Online Identities by the Numbers
In a recent study, Kaspersky Labs, an online security company similar to McAfee and Norton, found that complete online identities (fullz, as they are called) can be obtained for around $50 on the Dark Web and other nefarious sites. What’s even scarier is that individual account numbers and passwords for things like your bank and other financial institutions can be bought for as little as $1.
Note: “Fullz” means a “full” package for cyber criminals that generally includes name, SSN, birth date, account numbers and other data that make it easier for a criminal to use the information immediately.
Experian, the credit monitoring company, breaks it down even further with current prices for specific pieces of your online identity:
- Social security number: $1
- Driver’s license number: $20
- Paypal credentials (and other online payment systems): $20-$200
- Credit card #: $5-$115 – the higher values include CC#, your name, your address, CCV code, expiration date, etc.
How identities are stolen
The most common identity theft method continues to be “phishing” where hackers masquerading as a trusted institution (your bank, brokerage firm, PayPal, etc.) send you a phony email and trick you into clicking on a malicious link to steal your user data and login credentials.
Phishing is common because it’s relatively easy for criminals to obtain thousands or even hundreds of thousands of valid email addresses for next to nothing. All they have to do is create a credible phishing email and then send it to all the email addresses they have. At that point, it’s a numbers game, because even if only .01% of people fall for it, that’s all they need. Doing the math: 100,000 email addresses x .01% click rate = 10 victims.
Other common methods include:
- Hacking into reputable companies like banks, credit card companies, brokerage firms, department stores, etc. that store personal & financial information.
- Scanning – using a network scanning to capture your login credentials in public places like Starbucks, hotels, restaurants, theaters, etc.
- Shoulder surfing – watching over your shoulder to see your passwords and other information.
- Stealing or diverting your physical mail to a 3rd party address to obtain your personal information.
Best ways to protect yourself from Identity Theft
- We’re going old school here, but the first thing you should do is change your passwords as often as is realistically possible. Make sure your passwords are difficult to guess (no birthdates, initials, etc.). Finally, make sure you don’t use the same password (or derivatives) on all your sites.
- ITque recommends changing sensitive passwords (financial, brokerage, etc.) at least every 3-6 months.
- Install a reputable anti-virus, or endpoint protection product. If you don’t want to spend any money, there are a variety of free products like Windows Defender (build right into Windows), Avast, AVG and others.
- For businesses, ITque recommends enterprise-grade solutions like Sentinel One Endpoint Protection.
- Only open and respond to emails from people/companies you know and trust. This can be more difficult than you think because phishing scammers try to impersonate sites you login to all the time. Just remember that most reputable entities (banks, governments, hospitals, credit card companies, etc.) generally won’t ask for your personal details in an email or even a phone call.
- If you receive a suspicious email, text or phone call purporting to be from your bank or other company you work with, ITque recommends you do not respond or continue talking to the suspicious company. Instead, hang up and call (or email) the company yourself using the numbers and email address on their real website and ask them if they have contacted you recently.
- Subscribe to an identity protection service like LifeLock and let them take care of it. Lifelock and others offer real-time identity theft monitoring as well as identity (reputation) repair and insurance coverage to help defray the costs of a stolen identity.
Security is top of mind for many these days as we all see the headlines about credit card companies and financial institutions being hacked and thousands or millions of accounts and identities being compromised. As always, knowledge is power, so it’s best to educate yourself and understand how to protect yourself.
Note: while this post is aimed at helping you protect your personal information and accounts, it also applies to your work accounts as well. Hackers don’t care if they steal from you or the company you work for, so apply these same precautions at the office – consider it job security…
If you think your company or office has been the victim of identity theft or other security breaches, contact ITque for a no cost, no obligation IT Security Audit. We’ll come to your site, perform an audit on all your major systems and give you a report on what we have found.
For immediate help, call us right now: 408.641.7030 Ext. #2.