When you sign up for an online account, you are asked two main things: a username and a password. All websites you visit require a strong password… but what constitutes a strong password?

Mostly, these are the basic requirements for a password:

  • should have at least eight characters
  • different from all your other passwords
  • should contain a combination of letters and numbers
  • some even require special characters like !, _, -, #, $, @, and so on.

In my previous post, I shared some preventive tips in order to avoid identity theft. One of my tips suggested the use of strong passwords. So, for this post, I will expound further on that topic. Here are some notes to consider when creating strong passwords:

  1. Passwords should be unique.

    • Another tip is to create different passwords for your different accounts. Often times, people just use ONE password for all accounts. That should not be! Each account should have its own unique password.
    • If you are using the same password on every online account, you are in big trouble. Once the hacker has your Gmail password, it’s now easy to access your other accounts on Facebook, Instagram, WhatsApp, Twitter, Viber, and many others.
  2. Constantly change passwords.

    • Remember to change your passwords regularly. Usually, online services would notify you of a suspicious behavior. This is a sign that your account could be compromised.
    • Once you have changed your password, do not share it with anyone. If you need help with remembering important details, I suggest using a password manager.
  3. Never write your password down.

    • For most people, they use random characters, which is hard to remember. The last thing you want to do is jot them down or keep it near your desk. This is security flaw; never do this!
    • A tip for this step is to take a name or a word that you can easily remember. Then, capitalize a random character from this word, and special characters in between. To illustrate, here are some examples:
      • mArgar3t!th#atchEr from the name Margaret Thatcher
      • Nov0Anch0r45 from the words Novo and Anchor
      • L0vyBea9ty1_2 from the words Love and Beauty
  4. Do not repeat old passwords.

    • Websites asked you to update your passwords and input a new one. Mostly, we don’t really generate a new one. Instead, we just reuse old passwords. This is a bad idea! No, do not repeat passwords that you have used.
  5. Use a password manager.

    • Again, let me emphasize the use of password managers. These tools are safe, and they will help you in remembering complicated passwords. If you simply rely on your own ability, you can’t remember that many passwords. So, store your passwords in passwords managers because they encrypt your data unlike when you just write it down.
    • To name a few, you can use password managers like LastPass, BitWarden, and etc.

Passwords are needed in every website, and you must adhere to the best practices listed on this post to avoid data breach. You can use a dictionary to get an inspiration, but do not use the exact word as a password. You have to randomize the letters and add more special characters & numbers to the equation. A final note to remember: the longer the password, the better and safer it is for you!

 

As I way to end the Identity Theft series of blog posts, I would like to share some important tips to follow. If you haven’t already, catch up on other relevant topics such as:

Your best protection against identity theft

I have listed 8 tips in preventing identity theft below. Here they are:

  1. First, you have to use strong passwords.

    • Your password should be a series of texts, numbers, and special characters. Passwords should not be a short word. Instead, think of a phrase or a sentence that consists of alphanumeric characters.
  2. Use the two-factor authentication feature.

    • Most online accounts now offer a  two-factor authentication, which means you don’t just need your username and password. You also need to provide a code sent to your email and/or mobile number.
    • Websites — like Steam, PayPal, Gmail and many more — follow a multi-factor authentication for logins and transactions
  3. Never share your login details.

    • This is especially true for conversations you did NOT personally initiate. Stop right there and do not engage with emails asking for your personal information. If you received a call regarding your account, hang up and call organizations involved. It could be a voice phishing or vishing modus!
  4. Tear documents or even shred them before disposing.

    • Often times, people just throw unopened mail straight to the garbage bin. Personally, I am guilty of this, but remember,  it’s important to shred mails and receipts containing your personal information. Cybercriminals don’t just magically get into your computer and steal your details. Instead, they rummage through your trash bins.
  5. Choose paperless billing if available.

    • To avoid your  receiving a bunch of mail, opt out from the standard snail mail and choose the digital way. This way, all your billing statements will be sent directly to your email.
  6. Create a personal email for extremely important accounts.

