The biggest security breach in recent history affected more than 600 people and perhaps tens of millions of people. It all began in May 2023 when a hacker group gained access to MOVEit, a file transfer program used by a wide range of public and private sector organizations.
The long-term fallout of this breach is still unfolding. Were you affected? Is there a way you could bolster your own defenses against something like this impacting you in the future?
Identity Theft Evolution
Identity theft scammers continue to evolve with innovative tactics. Here are the most prevalent strategies you should be aware of:
- Phishing Emails: Cybercriminals craft seemingly legitimate emails, masquerading as trusted entities like financial institutions or reputable companies. These deceitful messages aim to extract sensitive data, such as passwords and bank information.
- Smishing: The text message counterpart of phishing, where scammers employ SMS messages to redirect victims to fraudulent sites or manipulate them into divulging personal information.
- Impersonation Schemes: Culprits capitalize on trust by impersonating acquaintances, family members, or colleagues. Often, these impersonators solicit money or personal details under false pretenses.
- Fake Websites: Scammers create websites mirroring legitimate ones, deceiving users into sharing sensitive data. These replicas often possess slightly altered URLs or domain extensions.
- Tech Support Scams: Con artists pose as technical support agents from reputable companies, coaxing victims into granting remote device access. This facilitates malware installation or data theft.
- Data Breaches and Credential Exploitation: Capitalizing on data breaches, cybercriminals leverage stolen usernames and passwords to gain unauthorized entry into multiple accounts.
"Pause before sharing any sensitive information."
Strengthening Your Defenses
While it may seem like danger is on every side, there are actions you can take to help protect yourself. Implement these practical measures to build up your defenses:
- Double-Check: Pause before sharing any sensitive information. Pick up the phone to make sure the request came from the person or organization it claims – and please look up the phone number independently rather than using the phone number listed in the email or text.
- Keep Your Secrets: Use strong, unique passwords for your accounts. And make sure you’re changing your password regularly, especially for your email accounts.
- Embrace Two-Factor Authentication: Give your accounts an extra layer of protection by requiring secondary verification beyond your password. It’s slightly less convenient in the moment, but much more convenient than having to deal with a stolen identity.
- Be Suspicious of Links: Avoid clicking on links or downloading attachments from unknown or suspicious sources. You can hover over links to preview the URL before clicking, but if that doesn’t work, leave it unclicked.
- Protect Your Device: Keep your devices up-to-date on security patches and reliable anti-virus software. (And don’t click on anti-virus software updates that you didn’t know you had—that’s another scam.)
- Keep an Eye on Statements: Regularly review financial statements for unauthorized transactions. Report anything that seems out of place right away.
- Know Your Credit Report: Monitor your credit report, either through a free annual report from a government-authorized source, or through another service you trust. Learn about freezing your credit to determine if it might be the right move for you.
The innovation of these identity thieves can be confusing and alarming. But with the right information and a little know-how, you can help protect yourself. It’s all about being aware and being cautious. And as always, we’re here to help. If you’re interested, we’re happy to discuss how we care for the personal information you’ve entrusted to us.
- AnnualCreditReport.com: The free credit report authorized by the U.S. Government
- IdentityTheft.gov: The government website to report identity theft
- USA.gov/credit-freeze: The government website explaining how to freeze and unfreeze your credit