Click icon to read as PDF
Consumers may be at risk for many years.
1) How long should you worry about identity theft in the wake of the Equifax hack? The correct answer might turn out to be “as long as you live.” If your personal data was copied in this cybercrime, you should at least scrutinize your credit, bank, and investment account statements in the near term. You may have to keep up that vigilance for years to come.
Cybercrooks are sophisticated in their assessment of consumer habits and consumer memories. They know that eventually, many Americans will forget about the severity and depth of this crime – and that could be the right time to strike. All those stolen Social Security and credit card numbers may be exploited in the 2020s rather than today. Or, perhaps these criminals will just wait until Equifax’s offer of free credit monitoring for consumers expires.
2) Did Equifax actually have its data breached twice this year? Yes, on September 18, Equifax said that their databases had been entered in March, nearly five months before the well-publicized, late-July violation. Its spring security effort to prevent another hack failed. Bloomberg has reported that the same hackers may be responsible for both invasions.2
3) Should you accept Equifax’s offer to try and protect your credit? Many consumers have, but with reservations. Some credit monitoring is better than none, but those who signed up for Equifax’s TrustedID Premier protection agreed to some troubling fine print. By enrolling in the program, they may have waived their right to join any class action lawsuits against Equifax. Equifax claims this arbitration clause does not apply to consumers who sought protection in response to the hack, but lawyers are not so sure.1
4) Should you freeze your credit? Some analysts recommend this move. You can request all three major credit agencies (Equifax, Experian, TransUnion) to do this for you. Freezing your credit accounts has no effect on your credit score. It stops a credit agency from giving your personal information to a creditor, which should lower your risk for identity theft. The only hassle here is that if you want to buy a home, rent an apartment, or get a new credit card, you will have to pay a fee to each of the three firms to unfreeze your credit.1
5) How can I try to improve my level of protection? Change your account passwords; this simple measure could really strengthen your defenses. Choose two-factor authentication when it is offered to you – this is when an account requires not just a password, but a second code necessary for access, which is sent in a text message to the account holder’s mobile device. You can also ask for fraud alerts to be placed on your credit reports, but you must keep renewing them every 90 days.1
6) What other tools can help watch over your statements? If your bank, credit union, or credit card issuer does not offer identity theft protection and credit monitoring, consider free apps such as Credit Karma, Credit Sesame, and Clarity Money. Apart from simply protecting your credit and bank accounts, programs like EverSafe, Identity Guard, IDShield, and LifeLock have the capability to scan the “dark web” where personal information is sold in addition to monitoring your credit reports. (You may be able to take advantage of a free, 30-day trial.)1
When a pillar of worldwide credit reporting has its data stolen twice in five months, the trust of the public is shaken. The lesson for the consumer, as depressing as it may be, is not to be too trusting of the online avenues and vaults through which personal information passes.
1 – time.com/money/4947784/7-questions-you-must- keep-asking-about-the-equifax-hack/ [9/20/17]
2 – bloomberg.com/news/articles/2017-09-18/equifax-is-said-to-suffer-a-hack-earlier-than-the-date-disclosed [9/18/17]
How can you protect yourself against ransomware, phishing, and other tactics?
Imagine finding out that your computer has been hacked. The hackers leave you a message: if you want your data back, you must pay them $300 in bitcoin. This was what happened to hundreds of thousands of PC users in May 2017 when they were attacked by the WannaCry malware, which exploited security flaws in Windows.
How can you plan to avoid cyberattacks and other attempts to take your money over the Internet? Be wary, and if attacked, respond quickly.
Phishing – This is when a cybercriminal throws you a hook, line, and sinker in the form of a fake, but convincing, email from a bank, law enforcement agency, or corporation, complete with accurate logos and graphics. The goal is to get you to disclose your personal information – the crooks will either use it or sell it. The best way to avoid phishing emails: stick to a virtual private network (VPN) or extremely reliable Wi-Fi networks when you are online.1
Ransomware – In this scam, online thieves create a mock virus, with an announcement that freezes your monitor. Their message: your files have been kidnapped, and you will need a decryption key to get them back, which you will pay handsomely to receive. In 2016, the FBI fielded 2,673 ransomware attack complaints, by companies and individuals who lost a total of $2.4 million. How can you avoid joining their ranks? Keep your security software and operating system as state of the art as you can. Your anti-virus programs should have the latest set of virus definitions. Your Internet browser and its plug-ins should also be up to date.2
Advance fee scams – A crook contacts you via text message or email, posing as a charity, a handyman, an adult education provider, or even a tax preparer ready to serve you. Oh, wait – before any service can be provided, you need to pay an “authorization fee” or an “application fee.” The crook takes the money and disappears. Common sense is your friend here; avoid succumbing to something that seems too good to be true.
IRS impersonations – Cybergangs send out emails to households and small businesses with a warning: you owe money. That money must be paid now to the Internal Revenue Service through a pre-paid debit card or a money transfer. These scams often prey on immigrants, some of whom may not have a great understanding of U.S. tax law or the way the IRS does business. The IRS never emails a taxpayer out of the blue demanding payment; if unpaid taxes are a problem, the agency first sends a bill and an explanation of why the taxes need to be collected. It does not bully businesses or taxpayers with extortionist emails.1
Three statistics might convince you to obtain cyberinsurance for your business. One, roughly two-thirds of all cyberattacks target small and medium-sized companies. About 4,000 of these attacks occur per day, according to IBM. Two, the average cost of a cyberattack for a small business is around $690,000. This factoid comes from the Ponemon Institute, a research firm that conducted IBM’s 2017 Cost of Data Breach Study. That $690,000 encompasses not only lost business, but litigation, ransoms, and the money and time spent restoring data. Three, about 60% of small companies hit by an effective cyberattack are forced out of business within six months, notes the U.S. National Cyber Security Alliance.3
Most online money threats can be avoided with good security software, the latest operating system, and some healthy skepticism. Here is where a little suspicion may save you a lot of financial pain. If you do end up suffering that pain, the right insurance coverage may help to lessen it.
1 – gobankingrates.com/personal-finance/avoid-12-scary-money-scams/ [8/28/17]
2 – eweek.com/security/the-true-cost-of-ransomware-is-much-more-than-just-the-ransom [8/18/17]
3 – sfchronicle.com/business/article/Interest-in-cyberinsurance-grows-as-cybercrime-12043082.php [8/28/17]