    • Speaking of email, assign an email exclusively for online accounts. Don’t use this email for email subscriptions and social media accounts. This should be used solely for accounts that deals with money and important transactions.
  7. Leave important cards behind.

    • Store your Social Security card, medical insurance card, and credit cards in a secure place. Leave these things at home when you only plan to take a jog around the neighborhood or buy something at the nearby convenience store. Only carry these cards when you really need them.
  8. Transact only to sites with an HTTPS version.

    • The ‘s’ in https means secure. So, before you transact or transfer funds, be sure that the URL of the website indicates a secure connection.

It pays to keep tabs on your financial statements every single time. Check them from time to time, and look for transactions you did not make. If you have been a victim of identity theft, report to the authorities. You can go to the Federal Trade Commission’s IdentityTheft.gov or the FBI’s Internet Crime Complaint Center.

For more tips on keep your online accounts safe, please refer to my post on The Proper Password Etiquette.

Identity theft can happen to anyone; that is why you should always monitor your bank statements and credit card reports. Whether it is an account you are always using or not, always take time to routinely check. Other than that, there are some possible signs that someone may have stolen your identity. Here are 9 clues pointing to identity theft:

  1. The number one sign would be discrepancies. Your bank statement reflects transactions or purchases you did NOT make. In addition, you see withdrawals from your account that you can’t seem to explain.
  2. Next, you receive calls from credit card companies about purchases you didn’t make. Debt collectors remind you to settle your account, but the debts are not yours.
  3. You receive a mail from the IRS telling you that there were more than one tax return under your name. It could also be that the IRS will inform you that you have received an income from an another employer.
  4. Another clue would be the inexplicable charges on your credit card statement. Most of the time, identity thieves start with something small. Let’s say $10 just to do a test transaction. If it pushes through, then, your card will work on bigger purchases. So, go through your statement of account and thoroughly check if there are charges you can’t explain on your credit card report.
  5.  Medical providers charge you for services you did not receive. There are medical bills for a condition you do not have. When you are perfectly fine, then, you receive a bill for a medical treatment.
  6. You should be alarmed that you don’t get bills in the mail. Official communications are usually done through snail mail, and if you don’t get your bills, this could mean that someone has changed your mailing address.
  7. By the time when you really need medical attention, your health plan will reject your medical claim because the maximum limit has been already reached. Then, you will have a bad record. Your health insurance provider may not cover you.
  8. Companies, where you have an account, inform you to reset your password. For instance, Amazon emailed me once to change my password. Industry giants, like Amazon, are not vulnerable to attacks. They can also be compromised by a data breach.
  9. Lastly, when you are turned down for a loan, this could mean that someone damaged your good credit standing.

Report and do not remain silent!

If you have noticed these clues, then, someone has stolen your information. Hence, you should inform the Federal Trade Commission (FTC) about a possible identity theft. There are guidelines to follow if you lose your credit cards, driver’s license, social security, and other personal information.

What will happen to my personal information after identity theft?

It depends on what information the identity thieves have acquired, and they can get your data through a number of ways. Typically, identity thieves can profit from your data, including to the following examples:

  • Open a new credit card under your name,
  • Make online purchases using an existing cards,
  • Claim a refund when filing a tax return under your name,
  • Get medical assistance through your health insurance,
  • Pass a background check using your identity and financial status.

Previously, I have discussed 4 Ways Identity Thieves Acquire Your Personal Information. There are more ways on getting your identity stolen. Below, I have listed 4 more examples on how other people access your personal information.

Wi-Fi hacking

  • Generally, public Wi-Fi connections are unencrypted, meaning everyone is just free to connect without any layer of defense. The more people connects to Wi-Fi connection, the more vulnerable it gets. Hence, cybercriminals could have better chances when snooping for information on public Wi-Fis.
  • Be careful when using a public connection. If there’s no need to go online, then, don’t risk your safety. Only make purchases or access your bank account when you are connected to a secured connection. If your device uses an outdated software, it may be vulnerable to malware attacks.
  • When you are constantly travelling and you need be online, you might want to consider using a VPN for added protection. Just remember VPN will NOT make you entirely anonymous. Moreover, a free VPN will do more harm than good.
  • It is still recommend to take the necessary precautions when you are in public. Sometimes, identity thieves even set up a  fake Wi-Fi connections with names similar to legit services. Avoid haphazardly connecting to any network you see. Always check the spelling of the Wi-Fi connection before entering.

