Protecting your Information
It's very disturbing; but, data breaches involving your personal information are now common place. It's in the news, it's no longer what if, it's now when will it happen next.
Sites like HaveIBeenPwned have been created to let you know whether or not your email address has been exposed online.
HaveIBeenPwned lists Seven+ billion account records with well over 340 sites breached. Your information is surely part of at least one of those breaches. Have you looked?
Tools like Google Chrome's new Password Checkup extension take notification a step further and give you some insight to when your passwords on your accounts are affected by data breaches as well. Use these excellent tools to notify you. When notified, take action.
Why has this uptick in breaches occurred? Quite simply, the answer generally leads to money. Your digital life breaks down to a series of links to websites and activity. Those sites you visit give insights in to your habits, those habits can be related to products, those products to stores, stores have credit cards associated with them, and those stores are secured using email addresses and passwords. If you go to many sites, you may experience the urge to re-use the passwords you use on other sites. If you secure those sites with the passwords re-used from a different site, your digit life can easily be hijacked and is at risk.
By breaching a site, and gaining the credentials therein, the criminal can obtain not only your credit card in some cases, but also may gain your username, password, and even more information about you to use elsewhere.
If you do re-use your credentials, the criminal just needs to go to sites that they think you use, and copy/paste your credentials and see if the site lets them in. If they are correct, then they have captured the next piece of your digital identity. You not only have to worry that someone will order something in your name, but, you now have the worry about what other information they now have, and where that information will be sold.
Once criminals have enough pieces, or are able to secure your email account, they can take control of pretty much any site that you use, and sign up for any service they want, linking them back to your account.
Once they have locked you out of your own accounts, your identity is theirs to control.
This is why re-using passwords is one of the biggest mistakes you can make online.
There are things you can do to help secure the sites you visit.
Like using 2 factor authentication on as many sites as you can.
But it's not enough to just enable an extra factor to your authentication sequence. You also have to be aware, and be on the lookout for misuse of your credentials, and pay attention to what pops up on your devices. If you automatically look at your phone and click OK, or Yes to things that pop up without reading what the prompt says, you may have just given a criminal access to what was a secured account. Be aware. Pay attention.
There are a number of resources online you should be aware of, which are put out by our Federal Government partners.
If you suspect identity theft, you can report it to the FBI through www.ic3.gov.
Fraudulent activity on your account can be reported to the Federal Trade Commission at www.ftc.gov/idtheft or www.identitytheft.gov .
All unexplained activity or criminal behavior should be reported to your local police department by calling 9-1-1.
Victims of compromised personal data should be aware of the following commonly used tools and techniques used by criminals to obtain your data.
Spear phishing is a commonly used method to attack people through email. Criminals use your stolen information to create seemingly real and plausible or official looking emails, text messages, or pop up windows to lure you into taking actions that could ultimately compromise your computer or network. Spear phishing scams can also trick you into providing other confidential information which those criminals would then use to access those other accounts.
Social media which includes a very large host of sites including Facebook, Twitter, Google Plus, Instagram, Pinterest, and LinkedIn, all give a criminal a way to connect with their victims. Attackers create a profile, then use it to befriend you. Once you have been deceived, you may be lured in to revealing more information about yourself and intelligence can be gathered about you through your social media posts.
Foreign intelligence and criminal entities often target individuals with access to information that they want.
When criminals, or those that are intent on doing harm need information about you, they don't necessarily need computer based hacking skills, they simply need to be good at manipulation. All they need to do is gain your trust. It can be as simple as bumping in to you at a store, and talking to you for a while, and learning who you are, and what you like through casual conversation, to calling you on your office phone, and asking you simple questions, then leading questions, and finally, possibly questions that are lead with stolen facts, to elicit the secrets which you hold.
When you travel away from your home, you are more susceptible and at greater risk when you encounter unfamiliar people. Your guard may be down because you are away for training, vacation, or some other purpose, and are simply not paying attention. Therefore you should pay extra attention to those that approach you in a friendly manner and seem to have a lot in common with you, especially if they wish to remain in contact with you once you return home. You should also pay attention to social settings where you find you are unusually successful in meeting and impressing others. Seemingly random or foreign acquaintances with heightened interest in your work or whom introduce you to a third party whom want so continue to meet with you should be a cause for alarm.
Remember, keep your situational awareness around you at all times. Be aware, keep in mind the tools and tactics that others would use to capture your digital identity. There are a lot of criminally minded people out there that want your data and what that data can get for them.