The Merchant Risk Council talks with the Identity Theft Resource Center in the newest Fraudian Slip podcast about holiday identity theft and what people can do to protect themselves

  • We are days away from what will be one of the most unusual holiday shopping seasons in our lifetimes, coming off of an unusual holiday season.
  • 2020 and 2021 have seen record levels of identity fraud, a lot of it related to shopping online. Most of the fraud and scams is due to cybercriminals using good, old-fashioned scams.
  • The Identity Theft Resource Center (ITRC) sat down with the Merchant Risk Council (MRC) to discuss holiday identity theft, triangulation fraud and steps to protect yourself while shopping during the holiday season.
  • You can learn more about holiday identity theft, retail fraud, what you can do to stay safe and other topics discussed in this podcast by visiting the ITRC’s website www.idtheftcenter.org.
  • If you think you are the victim of an identity crime, you can call the ITRC (888.400.5530) or live-chat on the company website to speak with an expert advisor.

Below is a transcript of our podcast with special guest Julie Fergerson, CEO of the Merchant Risk Council

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, Audible, Amazon now.   

We are days away from what will be one of the most unusual holiday shopping seasons in our lifetimes, coming off of an unusual holiday season. Or, if you have headed the warnings from retail experts, you already know we are in the midst of a second holiday season when supply and demand are not in sync. That means more people than ever are turning to online marketplaces to help Santa deliver the goods this year. However, it also means holiday identity theft.

2020 and 2021 have seen record levels of identity fraud, a lot of it related to shopping online. Before you throw your laptop or mobile phone out the window and vow to never shop the internet again, know that very little of that fraud is cybersecurity-related. Most of the fraud and scams are related to cybercriminals using good, old-fashioned scams (and maybe a few bad habits) to trick you into buying something that is too good to be true – because it isn’t.

Joining us to talk about how you can protect yourself and your holiday from holiday identity theft, and the haul from the Grinches that want to steal little Cindy Lou Who’s gifts and roast beast, is Julie Fergerson, the CEO of the Merchant Risk Council (MRC) and the ITRC’s own CEO Eva Velasquez.

We talked with Julie Fergerson about the following:

  • What’s the MRC?
  • Retailers that you do not recognize with deals that sound too good to be true; a quick Google search can show you complaints against a retailer or if they are fake.
  • Triangulation fraud (auction sites).
  • What to do if you don’t recognize a charge on your credit card statement.
  • Alternative payment methods, like buy now and pay later (BNPL) or peer-to-peer (P2P). Payments like those may not have the same consumer protections, which regulators are discussing now.
  • The importance that you trust your instincts to protect yourself from holiday identity theft.

We talked with Eva Velasquez about the following:

You can learn more about the identity scams that involve your identity, privacy or security, or get help if you have been the victim of holiday identity theft by visiting the ITRC’s website www.idtheftcenter.org.

Be sure to join us next week for our Weekly Breach Breakdown podcast. Next month we will look back to see how well we did with our 2021 predictions. We will also look ahead at what to expect in 2022 – on the December episode of The Fraudian Slip.

  • Identity criminals can compromise people’s phones and devices through weaknesses in the device operating software, applications and SIM swaps.
  • To protect your device from a tablet or phone hack, automatically download patches and software updates as soon as they are available, set up your lock screen to use biometrics or a password/passcode/PIN, enable “Find My…” device features, only download apps from the device manufacturer’s app stores, and avoid public Wi-Fi if possible.
  • You will know if you suffered a tablet or phone hack if you can’t make or receive calls, access your device, or there are calls and text messages that you did not initiate. Certain kinds of malware can also slow your device and result in your battery draining faster.
  • If you believe you’ve been compromised, pull out your SIM card, contact your carrier and be prepared to reset your phone or tablet.
  • To learn more, contact the Identity Theft Resource Center. You can speak with an advisor toll-free by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

As phones and tablets become more and more like portable mini-computers and the world moves towards digital versions of paper documents and currency, more personal data is stored on our devices. This makes them attractive targets for thieves who want to steal or sell your information or impersonate you, which could lead to you having your tablet or phone hacked. Many people are afraid of being hacked, but does being “hacked” truly mean?

People think of being hacked as a third-party gaining access to a device through some highly specialized technology where they’re able to crack passwords and get around device security. When it comes to tablet and phone hacks, that usually isn’t the case. Unfortunately, it can be much simpler than that for a thief to gain access to a device because of our own behaviors.

