Widespread data hackings are increasingly common, whether it is a credit bureau (Equifax in 2017), a hotel (Marriott in 2018), an online game producer (Zynga in 2019) a federal government agency (OPM in 2015), or an Internet media company (Yahoo! in 2016). Another common scam is phone calls and e-mails claiming to be from a bank...or Social Security...or the IRS.
In each of these cases, customers’ personal data including e-mail addresses, log-in credentials, credit card numbers, birth dates, and Social Security numbers can be compromised. There may also be fraudulent requests to wire transfer money, reveal computer login credentials, or purchase gift cards and give fraudsters the numbers above the bar code.
What to do to avoid falling prey to scams? Below are seven suggestions to protect private information and reduce your chances of becoming a fraud victim:
Practice Cyber Hygiene- Successful fraudsters successfully reach victims through their “weakest link.” It might be something as simple as a weak password or someone revealing TMI (too much information) online. Consider your potential fraud exposures (e.g., reusing the same password/user name combination). While nobody is 100% immune from fraud, the objective is to make yourself a harder target so fraudsters find victims elsewhere.
Mix Up Your Log-In Credentials- Fraudsters know that most people use the same username and password in multiple places. When they obtain personal information from a data breach or the Dark Web, they try to exploit it in multiple places using automated scripts, a process known as “credential stuffing.” It will probably take several hours to create a multitude of unique passwords. Once you are done, be sure to record them in a digital assets inventory.
Click Cautiously- Some people are tricked into clicking on links, or even photos, that take them to a website that requests personal data or installs malware on their computer that can be executed later to obtain sensitive data. Often, this happens as a result of a phishing e-mail. A good cyber hygiene practice is to not click on any link if you do not know the sender and/or you receive a cryptic message (e.g., check this out!) and do not know what the link is for. Another hygiene practice is using strong passwords with a variety of types of characters.
Set Up Two-Factor Authentication- Every personal website of consequence (e.g., bank and investment accounts, pension, Social Security) should have a two-factor (a.k.a., two step) authentication process where a unique one-time password is sent via e-mail or a text message and is necessary to access an account. Some accounts also have challenge questions that must be answered for account access. Typically, two-factor access is a very simple process to set up through the “settings” and “privacy” functions on a website. Again, it’s all about not being an easy target.
Freeze Your Credit- A credit freeze blocks access to credit reports to prevent fraudsters from opening credit in a potential identity theft victim’s name. It, therefore, provides an extra layer of fraud prevention protection. Freezes must be done with each of the “big three” credit bureaus (Equifax, Experian, and TransUnion) individually. They do not affect a person’s credit score and there is no cost to freeze credit or to “thaw” (unfreeze) it for a short time to apply for a bank account, line of credit, or utility service. A PIN or password is typically provided for this purpose.
Update Your Computer- Another piece of cyber hygiene is keeping an operating system current by installing updates as they become available. Ditto for anti-virus and anti-malware programs. Some experts also advise using a password manager program with two-factor authentication as well as strict privacy settings for social media. Another common recommendation is text alerts or e-mails from financial institutions when changes are made to an account.
Stay Current- Many pundits are predicting a future without passwords. Instead, there will be new authentication protocols such as facial biometric scans and fingerprint swiping. Another promising protocol is behavioral monitoring of users’ typical spending patterns to identify “out of the ordinary” behavior. “Keeping current” also means paying attention to scams that feed off current events such as COVID-19, tax season, wars, and natural disasters.
For more information about keeping information safe, review this Consumer Financial Protection Bureau website.
This post provides general personal finance or consumer decision-making information and does not address all the variables that apply to an individual’s unique situation. It does not endorse specific products or services and should not be construed as legal or financial advice. If professional assistance is required, the services of a competent professional should be sought.