What can you do?
If the retail industry is pushing data protection, the frontline begins with the individual. We all must be vigilant and take measures to protect our data. One way, of course, is to never shop online, but we know perfectly well that not everyone will do this. Like it or not, a company breach or an individual’s breach amounts to the same measure – your data is out there.
Geolocation by IP Address
In fact, consumers are already ahead thanks to Geolocating.
Your credit card company is on the lookout for any suspicious activity that does not reflect your spending habits. Geolocating is, in fact, fairly straight forward. Using digital information (PINs and so on) to locate a user, whether it is you or a fraudster holding your card information, where the number is being used can be quickly traced.
Simply, when you use one of their cards – debit or credit – a text alert will be sent to you within minutes, assuming you have a cellular. If you as rightful owner were the one using the card, then you won’t reply. But if you get an alert when you didn’t authorize usage, the text has a toll free number to contact and file a report.
For some banks, an investigation is launched, but more importantly for the client there will be no responsibility for the unauthorized debt.
But Geolocating is based on your credit card company tracking your every spending move and is collecting staggering amounts of your habits. This, to some, feels uncomfortable, but based on your spending these data banks will be on top of the fraudster before you will be alerted.
Avoid Free or anonymous e-mail address
Hotmail, one of the best well-known free email services, was created on July 4, 1996 attracted 1 million users in its first year and today boasts it has over 1 billion inboxes, but like others to follow, this freebies are gold for fraudsters. What does this mean for criminals? Free email services are virtually untraceable.
You will find there is a higher incidence of fraud or scam coming from free email services than from paid service providers. A business selling a product will use their own domain names and would not use a free email address. Meanwhile, we still must remain on the lookout, because not all domain names are legitimate. This is because fraudsters can register a new domain easily using the stolen credit card information masquerading as an enterprise.
And the password is…
One password was decoded in seconds. Another was decoded in minutes. A third was decoded ten seconds after. That’s all it took for me to crack some user passwords a few years ago. It was easy. Birthdates. Family names. Phone numbers. Getting to know your password is an obsession with hackers. It’s the first step to identity theft, and like with retailer networks, once in on your personal network, your identity is in jeopardy.
This is the first gateway to identity theft – a trend that security experts across the board are saying is on the rise.
The Canadian Anti-Fraud Centre received more than 25,000 calls in 2012 reporting identity theft, phishing, and employment scams. In 2013, the Centre reported 6,275 complaints about ID fraud. The losses added up $11.1 million.
Here is a quick guideline to password creation. Pick a phrase you will remember. Pick all the first or last letters from each word or substitute some letters with numbers and symbols. An “A” would be an @ symbol, or “E” would be a number 3. Apply capitals to some letters and or add punctuation. For example a password phrase like “I had a great day today 2014” would like like 1H@d@Gr3@tD@yT0d@y2014.
A fish that is more than a Phish – same old method
Phishing refers to scams that attempt to trick unsuspecting users into revealing personal information using fake Internet sites and email messages that appear legitimate in an attempt to gain PIN numbers and passwords. These fraudsters also may leverage social networking sites – a farming of personal information sharing that people, mostly because we are trusting by nature, continue to send aimlessly into the digital world. If it looks like a phish?
Corporate breaches occur. It is only going to get worse. What steps can be taken to improve our security posture?
- Use strong passwords! You hear this time and time again but nothing beats a strong password creating by using a string of 12-20 characters, upper and lower case, special symbols, and numbers. Use a pass phrase if it helps you remember! i.e. replace all O’s with zeroes, all L’s with 1s and so on.
- Card card companies use geolocation to make sure that you are making online purchases in and area a physical area or zone. The moment a purchase is made outside of that zone, a flag is raised.
- Card card companies have a handle of on online spending habits and behaviors. If you suddenly purchase handbags when all you’ve been buying are hardware and power tools – they will monitor more closely.
- Always keep your PIN secure. Never tell it to anyone. Shield your inputs when entering pins when out. It is possible that an ATM skimmer has been implemented. Look for anything unusual and out of the ordinary. See if anything has been tampered with.
- High volumes of spam and phishing attempts are initiated using free and anonymous email services. Avoid opening email from strangers. Avoid unknown email accounts that send emails to you.
- Social engineering is sometimes used in conjunction with other attacks. Fraudsters and cyber criminals can learn about you via your social media presence and make smart decisions based on that information. Be careful what you put online, i.e. scheduling vacations, posting dates, putting up pictures as proof you are away from the home
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.