Identity theft is when a thief uses your personal details to assume your identity to steal from you or use your identity for other reasons. It can be a very difficult thing to recover from. In some cases all a thief needs is your name, phone number, birthdate and home address to start hacking into your online accounts. Think about it, if those key pieces of personal information are stolen from you, and perhaps then shared onto other criminals, your identity can be stolen over and over again. One client I was working with had her identity stolen and accounts hacked into 3 times in 6 months. Why did it happen 3 times? Because her telephone company only used her phone number, home address and birthdate as an identifier, her phone number was taken over by a thief, and they used that to break into her accounts that required Two Factor Authentication. The verification codes were then sent directly to the thief. This theft is commonly known as a Phone Porting Scam, I’ve written about this crime previously here. It wasn’t until the client was given an extra codeword password by her provider that her phone account was secured, and therefor her other accounts. Her name, and birthdate, and other personal details were unfortunately found easily online via social media and a blog post she had forgotten about. The distress of having to try and get her accounts back, her stolen money returned was extraordinarily difficult. She can do nothing about the lost data it is now floating around the internet. The only thing she can do, is set up extra security on every account she has, and opt out of any platforms that do not give the option to set extra security.
You Might Need A New Identity…
To try to secure your identity again by changing those key identifiers is really impossible.. your name, where you live, your phone number….and your birthdate? Institutions that require only those for identification are operating under a very old fashioned, and now clearly insecure system. That type of security may have been fine 10 years ago, but with so many data breeches and hacking occurring currently, using your name, birthdate or address to identify you is no longer secure, if a scammer or hacker knows those details about you, they can pretend to be you.
Platforms Who Don’t Look After Their Customers Personal Details Need To Change!
I’m always going to be on the side of the customer. If the platform or website you use doesn’t employ encrypted personal details, privacy and security as a default, your personal identifiers not be secure. Insisting on personal identifiers to sign up or into an account and then leaving them public or unencrypted is not protecting your client base. It is also not enough just to hide your personal details from public view via privacy settings, if someone hacks your online account, unless these are hidden even from you when you log in, a hacker may see enough of your personal identifiers to steal from you.
How Much Hacking Is Going On?
Every talk I give to students and adults I find people who have had or know someone who has had their identity stolen or their social media platform hacked, it can be Instagram, Uber, Musical.ly Facebook or Twitter. If the website or platform you sign up for doesn’t have privacy set as a default, i.e hiding your contacts, your birthdate, your email address and other privacy they are not taking care of the security for their customers. Not everyone has good tech skills, and finding the settings to secure these things can be incredibly difficult for some people, particularly those over 60 years of age who are by far the largest demographic of those that have been a victim of an online fraud or scam.
Hacking often happens by falling victim to a scam, particularly a Phishing scam where you may be asked to “Click this link and verify your account” or asked on social media “Have you seen this video of you?” click this link and sign in via your account. It also maybe that the platform you have signed up for has a data breech and your data is leaked online. There are many ways your accounts on social media can be hacked
What Should I Do?
To make your online accounts more secure:
- Find out what security the platform uses to keep your data safe.
- Are privacy settings set to public by default, be sure to select the most private option.
- Set all your privacy on all platforms especially social media platforms to the most secure settings and delete any personal identifiers where ever you can, i.e email addresses, phone numbers, birthdates, home address or local suburb.
- Do not sync your address book with any online platform or social media.
- Avoid giving out your birthdate, street address, phone number, credit card number, if it is not encrypted and hidden within your account.
- Don’t share your birth year on any social media, and keep your accounts private. “Happy 50th!!” posted publicly gives it away!
- Don’t use real answers to security questions like “What is your mothers maiden name” Keep a copy of your “fake” answers offline
- Hide as much about your personal preferences, family, pets, where you went to school as you can.
- Make sure you have Two Factor Authentication set up with an authenticator App like “Sophos Authenticator” do NOT use your phone number for Two Factor if you can avoid it.
- Delete any 3rd party apps that are connected with accounts.
- Shut down any accounts or platforms you don’t use.
- Use Long Complex Random Passprases for your password, and NEVER use the same one on any other account.
- Search for your name, personal phone number and home address online, remove from any websites or platforms where they are visible.
- Secure your letter box, don’t throw away paper bills without shredding them
Lastly if you feel an online website or platform is NOT keeping your data secure, contact customer service and complain. Or take your business or social life elsewhere.
How many of you have had or know someone who has an online social media account hacked?