Your address will show here +12 34 56 78
Blog

According to 2020 Identity Fraud Study from Javelin Strategy & Research, identity fraud has now reached “the level of an epidemic.” This last year had the most data theft ever with a plethora of victims and enormous sums of money stolen.  


In 2020, $16.9 billion was stolen, the highest amount in four years. Criminals are shopping online with stolen credit card numbers, siphoning money from bank accounts, assuming control of mobile phone accounts, and even taking loyalty rewards points.


“The type of identity fraud has drastically changed from counterfeiting credit cards to the high-impact identity fraud of checking and savings account takeover. At a time when consumers are feeling financial stress from the global health and economic crisis, account takeover fraud and scams will increase. It is too early to predict how much higher the fraud rates will go; however, criminals become more active during times of economic hardships.”


According to Javelin, account takeover fraud is one of the most challenging types of fraud to identify because of the multichannel account access and the desire to reduce friction in the consumer experience. New technology is available to help mitigate risk and improve the consumer experience, yet often it goes unused or is unavailable to consumers. What is clear is that criminals are adapting to new technology faster than consumers will adopt technology to reduce their risk.


What’s next for 2021? Researchers predict that during the next twelve months, criminals will strike at the heart of the financial services industry and negatively affect consumers. Areas of concern range from fraudulent account openings (synthetic identities), person to person (P2P), and full takeover of all accounts, not just checking or cards but also investment accounts and other high-dollar balances. Criminals will always try to take what isn’t theirs, and right now it is too easy. The level of fraud could climb back to pre-EMV levels if steps are not taken to prevent the new identity fraud schemes. 


Armed with your personal information, such as Social Security number, date of birth, and password, criminals can take over your existing financial accounts — to steal money or go shopping — or open new accounts in your name for their nefarious purposes.


During the holiday shopping period, cybercrime attacks accounts for more than 10 percent of all network traffic, according to ThreatMetrix. They choose to attack under the cover of high transaction volumes and larger basket sizes, hoping that their behavior is less likely to flag as high risk.


“The environment has gotten riskier” with attack rates up and increasingly coming from mobile devices, Vanita Pandey, said vice president for product marketing and strategy at ThreatMetrix. “At the same time, it’s getting harder for businesses to differentiate between a good customer and a bad one, because the cybercriminals are able to stitch together proper identities and mimic the patterns of trusted users to evade detection.”


The never-ending wave of data breaches is causing American consumers to lose trust in the institutions that collect and store their personal data.


However, there are things everyone can do to reduce their chances of getting burned or victimized again:

Turn on two-factor authentication wherever possible: Requiring a separate action after providing a user name and password to access an account makes it significantly more difficult for fraudsters to take over your accounts.

Secure all of your devices: Criminals have shifted their focus to mobile devices for access to accounts and the information they store or transmit. Secure online and mobile devices with a screen lock, encrypt data stored on these devices, install security software and avoid public Wi-Fi unless you use a Virtual Private Network (VPN).

Sign up for account alerts: Most financial institutions and credit card companies make it possible for customers to receive notifications by text or email about a variety of transactions. These alerts, which include ATM withdrawals, foreign transactions, and card-not-present purchases, give you real-time updates that make it easy to quickly spot suspicious activity.


Use an Identity Theft protection system.


If you need assistance with an identity theft protection system or dark web monitoring, contact Micropac today.




Source: 2020 Identity Fraud Study: Genesis of the Identity Fraud Crisis | Javelin (javelinstrategy.com)
0

Blog

Data theft—oh boy, another one? It happens so often now that we are actually starting to get used to it and even normalize it. Every day a new email arrives in the inbox with yet another notification from a big company explaining that my private information has been compromised. Target, Experian, Facebook, My Fitness Pal, Twitter…


Is anything secure anymore?


Because most data breaches happen when hackers gain access to someone’s password, password security is critical. It’s also a double edged sword. While passwords are the easiest and simplest way to secure an account, they are also unfortunately, an easy method of attack for hackers. Hackers know this and will inevitably find a user with a weak password and be able to gain access to computers on your corporate network.


So how do hackers get your password? Here are five common methods a hacker uses to obtain passwords.

 

1) Phishing. Think of phishing emails like a lure. A hacker tries to trick you with an email to click on a link and upload your credentials. A hacker will send out an email blast to various users across the internet. Often the email will look like it is from a legitimate website such as a banking website or something to do with Microsoft. Within the phishing email is usually a fraudulent link that when clicked on will ask you to login to “your account”. So, what looks like a legitimate login screen is fake and its sole purpose is to capture the credentials you put in.


Use Two-factor authentication. That way if the hacker does gain access to your login credentials, they will have another level of security that they will need to get through. Of course, there are ways for hackers to hack two-factor authentication, but it is a good safe guard.


Implement Security Awareness Training. Know what to look for in a phishing email. Learn the tricks hackers use with common red flags. Understand what links or attachments should not be clicked on in an email.


2) Password Spraying.  
This method is an old hacker trick for a while. It works through the use of scripts and software that is loaded up with all the common passwords such as password, 12345, logmein, etc. So, if the hacker has a list of usernames for an environment, they can just plugin the username and let the password spraying software do the work. The best way to protect against this is to utilize more secure passwords.


3) Credential Stuffing. 
So what do they sell on the DarkWeb? Passwords…lots of them. Credential Stuffing is when a hacker uses a database of usernames and passwords that they have obtained by buying them on the dark web or directly from another hacker. Typically, when you hear that there was a data breach of a company this is what they are referring to. Say a hacker was able to obtain a login for something like a credit score site. Not much a hacker can do by looking at your credit score but what they can do is use those same login credentials on various websites such as PayPal or banking websites. Often a user will use the same email and password on multiple websites. So, if a hacker has the login credentials for one website there is a high possibility, they will be able to use it to gain access to others.


The best way to protect against this is to avoid using the same login for multiple websites If you hear of a data breach of a company that may have your login information to access your account with them, immediately change your password.


4) Brute Force. 
This is the storyline played out every day on Netflix that hackers or FBI analysts use to get into a system. With this method a hacker will use an algorithm to crack an encrypted password. Once the algorithm is run against the account the password is revealed in plain text. Hacking tools like Rainbow Crack, John the Ripper, L0phtcrack, etc. are used to perform a dictionary attack, which means that the tool will go through the whole dictionary trying each word in a matter of minutes until it finds a password that works. The best way to protect against this kind of hack is to use a password that isn’t something in the dictionary and is longer than 16 characters with symbols.

 

5) Key Logging. Key logging is basically a trace of your keyboard movement.. The hacker will either try to gain access to your computer directly or through some type of spyware that got installed via email or a website. It will then log all the key strokes you make on the keyboard. Using this information, the hacker will compile a list of words typed and use that to run against your accounts. The main way to stop this kind of hack is with good security software that will check for malware, spyware and key logging software.


Contact Micropac today for more information on managing your network securely.


Image Source: Man Using a Laptop · Free Stock Photo (pexels.com)


0