Small business owners and consumers are prime targets for fraudulent activities. We can hope we do not become a victim, but if we get complacent and think “it will never happen to me,” stats show it is only a matter of time. But if we take a proactive approach in understanding the top threats, we can absolutely protect ourselves.
We all hear a lot about identity theft, yet many people I talk to are still not very clear on the details. Identity theft is simply when a thief compromises someone else’s personal details in hopes to benefit financially. When your identity is compromised, you are left with a negative credit history, large debt, and legal implications. All of these results leave you overwhelmed with anxiety, uncertainty of their financial future, and consume enormous amounts of your time. Understanding how identity theft is accomplished by thieves helps you build up your arsenal to prevent becoming a victim.
Where do thieves get your personal information to perform identity theft?
One of the most popular sources for thieves is the Internet. The Internet contains a trove of personal information including our birth date, address, purchases, spouse and family, taxes, social media postings, legal disputes, etc. All that is needed by thieves is a little time and the ability to put together a few pieces of information.
TIP: When asked for my birthdate on social media (Twitter, LinkedIn, Facebook) I never put my actual birthdate. Do not just change the year to appear younger. Change month and day to stop cyber thieves trying to get credit in your name and/or in stealing your identity.
But there are other popular ways to steal our identity such as by phone, fax, and mail scams. These are often targeted at elderly by a convincing sounding thief with a strong grasp on social engineering. Once a thief has done some homework and harvested info on their target, they can begin to win over trust in their victim for more personal information. Perhaps they scan your social media feeds for a connection from the past. If they find no connection to that person, they then pretend they are that person. Soon you might be reminiscing the good old days of high school, rather than focusing on the scam you are being lured into and the imposter thief has enough info to steal your identity.
TIP: If someone asks you personal questions and you are not sure who they are – STOP. Always ask for their name, phone number, and email, and tell them you will get right back to them, or just ask a few specific questions they should know. Either turn the questions onto them or politely remove yourself from the conversation in order to do more research into their story.
Some thieves get to your personal information the good old fashion way—by rifling through your mail. They do this by observing the amount of time that passes between the mail delivery and when you actually retrieve it from your mail box. The longer it sits in the box, the more opportunity they have to steal, reproduce, or even create a fictitious piece of mail to suck you into their scam. They may also resort to dumpster diving for personal information they can use against you. Garbage theft takes all of five seconds while a thief pulls a few of your garbage bags into their vehicle and drives off with tidbits of information you disposed of, alongside those old leftovers you never got around to eating.
TIP: Get into the habit of shredding ALL mail and paperwork you no longer need. That way you do not even have to judge the value of the material to a thief. This includes personal information about you and your family, bank statements, receipts, credit card applications, utility bills. By shredding everything, you avoid letting anything slip through your radar. I recommend a micro-cut shredder that provides a high level of security by obliterating your documents into over 2000 tiny pieces of confetti. Lower cost ‘strip-cut’ and ‘cross-cut’ shredders create shreds that can be easily pieced back together using automated software and a scanner. Make sure the shredder you use is ‘micro-cut.’
Millions of email scams and fake Websites have been created to lure in unsuspecting victims. What do they want? Passwords. Some will notify you that someone attempted to hack your account under the guise of warning or protection, while others are simply testing your attention to detail or gullibility. All phishing scams are designed to fool us into a sense of familiarity in order to lower our guard. Every day 80,000 people click on a link embedded in an email from someone they don’t know only to fall victim of a phishing scam.
TIP: Do not give out your password to anyone, and never click on an email attachment unless you are 100% sure of its origin. When in doubt, call and verify that the person did in fact send you an attachment.
Debit/Credit Card Fraud
Common thieves will steal your debit or credit card to use a few times before they move onto their next stolen card. Cyber thieves might also steal your cards, but they only care about the data on that magnetic stripe. And this crime isn’t just limited to Internet hackers. Parking garages, restaurants, gas pumps are all opportunities for a thief to swipe your cards into a reader that copies your mag stripe data before they run the actual charge. It only takes a second to make an extra swipe onto a covert card reader, especially if they are not in your view the whole time.
TIP: Don’t let your credit card out of your sight. Get up and walk over to where they swipe the card and watch closely. I do not recommend using debit cards as they are like cash. Getting your money back from a debit hack is not nearly as straightforward as with credit card fraud. I write on the back of my credit cards ‘PLEASE CHECK ID BEFORE RUNNING’ so they ask for license to validate it is me and not someone that has compromised my card. When in doubt, just use CASH.
The first printed checks appeared way back in 1762. A check is a document that orders a bank to pay a specific amount of money from an account to the person in whose name the check has been issued. Over the years, criminals have learned how they can alter a check for financial gain. I recently had the privilege of meeting Frank Abagnale Jr., one of the foremost authorities on check forgery and subject (as played by Leonardo DiCaprio) of the 2002 Steven Spielberg film ‘Catch Me If You Can.’ I met him at the IBM2 Summit security conference held in Washington, D.C. Back in his criminal days, Frank was the ultimate identity thief, assuming eigh different identities including lawyer, physician, and airline pilot. He served five years in prison for his crimes, but then began to serve the FBI for the next 40 years, as a security consultant. In his keynote, Frank shared how he learned the checking system and was able to alter a check relatively easily including the payee and amounts, duplicate checks, creating counterfeit ones, or just deposit checks with insufficient funds. There are now many more security checks in place to prevent check fraud, thanks to Frank’s expertise and willingness to share.
TIP: Reconcile your accounts promptly to detect any suspicious activity. Never sign blank checks and make sure you limit the number of signatures on your account.
Scott Schober, BVS president/CEO, cybersecurity expert, author of Hacked Again www.ScottSchober.com