The cyber fraud and identify theft landscape continues to evolve as criminals and hackers find new, aggressive ways to scam consumers and businesses. From robocalls and stolen credentials, to phishing and malware, vital information is increasingly being accessed online and through technology by the wrong people. The COVID-19 outbreak is creating the perfect storm for these type of attacks to flourish, and scammers are taking advantage of the pandemic to steal information.
Consumer Identity Theft and Fraud
In the coming weeks, taxpayers will be on the lookout for an economic impact payment from the Coronavirus Aid, Relief, and Economic Security Act. This sets the stage for fraudsters to pose as government officials contacting individuals via email, texts and social media in an attempt to gain access to personal information and steal their identity. Individuals could be misled into providing bank account numbers, passwords or even installing malware on their computers for fraudsters to illegally access this information. Consumers need to be vigilant for scams related to COVID-19.
Below are tips to protect yourself from identity theft and fraud.
Hang up on robocalls. Scammers are using robocalls to illegally obtain social security numbers, bank account information and offer bogus coronavirus treatments. Don’t press any numbers or say anything; simply hang up.
Avoid clicking on links in unsolicited emails and be wary of email attachments. Instead of clicking a link, you can have it scanned for virus code using the VirusTotal URL scanner. Copy the link and paste it into the scanner to have dozens of malware detection engines review the contents of the link to see if any are harmful. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
Only use trusted sources. Look legitimate sites such as government websites for information about COVID-19. Many sites will appear to offer helpful information, but you can often spot fakes by poor grammar, misspellings or missing contact information. Type a company or product name into your favorite search engine with words like “review,” “complaint” or “scam” to confirm legitimacy.
Do not reveal personal or financial information in email. Call the organization to speak with someone directly. Research the company on Google and the Better Business Bureau if you are unsure.
Be cautious about installing applications. Avoid downloading anything via email if you don’t know the source. For mobile devices, only install apps via the official app stores; avoid clicking from social media.
Choose secure passwords. Don’t repeat the same password across multiple accounts. This makes it easier for scammers to access all of your information if they are able to gain entry into one account.
Install security software that updates automatically. Make sure the security software, operating system, browsers and apps on your computer and smartphone are up to date. This may help protect your devices against potential identity thieves who try to take advantage of bugs or security holes in outdated software, systems or browsers.
Talk to your agent about identity theft insurance. Having coverage will help you recover costs for obtaining credit reports from bureaus, notarizing affidavits, attorney fees, replacing documents, including driver’s license, passport and Social Security card, among other critical actions.
You can sign up for free scam alerts from the FTC at ftc.gov/scams. If you spot a scam, report it at ftc.gov/complaint. Your reports help the FTC and other law enforcement investigate scams and put an end to this type of fraud.
Business Cyber and Data Liability
The majority of employees are working from home, and they may not have the same level of internet and computer security, leaving businesses susceptible to cyber and data breaches. Companies must be prepared and have a plan in place to respond to incidents of fraud. This is true whether you are a small business or a large corporation.
Talk with your employees:
Awareness: Make sure your employees have knowledge of the type of malicious calls, emails and websites they may experience.
Educate: Train your staff on what to do if they receive a suspicious call or email with questionable links and attachments. Preach caution. If employees are unsure, they should speak with management or your IT team before responding to any communications.
Preparation: Work with employees to create a secure home office environment. Implement security measures to strengthen passwords, create multi-factor authentication for programs and applications, and set up strong VPN connections.
Planning and reacting to a data breach:
Create a written security policy. Identify various types of security incidents that could occur; prepare a communications plan; designate roles and responsibilities among staff. Train staff on the plan.
Use security tools: Implement software and other tracking methods to detect suspicious communications.
Contain breached data. Isolate the affected information from the rest of your network to prevent the spread of unauthorized access/malware within your organization. Assess the impact and determine if additional information is at risk.
Identify the cause of the incident. Correct broken security measures that allowed scammers in. Take steps to protect against identity theft and account takeover such as updating passwords and installing new malware.
Gradually bring systems back up. Test systems to confirm they are working properly before giving employees access again.
Contact your insurance agent. If you have cyber liability insurance, your insurer can assist with your response capabilities and start the claim process.
Communicate with clients and consider regulatory obligations. Clients need to be made aware if their information may be compromised, and how you’re handling the situation. Clearly explain measures that are being taken to prevent this from happening again. Ensure you’re complying with all state and federal laws.
Review the incident with your staff. Make sure they understand how the breach occurred and how it could be prevented in the future. Update your response plan accordingly.
A tremendous amount of time and money can be wasted trying to restore your credit, finances and reputation. While there’s no fool-proof method to prevent identity theft or data breaches, there are tools that can make the recovery process faster, and save you money with less aggravation should you become a victim.
Want to learn more about Cyber Crime and Data Breach Insurance? Download our free e-book.
Questions about identity theft or cyber and data liability? Contact Wallace & Turner at (937) 324-8492 in Springfield, (937) 652-8492 in Urbana, or info@wtins.com.