How They Access Your Device (While You Still Have It)

  • Through known weaknesses in the device software – those software update notices you get are to patch those weaknesses and add new features. If the device doesn’t have the latest update, it’s open to known vulnerabilities.
  • Through downloads – app downloads or clicking on links that download software.
  • SIM swap – a criminal calls your carrier pretending to be you and moves your phone number and backup data to another device.

How to Protect Yourself or Your Mobile Device

  • Download patches and software updates as they become available.
  • Only download apps from approved app stores from the maker of your device (Google, Samsung, Apple, Microsoft, for example). These apps have been through a review process to help ensure your safety and security. Some devices and applications are more security and privacy respectful than others. Be sure to do your research first.
    • Look at the data collection notice – the more data they want to collect from you, the less legitimate the app developer may be.
    • Look for apps that have high ratings from a large number of people.
    • Watch out for apps that tell you to download directly from their site instead of through a manufacturer’s app store.
  • Don’t download apps directly from a website. Cybercriminals create legitimate-looking websites with malware-filled applications for download. The only way to reduce your risk of a tablet or phone hack is to avoid direct downloads and rely on your device maker’s app store.
  • Don’t use public Wi-Fi for your mobile devices or laptop.

How to Protect Your Device If It’s Lost or Stolen

  • Report your mobile phone or SIM card-enabled tablet as stolen to your mobile carrier. The carrier can disable the service and recognize the device if someone tries to connect it to a new or different account.
  • Make sure you have the “Find My…” device enabled for your phone, tablet and smartwatch. If your device is lost or stolen and the SIM card has not been removed, you can locate the device or disable it so it cannot be used until returned. If the SIM card has been removed, that defeats the “Find My” feature.
  • Set up your lock screen to use biometrics, a password, or passcode (PIN). This will make your device difficult, if not virtually impossible, to compromise depending on the device maker.

How to Know if Your Device Was Compromised

  • You can’t make outbound calls or receive inbound calls.
  • You can’t open your device or access your apps.
  • There are outbound calls or texts not initiated by you.
  • You’re using more data than usual.
  • Your battery is draining faster than normal, but you’re still using the device the same amount of time, performing the same tasks as usual.

What to Do if You’ve Been “Hacked”

  • Pull your SIM card.
  • Contact your carrier for a mobile phone or tablet with a SIM card.
  • Be prepared to reset your phone or tablet if asked by your carrier. You can usually do this through your phone account or restore your device to the factory settings.
  • If your tablet is Wi-Fi only, contact your device maker’s support department.
  • Be careful if using a backup to restore your settings. Your backup may include malware, so consider only restoring your data and not your applications. You can reload the latest versions of your applications from the original app store.

Contact the ITRC

If you believe you have suffered a tablet or phone hack and want to learn more, contact the Identity Theft Resource Center. You can speak with an expert advisor toll-free by phone (888.400.5530) or live-chat on the company website. Just visit www.idtheftcenter.org to get started.

  • According to a new study by Coveware, cocaine trafficking in 1992 and ransomware in 2021 share similar profitability metrics; both activities carry +90 percent profit margins per unit. The major difference lies in the risk taken by the actors.
  • In 1992, every two kilos of cocaine trafficked resulted in one person arrested. Every four kilos of cocaine trafficked resulted in one person killed.
  • The survey sheds light on why cybercrimes are increasing and why ransomware cybercriminals launch direct attacks against businesses that indirectly impact individuals whose data becomes the hostage.
  • To learn about recent data compromises, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified. 
  • If you believe you are the victim of an identity crime, data breach or want to learn more ways to protect yourself from cyberattacks, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.

Say Hello to My Little Friend

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for November 12, 2021. Our podcast is possible thanks to support from Experian. Each week, we look at the most recent events and trends related to data security and privacy. This week we explore a theoretical question: which would you rather be – a drug trafficker in 1992 or one of the ransomware operators in 2021. Don’t answer just yet because we are going to do the math.

Crime in the popular culture of the 1980s and early 1990s was fueled by the cocaine trade. Crockett & Tubbs were cops running around Miami in flashy clothes and flashier cars while Al Pacino’s Tony Montana uttered the memorable catchphrase that gives us the title of today’s episode – Say Hello to my little friend.

