Combating The Data Breaches
DATA BREACH ACTIVITY
Like many of you, I’m a victim of having my personal information accessed or stolen through several data breaches … almost too many to count. Being in the Cyber Security and Information Assurance fields for 35+ years, I’m typically on alert. Well, here’s something that just happened. In my inbox was an email from my bank requesting me to fill out a satisfaction survey to rate a customer service agent. The problem was that it was about rating a phone call that I did not make to my bank. In order for that satisfaction survey email to be sent, the caller had to have given the bank at least the last 4 digits of my SSN and had some type of a conversation with the agent. I immediately called the bank, and together we put some fail-safes into place to prevent this situation from happening again. I’ll discuss some of those things with you below.
Here’s the scenario that could have taken place by the unauthorized caller. Once the hacker is having a “conversation” with the customer service agent on the other end, he simply asks questions to confirm things like, “I have three email addresses, which email address do you have for me?” Now he has my email address if the agent hasn’t been trained on responding with giving out only part of the email address as confirmation. The list of examples I can give goes on, and I could spend hours here discussing the topic. And I do know this is probably not just the work of a single hacker, but a conglomerate of hackers working together to gather up my information and build a profile.
VERBAL PASSWORD
The first reason for this post is let you know about a “Verbal Password”. If you don’t have one, call your bank (or banks, utilities, & credit card providers) and establish one now. If anyone makes a phone call into your financial provider to access your account, they must verbally give that password to continue. If the agent doesn’t get the correct verbal password, the caller will be rejected and the attempt to access your account will be documented. Typically an experienced hacker will hangup and not even try to guess this password.
CHANGE YOUR IDs NOT JUST YOUR PASSWORD
There’s other security measures you can make like changing your login ID. Usually a hacker is locked out by making multiple attempts trying to guess your password. But if you change your IDs, it’s just another hurdle they have to overcome to gain access to your online account. Changing your ID can be as simple as keeping your basic ID and combining it with a new random 2-digit number or characters once a year.
FREEZE YOUR CREDIT
When you’re not applying for a loan or getting a new credit, freeze your credit. It’s easy to do and doesn’t take too long to “unfreeze” when you’re ready to get that big loan or swap out credit cards. Read about the details below. The CBS link gives a nice intro. The Government article gives you links to each of the credit bureaus to contact. You can typically access the credit bureaus via your banking or credit card apps on your phone as well.
See:
- CBS Article: https://www.cbsnews.com/news/how-to-freeze-your-credit/
- USA.Gov Article: https://www.usa.gov/credit-freeze
The three major credit reporting agencies are:
GMAIL CAN BE YOUR FRIEND
If you use Gmail (Google Email), you can create multiple addresses automatically by simply adding a “+” (plus sign). When adding or creating an email address to your account – i.e. bank, vendor website, online shopping – add a plus sign and a word to identify what you’re using the email address for.
For example:
- Example Gmail Email Address: [email protected]
- Shopping: [email protected]
- Credit Card: [email protected]
- Online Retailer: [email protected]
- Surveys: [email protected]
The advantages to doing this allows you to not only track, sort, and filter correspondence, but it also will reveal the source of who released or shared your email address (without your authorization) when you start to receive outside advertisements or junk mail.
For Details, See:
IN CLOSING (LAST WORDS)
Remember, you want to beat these criminals to the punch. Start applying safeguards now before they gain access to your accounts and create financial difficulties for you later.
— JJ
