YOU are the first line of your own defense for fraud prevention
We are already starting to see the massive impact that COVID-19 is having on the global economy. And as unemployment rates explode, cybercrime and fraud will grow as well and the FBI has already reported seeing a sharp rise in fraud schemes due to the pandemic.
So how do you protect yourself against identity theft and other fraudulent scams, especially in this new person-not-present world?
The truth is that most of us only think about taking steps to protect ourselves after someone steals our identity or makes fraudulent purchases with our credit card information.
With a record number of massive data breaches last year, personal information is readily available for mere pennies on the dark web. A fraudster only needs to get hold of a couple pieces of your personal information and they can start creating a fraudulent identity. Given that most branch offices are currently closed because of the pandemic, cybercriminals can exploit online channels to perpetuate identity theft.
Here are some simple ways you can protect yourself:
- Banking
Most banks have a mobile app which you can set to notify you anytime a transaction is made. Monzo, a digital bank out of the UK, is a perfect example. You can set your Monzo app up to send an SMS-based notification whenever there’s a card-not-present transaction on your account. You need to enter your PIN in the app in order to approve each online purchase.
Never share your banking information with anyone. Banks will never ask for your account numbers or PIN numbers via email or text. They will always redirect you to log into your online banking account. If they provide a number to call, check your bank’s website to verify the number is legitimate. When in doubt, call the bank customer service line. And review your online statements frequently to ensure there are no suspicious transactions.
- Email phishing
Phishing attacks are rife at the moment and cybercriminals are taking advantage of COVID-19 fears in a number of ways. We’ve already seen media reports about email scams advertising cheap face masks and hand sanitizers. But as unemployment rates hit record numbers, expect phishing scams to also increase.
During the Great Recession, fraudsters impersonating the US government sent emails claiming that recipients needed to click on a link and provide personal information in order to complete their application for unemployment benefits. Even if an email looks legit, hover over the link and you’ll be able to see the actual redirect location. Anyone can create a hyperlink to mask the actual web link they’re sending you to. Most banks won’t ask customers to click on a link to view important information but will instead direct you to log into your online account via the app or website to view additional messaging.
- Social media
If your social media profiles are public then make sure you’re conscious of the personal data that you’re sharing – you’re basically giving the world access to valuable personal information free of charge.
Knowledge-based authentication is a legacy form of login protection that asks personal questions that only you should know the answer to. Some businesses use this technology if you try to reset a password or if you log into your account from a foreign or unusual IP address. The type of questions typically involve the name of your high school, where you were born and the make or model of your first car. If I’m on your Facebook profile and you’ve filled out the “About Me” section, I’ve just been able to answer two of those three questions, if not all of them. Data breaches exposed 4.1 billion records in just the first six months of 2019, and you can bet most of this information is already available on the dark web, giving cybercriminals even more ammo against you.
- Date of birth
We all love getting those birthday messages on Facebook once a year, but please stop putting your full birthdate on Facebook! Remove the year at the very least. When you set up anything online, nine times out of ten, you’re going to be asked for your DOB.
- Phone number
While on the subject of information often readily shared on social media – let’s talk about your mobile phone number. Some of you still have your number on your public Facebook page and some of you still post it on your wall when you get a new number.
You’re handing a fraudster your phone number, your full name, your DOB and all these other little tidbits of personal information that they can use for SIM swapping – this is when a fraudster requests a new SIM card from your phone company for your phone number. Just think about what someone could do if they had access to your SIM card! They could access all your social media accounts, your banking apps, your Uber account, even your Deliveroo. They’ll be rich, well fed and driven around by a chauffeur within the hour.
- Photos
Always check your photos before you post them online. You’d be amazed at the type of software that people have access to that can enhance the clarity on that picture you took with your bank card visible in the background. Also, if you’re traveling (or reminiscing about travelling), never post a full photo of your boarding pass since there’s actually sensitive information about your passport buried in that boarding pass. If you want to post a photo of that boarding pass with a cocktail in the background, make sure you cover the majority of your ticket with your passport – but only the front cover of your passport, not your open passport!
These are just small changes you can make to protect your identity. We’re all spending more time online now so be vigilant, keep your personal information safe and report any type of suspicious fraudulent activity to your bank or social media accounts as soon as possible.
You are your first line of defense against fraud.
By Michelle Whiteford, director of global online marketing, Jumio