CONSUMER COMPROMISE PREVENTION
Breaches happen daily in today’s cybersecurity environment, which is certainly not unexpected. The regular consumer is heavily impacted by cyber-attacks targeting them directly and breaches that happen resulting in your personal information being exposed. Below is a quick and easy list of things that you should consider doing to prevent a compromise, as well as some considerations to take into account when dealing with a compromise.
Preventing a Compromise
- Use Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring two or more verification methods to access your accounts. For example, when you log in, you might be asked for a password (something you know) and a code sent to your smartphone (something you have). This makes it much harder for hackers to access your accounts, even if they have your password.
- Create Unique and Strong Passwords: Avoid using easily guessable passwords. Instead, create complex passwords that include a mix of letters, numbers, and special characters. Each account should have a unique password to prevent a single breach from compromising multiple accounts. If you have difficulty remembering many unique passwords, you are not alone. See below for information on password managers. Remember, when using a password manager, it contains all your passwords, so make sure to secure it properly! Alternatively, ensure any physical documentation containing passwords is in a secure spot where no one else can access them (Safe, locked door, etc).
- Use a Password Manager: A password manager can help you generate and store strong, unique passwords for all your accounts. This way, you only need to remember one master password. To secure your password manager:
- Create a Strong Master Password: This is the key to all your other passwords, so make it long and complex.
- Enable Multi-Factor Authentication (MFA): Adding MFA to your password manager provides an additional layer of security.
- Use Biometric Authentication: If available, use fingerprint or facial recognition to access your password manager. This can make mobile use easier while maintaining a strong password.
- Common Examples: Bitwarden (Free options available), Keeper, and 1Password. These are just a few examples of good options. There are many available!
- Do Not Respond to Unsolicited Emails and Phone Calls: Avoid unsolicited communications asking for personal information. Scammers often use phishing emails and phone calls to trick you into revealing sensitive data. Verify the legitimacy of the request before responding. Legitimate companies will never request your password to log into your bank, email, etc. Never give out your credentials, and always be suspicious of people with unsolicited requests. Phone, Email, and Text scams are extremely common and come in many forms; below are some common examples.
- Microsoft Tech Support Fraud: Scammers pose as Microsoft tech support, claiming your computer is infected and urging you to call a number or download software.
- Bank Impersonation Scams: Fraudsters pretend to be from your bank, asking for account details or personal information to “verify” your identity.
- Fake Package Delivery Notifications: Emails or texts claiming an issue with package delivery, prompting you to click a link or provide personal information5.
- IRS or Tax Scams: Calls or emails claiming you owe back taxes and threatening legal action if you don’t pay immediately.
- Friend or Family Emergency Scams: Scammers impersonate a friend or family member in distress, asking for money to be sent urgently.
- Lottery or Prize Scams: Notifications claiming you’ve won a lottery or prize but requiring you to pay a fee to claim it.
- Charity Scams: Fraudulent solicitations for donations to fake charities, often following natural disasters or other crises.
Key tips to stop falling for phishing emails:
- Avoid Clicking on Suspicious Links: Always hover over links to check their actual destination before clicking. Alternatively, bookmark the websites you regularly visit so you do not need to follow links in any of the notifications that you receive. Whenever possible, go directly to the source rather than using a link provided in a random email.
- Example: I received a phishing email stating there was fraudulent activity on my Bank account. In order to resolve this issue, a link is provided to log into my account. This link will bring me to a website that looks like my Bank’s website but is actually just a duplicate used to steal my password and username. If I do not know 100% that this is legitimate, I should not click on that link. Instead, you can check your bank account through your regular means, call your bank using a phone number you know (not one included in the email), log into your bank account using a bookmark you saved, or just pull up your Bank app and check your recent activity.
- Do Not Download Attachments: Be wary of downloading attachments from unknown or unexpected sources. Attachments can contain malware used to infect your computer.
- Verify the Sender: Double-check the sender’s email address for any inconsistencies or misspellings.
- Look for Common Red Flags: Watch out for urgent requests, threats, or offers that seem too good to be true. These tactics are used to scare recipients into thinking they should or cannot ignore this email.
- Keep Your Computer and Software Updated: Regularly update your operating system, antivirus software, and other applications to protect against the latest security vulnerabilities. Enable automatic updates whenever possible.
- Patch Security Vulnerabilities: Updates often include patches for security vulnerabilities that hackers can exploit. By keeping your software up-to-date, you protect your system from these threats.
- Protect Against Malware and Viruses: Updates can include new definitions and protections against the latest malware and viruses, helping to keep your system secure.
- Enhance Security Features: Updates can introduce new security features and improvements, providing better data protection.
- Freeze Your Credit: By freezing your credit, you can prevent unauthorized access to your credit report, making it harder for identity thieves to open new accounts in your name. Contact the major credit bureaus (Equifax, Experian, and TransUnion) to initiate a freeze. If you need to unfreeze your credit, you can request a temporary thaw or a permanent freeze removal. This can be done online, by phone, or by mail, and it typically takes about an hour to take effect. Remember, data breaches happen every day. If a company with your information loses your data to a hacker, there is no turning back time; that information is out there. Below are just a few notable examples.
- National Public Data Breach (2023-2024): 2.9 billion records, including Social Security numbers, names, and addresses, were stolen.
- AT&T Data Breach (2024): Tens of millions of AT&T customers had their personal data, including Social Security numbers, leaked online.
- Equifax Breach (2017): The personal information of 147 million people, including Social Security numbers, was exposed.
What to Do If Your Accounts Are Hacked
If you suspect that one or more of your accounts have been compromised, take the following steps immediately:
- Change Your Passwords: Change the passwords for all your accounts, starting with the hacked ones. Ensure the new passwords are strong and unique.
- Enable Multi-Factor Authentication (MFA): MFA can be enabled to stop most compromises; if it has not already been enabled, do it as soon as possible.
- Scan for Malware: If you suspect potential malware on your system. Run a full scan on your computer and devices using reputable antivirus software to detect and remove any malware.
- Common Examples: Many reputable products are available for consumers; some popular options include Bitdefender, Norton 360 Antivirus, and Malwarebytes.
- Check Account Settings: Review the settings of your hacked accounts for any unauthorized changes, such as email forwarding rules or linked accounts.
- Report the Compromise: Report the incident to the relevant provider (e.g., your email provider, social media platform, bank) and follow their instructions for securing your account.
- Freeze Your Credit: As noted above, this is especially useful when preventing a bad actor with your information from opening credit lines or accounts in your name.
- Consider Professional Help: If the compromise is severe or you are unsure how to proceed, consider seeking help from a professional.