In Scarface, as in the real world, a life of crime seemed glamorous until the shooting started. Sure, there was lots of money, but there were also some pretty serious downside risks too.

Advantages & Disadvantages of Being Drug Dealers

Coveware, the cybersecurity company specializing in ransomware recovery, has done us all a favor and compared the relative advantages and disadvantages of being a drug dealer in the early 1990s – before the rise of cybercrime – or one of the ransomware operators today.

Let’s start with our friend Tony Montana, a purveyor of the refined coca leaf.

You’re the boss and you demand your team meet certain key performance indicators (KPIs) that you use to manage the business.

Your base unit of product is the kilogram of cocaine, and you generate $60,000 for each “key” sold. That key costs you $5,000 to produce and prepare for sale, including marketing and distribution costs. That leaves you with a cool $55,000 in net profit for a margin of 91 percent. Not too bad, considering you are dealing in a cash business with no taxes.

However, there are downside risks to your upside potential. There is a 50/50 chance you’re going to be arrested and sent to prison. There is a 25 percent chance you will be killed in a hail of gunfire or by ingesting your own product. The barrier to entry is also very high since you will likely have to kill someone or several someone’s to take the top spot in your illegal pharma empire.

Advantages & Disadvantages of Being Ransomware Operators

Now, let’s look at the current crime wave sweeping the world – ransomware. You and your hoodie-wearing clan have a base unit of measurement of an attack against a company. That company may hold the data of many different companies or individuals that you hold hostage unless a ransom is paid. A single attack generates an average of $140,000 in late 2021, according to Coveware. However, the raw material cost is only $2,500. Your net income before paying your pirate’s share to your crew is $137,500, or a positive margin of 98 percent.

Like our fictional drug dealer, there are downsides to being ransomware operators. However, unlike our cocaine peddling friend, you only face a one (1) in 8,000 chance of going to jail. Your one in four chance of dying from lead poisoning as a drug dealer goes to zero, and your barrier to entry is limited only by your technical skills and a conscience.

I ask again, which would you rather be – a rich drug pusher under constant threat of arrest and death, or one of the filthy rich ransomware operators who, with decent skills and a safe harbor outside the U.S., can have a long career free from any serious threat of jail or early demise.

Findings Illustrate Why Cybercrimes Are on the Rise

This discussion is not intended to make light of the very serious issue of ransomware. Instead, it is to explain why cybercrimes are increasing and why ransomware operators (cybercriminals) launch direct attacks against businesses that indirectly impact individuals whose data becomes the hostage. It’s easy to get in the business, you can make scads of money, and generally speaking, no one shoots at you.

Until we can find a way to disrupt this business model, Thomas Anderson – respectable citizen by day – the hacker Neo by night – will continue to be the role model for this generation of criminal kingpins.

Contact the ITRC

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (Monday-Friday 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for our sister podcast, the Fraudian Slip, when we talk about protecting yourself from the latest retail fraud scams this holiday season with Julie Ferguson of the Retail Merchants Council and ITRC CEO Eva Velasquez. Be sure to join us next time for another episode of the Weekly Breach Breakdown.

  • On the Identity Theft Resource Center’s (ITRC) last Weekly Breach Breakdown podcast, we discussed our inaugural Business Aftermath Report. The report shows how data and security compromises impact small businesses. 
  • In this week’s episode, we look at what businesses can do to protect themselves. To protect your business from cyberattacks, when something bad happens, stopping the attack and restoring your systems to regular operation is the top priority.
  • Make sure team members know their role in protecting the company and themselves from phishing and social engineering attacks, as well as adopting good cyber-hygiene habits. Also, have good back-ups and patch software as soon as possible.
  • To learn about recent data compromises or small business data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified. 
  • If you believe you are the victim of an identity crime, data breach or want to learn more ways to protect yourself from cyberattacks, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.

No Small Attacks

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for November 5, 2021. Our podcast is possible thanks to support from Experian. Each week, we look at the most recent events and trends related to data security and privacy. Last week, we focused on our inaugural Business Aftermath Report findings that show how small businesses, including solopreneurs, are impacted by data and security compromises. This week we look at how to protect your business from cyberattacks.

In the entertainment business, the saying goes that there are no small parts, only small actors. In the security world, you might say there are no small attacks, only small attackers. That’s the name of this week’s episode: No Small Attacks. This week, we will talk about what you should do to protect your business from cyberattacks and prevent data breaches.

