The Equifax data breach was a keystone moment that lead many companies to reevaluate their own cybersecurity precautions. Because of the careless handling of private information from one of the three largest credit reporting agencies in America, about half of US social security numbers, credit cards numbers, and driver’s license numbers (among other private information) is now available on the Dark Web.
But it’s not just headline-worthy cyber-attacks that cause innocent people financial heartache; false billing, identity theft, email viruses, fake investments, online shopping cons, and other phishing scams make it exceedingly difficult for the public to maintain their personal and financial privacy.
With over thousands of cyber-attacks happening each month, there is a good chance that even you have been a target. For that reason, it’s critical to stay educated about the latest phishing scams and how to protect yourself.
What is Phishing?
Phishing is a kind cybercrime where scammers contact their target(s) through email, telephone, SMS, or social media direct messages by posing as a legitimate person or trusted institution. Once contact is made, their goal is to trick the recipient(s) into divulging sensitive data such as personally information, passwords, and banking and credit card numbers.
When phishers pose as a legitimate source, they often steal a company’s identity or branding (i.e. colors, logo, and website layout) to dupe consumers into entering their credentials. Once this sensitive information has been seized, cyber scammers use it to gain access to email, back accounts, credit cards numbers, and other private information.
According to Scam Watch, individuals and companies lost $83,561,599 globally to cyber scams in 2016. Already this year, 2017, losses are approaching $65 million. Although, the dollar amount lost has dropped, the year isn’t over. Plus, the full ramifications of the Equifax breach are unknown… and we would be foolish to underestimate the impact.
How Do I Keep Myself Off The Hook?
Think Before You Click: Before you click a link in an email, be sure you investigate who the sender is. Additionally, view the details of the email, to see the actual sender's email address. If you don’t recognize it, don’t click the link.
Similarly, reputable companies will rarely (if ever) ask you to enter your information into the body of an email. For this reason, be weary of any email asking for financial information, social security numbers, and passwords.
These same recommendations should be considered for SMS as well. If a message is from an unknown sender, think twice before clicking. Often scammers will write messages such as: “Hey, I found these pictures of you online,” and “You might find this interesting…” or, “You will never believe what they say about you on [insert website].” Don’t let this false sense of urgency blind your judgement.
Check Your Accounts Regularly: While credit cards, email, and online banking have amazing security features, it’s still worth it to take a look at your account regularly. Do a quick check to ensure there is no suspicious activity happening. This is particularly important after the Equifax data breach.
Consider enrolling in identity theft protection and credit file monitoring. Equifax is actually offering a year subscription toTrustedID for free. If you’ve been following the news you may be asking, doesn’t this give up my right to sue Equifax? While enrollment in the TrustedID program did originally include a clause that limited the consumers’ legal rights, due to mass public outrage, Equifax changed their terms and removed this provision.
Even with TrustedID, Equifax won’t be able to monitor your account as closely as you will. For that reason, be sure to check you bank and credit card statements vigilantly.
Change Your Passwords: The Federal Trade Commission recommends you change your password if:
- You believe your password has been stolen
- If you shared your password with a friend
- If you noticed someone looking over your shoulder while typing it in
- If you believe you may have just giving your password to a phishing website
- If your password is weak
However, changing your password just for the sake of changing it is not necessary. The FTC found that frequent password changes actually caused users to behave less securely online. Creating a strong complex password from the get go may be a better approach for cyber safety.
Use Firewalls: A firewall provides a barrier between your network and harmful intrusions. By actively monitoring incoming and outgoing traffic, you can reduce your chances of becoming a victim of malware, ransomware, spyware, etc.
When searching for an appropriate defense to today’s technological threats, find an IT service that provides a Next Generation Firewall (NGFW) for greater protection against the latest malware. This is particularly important for any business dealings with clients’ confidential/sensitive information.
Investigate Friend Requests and Follows: Scammers are notorious for creating fake Facebook profiles in order to gain access to information you restrict to “friends only.” For this reason, be sure to investigate their profile before accepting their friend request. If you believe it’s a fake profile, reject the friend request immediately.
Signs of a fake account may include:
- Only a few pictures
- Suggestive selfie profile pictures
- Little recent activity/black wall
- Few to no mutual friends
Develop with a Secure CMS: If you’re a business owner looking to keep your websites running like a top while ensuring a higher level of security, find a digital marketing firm that develops sites with SilverStripe. This CMS takes a proactive approach by providing both server and application security as well as superior access controls, a web application firewall (WAF), and Code Care for better patches.
Where Do We Go From Here
Unfortunately, ransomware and malware keeps adapting to the latest forms of protection, which means you have to keep updating your security measures as well. However, it also means that you have to be vigilant about monitoring your accounts and the websites you visit.
If a URL doesn’t have a SSL Certification be extremely weary of entering your personal information. Moreover, if you’re the owner of an ecommerce site or a business that requires visitors to enter credentials, ensure your customers safe browsing by transitions to an HTTPs encryption. Interestingly, Google is considering SSL Certifications as a ranking signal to reward safe sites.
Ultimately, to avoid being phished, it’s imperative that you stay informed and excise caution whenever entering personal data online, accepting stranger’s friend requests, and clicking emails links. Lastly, if you are a business owner who wants a higher level of security on your website for both you and your customers, contact Werkbot to learn more about our process.