Voice phishing

  • Phishing does not always happen through emails; there is such a thing as voice phishing too. Vishing is a phone scam similar to email phishing. Usually, fraudsters pretend that they are from your bank or from the IRS.
  • If you receive this type of phone call, hang up immediately and do not give your personal details. Legit bank communications are generally sent to your mail. When in doubt, do not engage with these potential fraudsters and put down the phone.

Data breaches

  • Nowadays, data breaches are becoming a common occurrence. Just look at this report posted on CNBC and you will realize that even industry giants have been breached.
  • In 2019, Facebook also experienced a data breach. There were over 540 Facebook accounts that were exposed on an Amazon cloud server. Speaking of Amazon, the company also experienced a security breach.
  • All these examples are just the tip of the iceberg. To be honest, there are still more incidents of data breach. The customers are always on the losing end because their personal information are now exposed.

Tax ID theft

  • Did you know that identity thieves could also claim your tax refund? All they need is your Social Security number in order to collect your benefits, and you won’t even notice it until you file your tax return. Then, you will be in complete surprise to receive a letter from the IRS, confirming that a tax return has been filed.

There are countless ways for identity thieves to acquire your personal information. At the end of the day, it is best to take the necessary precautions before transacting online. Omnipotech is here to provide cybersecurity solutions to various types of businesses.

You can contact the Omnipotech Support Center now and we will guide you on how you can protect yourself and your business from identity thieves and other cybercriminals. Whether you need help in IT consulting or have any questions on cybersecurity, do not hesitate to call Omnipotech at 281-768-4800!

In What Is Identity Theft?, I started discussing the basics of identity theft. I have shared examples on how data breaches affect individuals, and how cybercriminals use these personal information. So, this time, I will elaborate more on the different ways identity thieves get a hold of your personal data.

Phishing

  • The most method would be phishing, and phishing happens when cybercriminals send emails to trick you. These emails mimic real emails and newsletters banks and other financial entities. If you are not a keen observer, you would think these phishing emails are legit. The links in these fraudulent emails could have some malware – or malicious software – attached to it. Then, this software could acquire information from your computer and send it to the perpetrators. Cybercriminals uses the personal information of other people to commit gain financial benefits or to commit a heinous crime. So, be wary of open emails from people you do not know. Never click links or download attachments.

Skimming

  • Card skimming occurs when card readers are placed at cash counters. Before you withdraw money from an automated teller machine at a convenience store, coffee shop, gas station, be sure the machine are free from any other device. Once card readers access your ATM card, this device will then get the data stored in the magnetic strip of these cards.
  • If it is not a card reader, cybercriminals also install a small camera pointing at the keys. Therefore, every time someone withdraws from that machine, criminals would know the ATM pins. With the information they acquire from you, whether it is your credit or debit card number, criminals can easily make purchases or withdraw cash in your behalf.

Dumpster diving

  • Often times, people think identity thieves are computer hackers. Well, not all the time. Identity thieves get your information through rummaging your mail. By stealing your mail from the trash, they can piece together your personal information.
  • Aside from your name and address written on the envelope, they could also find out other personal details like bank account number, credit card number, health insurance card, and other cards that may be of use.
  • Identity thieves can even create a new identity by stealing your Social Security number. Then, pretend to be you in order to pass a background check. So, it is best to shred documents and other mail before throwing them out.
  • Aside from that, it is recommended to cut pre-approved cards into pieces if you have no plans of using them. Because if you don’t shred them, other people might be tempted to activate and use it for their personal gains.

Malware

  • Tech-savvy criminals may employ various techniques to steal your information. One is through the installation of a malicious software. A malware, as it is commonly known, could allow other people to access the information stored in your device.
  • Malicious software could include as of these: viruses, spyware, and keyloggers. Know more about preventive tips on What You Can Do to Avoid Mobile Security Threats?

