doing it. Nowadays, doing nothing is not an option.