Widespread data hackings are increasingly common, whether it is a credit bureau (Equifax in 2017), a hotel (Marriott in 2018), an online game producer (Zynga in 2019) a federal government agency (OPM in 2015), or an Internet media company (Yahoo! in 2016). Another common scam is phone calls and e-mails claiming to be from a bank...or Social Security...or the IRS.
In each of these cases, customers’ personal data including e-mail addresses, log-in credentials, credit card numbers, birth dates, and Social Security numbers can be compromised. There may also be fraudulent requests to wire transfer money, reveal computer login credentials, or purchase gift cards and give fraudsters the numbers above the bar code.
What to do to avoid falling prey to scams? Below are seven suggestions to protect private information and reduce your chances of becoming a fraud victim:
Practice
Cyber Hygiene- Successful fraudsters successfully reach
victims through their “weakest link.” It might be something as simple as a weak
password or someone revealing TMI (too much information) online. Consider your
potential fraud exposures (e.g., reusing the same password/user name
combination). While nobody is 100% immune from fraud, the objective is to make yourself
a harder target so fraudsters find victims elsewhere.
Mix
Up Your Log-In Credentials- Fraudsters know that most people
use the same username and password in multiple places. When they obtain
personal information from a data breach or the Dark Web, they try to exploit it
in multiple places using automated scripts, a process known as “credential
stuffing.” It will probably take several hours to create a multitude of unique
passwords. Once you are done, be sure to record them in a digital assets inventory.
Click
Cautiously- Some people are tricked into clicking on
links, or even photos, that take them to a website that requests personal data
or installs malware on their computer that can be executed later to obtain
sensitive data. Often, this happens as a result of a phishing e-mail. A good
cyber hygiene practice is to not click on any link if you do not know the
sender and/or you receive a cryptic message (e.g., check this out!) and do not
know what the link is for. Another hygiene practice is using strong passwords
with a variety of types of characters.
Set
Up Two-Factor Authentication- Every personal website
of consequence (e.g., bank and investment accounts, pension, Social Security)
should have a two-factor (a.k.a., two step) authentication process where a
unique one-time password is sent via e-mail or a text message and is necessary
to access an account. Some accounts also have challenge questions that must be
answered for account access. Typically, two-factor access is a very simple
process to set up through the “settings” and “privacy” functions on a website.
Again, it’s all about not being an easy target.
Freeze
Your Credit- A credit freeze blocks access to credit
reports to prevent fraudsters from opening credit in a potential identity theft
victim’s name. It, therefore, provides an extra layer of fraud prevention
protection. Freezes must be done with each of the “big three” credit bureaus
(Equifax, Experian, and TransUnion) individually. They do not affect a person’s
credit score and there is no cost to freeze credit or to “thaw” (unfreeze) it
for a short time to apply for a bank account, line of credit, or utility
service. A PIN or password is typically provided for this purpose.
Update
Your Computer- Another piece of cyber hygiene is
keeping an operating system current by installing updates as they become
available. Ditto for anti-virus and anti-malware programs. Some experts also advise
using a password manager program with two-factor authentication as well as
strict privacy settings for social media. Another common recommendation is text
alerts or e-mails from financial institutions when changes are made to an
account.
Stay
Current- Many pundits are predicting a future without
passwords. Instead, there will be new authentication protocols such as facial
biometric scans and fingerprint swiping. Another promising protocol is
behavioral monitoring of users’ typical spending patterns to identify “out of
the ordinary” behavior. “Keeping current” also means paying attention to scams
that feed off current events such as COVID-19, tax season, wars, and natural
disasters.
For more
information about keeping information safe, review this Consumer Financial
Protection Bureau website.
This post provides
general personal finance or consumer decision-making information and does not
address all the variables that apply to an individual’s unique situation. It does
not endorse specific products or services and should not be construed as legal
or financial advice. If professional assistance is required, the services of a
competent professional should be sought.