 

Next? 4 Other Ways Identity Thieves Acquire Your Personal Information

Identity theft happens someone pretends to be you. This person will then use your personal information will commit fraud and/or will steal from you.

Personal information could mean any of the following:

  • Full name
  • Mailing address
  • Email
  • Username and password
  • Social security number
  • Driver’s license number
  • Bank account number
  • Passport number

These details are tied to your identity, and these may contain unique identifiers that solely belongs you. Once cybercriminals get a hold of these things, they can now pretend to be you and commit a crime. Perhaps, they may also sell it another person who needs a fake identity.

Identity Theft Statistics

According to a report published by Identity Theft Resource Center, in 2019 alone, data breach cases went up to 1,473. A significant increase from the 1,257 reported cases in 2018.

In 2018, Marriott, a hospitality company, is just one of the thousands. Take note: a SINGLE data breach at Marriott was able to access 383 million records. Basing from the ITRC report, the perpetrators were able to acquire passport numbers and credit card numbers.

What Is Identity Theft?

Identity theft is not just pertaining to wanted criminals. It could be someone who overhead you dictating your credit card number aloud. Anyone who could be eavesdropping on your phone conversation, and then, that someone uses your information to purchase something on the internet. Truthfully, there could be numerous ways in accessing or stealing your personal details.

It Could Get Worse!

Identity theft is already a serious offense in itself. However, it could get worse. When someone uses your identity to commit a heinous crime, you could be accused of a crime you did not commit. For instance, a criminal used your information in defrauding or deceiving someone else for his or her own economic gain.

The Most Common Ways Thieves Acquire Your Personal Information:

  • You would think these criminals would hack into your computer, but no. Honestly, it could happen in public places. When someone is watching you as you type in your credit card number, this is called “shoulder surfing.”
  • Another example is when you get pre-approved credit cards in the mail. Often times, you just glance at them, and throw them out the moment you realized it a just a bunch of cards. What you don’t know is that criminals may try to activate these credit cards and use it without you knowing it.

Using Your Identity to Conduct Crimes

With the information that criminals now have, they can do the following:

  • Access your banking details and other online accounts,
  • Withdraw money from your bank account,
  • Apply for bank loans using your personal information, and so on.

Identity theft can affect everyone. Whether you are running a business or you are merely a regular employee, everyone can experience identity theft. However, the stakes are higher when you own a business because a data breach could compromise the identity of your thousands – or even millions –  of customers.

Contact the Omnipotech Support Center now to know about the cybersecurity solutions we provide for different businesses. Get in touch with us by calling the Omnipotech hotline at 281-768-4800!

Next? 4 Ways Identity Thieves Acquire Your Personal Information

In Common Phishing Scams and How to Prevent Them (Part 1), I talked about email scams and vishing scams. For this post, I will still discussing the different types of phishing scams. Think of phishing as a con game. The only difference is that the playing field is the entire Internet. You see, scammers and phishers are tech-savvy so they will use jargon and unfamiliar terms in order to trick people. They send spam emails and here you are thinking of spam as food.

They try to con people, thinking that they would be trusting enough to share personal details like bank accounts, credit card number, and etc. The email messages mimic real companies, and these scammers pretend they that for these companies to ask for your login details. Here are other scams you should know about:

  • Tech support scams

Tech support calls pretend they are from a security company. Scammers fabricate stories and come up with lies that they found a virus on your computer. They give you a solution to fix the “problem.” Through installing a remote desktop access, scammers will get into your computer and install the real problem. Plus, they will ask for a fee to “fix” your computer.

What to do with tech support scams?

  • Never install anything that gives a total stranger direct access.  Do give anyone remote access to your computer.
  • If someone is claiming to be from a security or telecommunications company, tell them that you will the call the company yourself in any event that you need help.

 

  • Pop-up scams

Pop-ups are annoying in general. You see them everywhere when you are browsing the internet. Typically, these will be in a form of an ad that will entice you to click.

Some are even troublesome to a point that it is very difficult to find the close button. These pop-ups will trick you by displaying an error message and that your computer is allegedly infected with a virus.

What to do with pop-up scams?

  • Do not believe everything you read online. Most of all, do not click any pop-up. It’s there to scare you! If you really want to check your computer for any malware, open your antivirus software and scan your computer.

 

  • Fake search results scams

Lastly, beware of fake search results. Usually, these search results do not gain the top spot because of search engine optimization, but because they are paid listings.

Because they are on top of a search results page, people think they are the real deal. However, they just got to the top because they paid for their spot.  They provide solutions to everyday problems. Sadly, when you click, you will get more problems instead of solutions.

What to do with fake search results?

  • Check the search results page. Usually, the top spot will contain a marker that says AD or advertisement. Do not engage with these websites. Trust the organic search results more!
  • Visit official websites of businesses and companies. Be sure your browser goes to the verified URL.

Scams come in different forms and shapes. Contact Omnipotech Support Center to know more about cybersecurity. If you want better protection for your business, please get in touch by calling Omnipotech at 281-768-4800!

Phishing scams may appear in different forms. These scams are not solely about sending fake emails; it could be in a form of pop-ups and even phone calls. Scammers use different online techniques to defraud people.  Often times, scammers use fear as a tactic. They scare people in order for panic to arise and people will take the bait.

Since phishing scams look as if they are legitimate, it is extremely important to know what separates the fake messages from the real ones. How do you know that messages are from reliable sources? What to look for you to spot fakes? Here are the most phishing scams and some tips to prevent them.

  • Email scams

Let’s start with the most common one, and that is an email phishing scam. At first glance, these fraudulent email messages seem like it is from an authorized personnel or reputable company. The goal is to trick the recipient in order to acquire personal information in an unlawful way.

Generally, a phishing email also has a fake website attached to it. The fake message will encourage you to take action and click on a fake website. This is designed to look as if you are on the actual site of the business.

The messages will usually urge the recipient to give out details like full name, bank account number, credit card account, or any financial information that could be use for theft.

What to do to avoid phishing scams?

  • The first and most important tip is to NOT click links from unverified emails. Make sure it is from an email you know.
  • Unless you know the sender, do NOT download email attachments as well.
  • For example, if it pretends to be from your bank, open your browser and go to the official website of the bank. Login from there and check for yourself. If you see that your account is fine, then, that email is fake and is baiting you.
  • So, be very particular with details. Phishers use actual company logos and newsletters to make it seem legit. Usually, the phishing emails they use are misspelled variations of the real emails. Take note of the spelling of the emails addresses and the links.
  • Do NOT transact outside of the official website. Always use the official means of communication, and you can even call your bank to verify such email.

 

  • Vishing scams

From the letter “V”, you can probably what this is about. Vishing pertains to voice. Scammers may use a voice version of the typical phishing, but it uses the same techniques. Vishing is a phone scam, where people are tricked into giving out personal information.

What to do with vishing scams?

  • First, do not panic. Vishing scams tend scare you so that you will immediately give your banking details. Never give any information for that matter.
  • If it is indeed a legit request from your bank, hang up and call the bank yourself. Do not transact outside the official lines.
  • Lastly, if the caller gives a contact number, do not engage or call that number. Go to the official company website and check their numbers. If the given number is not there, then, those numbers are fake.

Next? 5 Common Phishing Scams and How to Prevent Them (Part 2)

In 2017, Mark Zuckerberg officially announced that there are officially 2 billion Facebook users.  Even until now, Facebook remains to be the top at its game.  However, too much exposure to social media can have its disadvantages.

In this blog post, I will share tips on how to ensure that you are not sharing too much information or TMI in chat abbreviation. A safer sharing procedure can help you maintain your privacy, and not put your identity in jeopardy.

Tips for social media sharing

  • Check the privacy settings from time to time.

Whether you are using Facebook, Twitter, or any social media platform, the first thing to do is to check the privacy settings. By default, your profile and your succeeding posts may be set to public. As much as possible, do not share every bit of you publicly.
If you try to search yourself online, you would be surprised that there are information about you. People may see and access this. Are you sure you would want the world to know this information? Potential employers may see this personal post.
Lastly, even though you have set your profile to private, social networking websites may have set the privacy settings back to public. When they update their terms and conditions, which happens constantly by the ways, users don’t even realize that the settings have changed too.

  • Only connect with people you actually know in real life.

It is a safer practice to only accept request of people you know. I know it’s tempting to say hi and make friends with other people. However, phishing is real. Online scams are real. Worse, identity theft is real.
Without NO real-world connections, how are you sure that this stranger is telling the truth? How can you verify that this person is really who he or she is claiming to be?

  • Don’t make your list of friends or connections public.

You may not be the victim here, but your friends might be. Spear-phishing can happen to your friends and cybercriminals gather information about you to convince your friends that it is indeed you.
Your friend may even NOT know that he or she is the potential target. With access to your friends list, a cybercriminal can easily pretend to be you and start sending emails to defraud people you know.

  • Don’t post about specific dates and events of your life.

Sadly, in this digital age, people just haphazardly share full names and birth dates of their children. A cybercriminal can now connect this information to the mother’s maiden name. The same is true with other important events like death date, wedding date, and engagement date. Generally, people think sharing these events and dates are fine. However, this can start an identity theft. Your son and daughter won’t even know it until he or she is grown up and trying to get a loan. It is as if you are inviting strangers to commit a crime.
In addition, do not hand personal information to burglars so easily! Do not give out names of people, location, and dates. Instead, send the specific details to people you are actually inviting to the event.

Share but do not overdo it.

Lastly, before making a public announcement or sharing it on social media, make sure you are not sharing too much. Carefully choose the information that you will share online. This is a friendly reminder from Omnipotech. Contact the Omnipotech Support Center to know more about improving your online security.

Do you remember the time when Amazon experienced a data breach back in 2018? Many people are shocked to know that even industry giants become victims of cyber attacks.

Owning a small business, you would think you would be more vulnerable to data breaches. Thus, it is extremely important identify to telltale signs that you company could be at risk. So, you can better prepare in an event of a data breach. Also, you get to think of solutions of stopping, or at least minimizing, the potential damage. With that being said, here are 6 instances that you may be risking your company data without even knowing it.

  1. Poor Passwords

The weakest link to the security link could start from you or your employees. It is through having poor passwords. You see, hackers don’t magically to into your system or bypass security. Truthfully, they just use common patterns such as pet names, birthdays, and other typical ones.

The best way to resolve this issue? Everyone should observe proper password etiquette. Passwords should never be one simple term. Instead, it is a lengthy phrase containing letters, numbers and symbols.

  1. No IT Support

Small businesses think of an IT department as an  extra cost. Usually, people think IT is not necessary and it is just adding more people to pay. No, never think this way. Having an IT staff can help you prevent such data breaches.

Not only that, IT professionals will also help you notice hidden flaws that are visible or recognizable to the common employee. You should, at least, identify risk factors because 60% of businesses close down within 6 months after a cyber attack.

  1. No Proper Authentication

Access to company data should be restricted. Moreover, only the approved employees can access such data. Because if everyone can just request to access and modify, it will exponentially increase the chances of a data breach. There should be procedures on how to access files and how to store it in order to keep it away from prying eyes.

  1. Employees Working Remotely

When you give your employees the freedom work anywhere, you are putting the company at risk. Working remotely may be convenient, but using public networks are unsafe. The more people can access a computer or a network, the more unsecured it is. Following specific procedures can help minimize the risk of being exposed.

  1. Outdated Software

Using an old software can make you more vulnerable. There is a high risk of experiencing data breach because of security issues. Updates will resolve previous security flaws. Technology is constantly evolving so your security should too!

If your company fails to update the operating system or any software, then, you are exposing the company to security threats. Think of it this way, you are still using padlocks to secure a room when the rooms of today are secured with pass codes and key cards.

It is in your hands!

Only you can change the course of your business. If you think your company can identify with the risk factors listed above, contact an IT services provider like Omnipotech. The Omnipotech Support Center will discuss the necessary steps in minimizing security breaches.