2021 Business Aftermath Report Findings

First, a brief recap of what we found in our survey of small business owners and leaders – nearly two-thirds of which had fewer than 50 employees.

  • Fifty-eight (58) percent of the small business owners or leaders reported a data breach, a security breach or both.
  • Seventy-five (75) percent of those have experienced more than one breach; 33 percent have experienced more than three breaches.
  • Forty-two (42) percent did not return to “business as usual” for 1-2 years; 28 percent required 3-5 years; seven percent said they had not returned to pre-breach performance levels at the time of the survey earlier this year.
  • Nearly 80 percent of the companies that reported a breach did so in the past two years. This coincides with the overall trend of cybercriminals focusing on vendors like smaller businesses to attack larger companies with ransomware. It also means this is likely to be a permanent condition.
  • Forty (40) percent of compromises were caused by outside cybercriminals. However, 35 percent were attributed to malicious insiders – an employee or a contractor.

That last statistic – the number of malicious employees is much higher than for larger enterprises with more tools and processes to detect bad actors. In fact, through the first half of 2021, there were zero data breaches attributed to a malicious insider in the U.S. Given this information, what should a business do?

How to Protect Your Business from Cyberattacks or Prevent Data Breaches

There is no going back to the days when small businesses could get by with minimal cybersecurity and data privacy protections. Every business owner, leader and team member should operate as if you are already under attack (because you probably are).

To protect your business from cyberattacks, when something bad happens, stopping the attack and restoring your systems to normal operation is priority number one. Once that’s done, the highest long-term priority is restoring trust among your customers and prospects. Ensuring you know what happened, why it happened, and taking steps to prevent another breach are the bare minimum actions.

Be prepared to invest in more training, more policies and more solutions. Then, communicate all of that to your stakeholders – employees, investors, customers and community. If you don’t tell them, no one else will.

Additional Tips

  • Make sure every team member knows their role in protecting the company and themselves from phishing and social engineering attacks, as well as adopting good cyber-hygiene habits. There’s no such thing as too much training.
  • Patch software as soon as updates are available and make sure you have good back-ups. If you don’t have in-house resources, hire a managed security service provider (MSSP) to handle all your routine IT and OT tasks and monitoring.
  • Require multi-factor authentication (MFA) for your team and vendors, and offer it to your customers. MFA linked to an authenticator app is best.
  • Threat actors don’t just want your money. They want your data, too. The more you have, the bigger the target you become. To protect your business from cyberattacks, practice data minimization and don’t collect more information than you need. Also, don’t keep it longer than necessary to complete a transaction. You can’t lose control of what you don’t have.
  • Know your vendor’s security posture, too. It’s not enough that you have good cybersecurity. Everyone you work with also needs protections equal to or better than yours. That’s the law in some states now, and it is non-negotiable when it comes to protecting your customers.

Contact the ITRC

The ITRC offers low-cost training and vendor due diligence for small businesses. For more information on those services or how to protect your business from cyberattacks, contact us at www.idtheftcenter.org.

Meanwhile, if you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (Monday-Friday 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for another episode of the Weekly Breach Breakdown.

  • The Identity Theft Resource Center (ITRC) recently released a report focusing on the impacts of small business data breaches. The report came to fruition after an ITRC executive posted a stat on LinkedIn from a U.S. Senator that turned out not to be true.
  • The incorrect stat, which said half of small businesses fail six months after a data breach, led the ITRC to look further into what actually happens to the companies that make up most of the U.S. economy. The findings were even more troubling.
  • According to the 2021 Business Aftermath Report, 58 percent of the small business owners and leaders reported a data breach, security breach or both. Seventy-five (75) percent of those have experienced more than one breach; 33 percent have experienced more than three breaches.
  • Private research by ZenBusiness shows only 27 percent of small businesses with employees estimated their 2020 total revenue to be more than $200,000. A hit of tens to hundreds of thousands of dollars in unbudgeted expenses or lost revenue is a big deal.
  • To learn about recent data compromises or small business data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool,notified. 
  • If you believe you are the victim of an identity crime, data breach or want to learn more ways to protect yourself from cyberattacks, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.

Telephone

Welcome to the Identity Theft Resource Center’s (ITRC’s)Weekly Breach Breakdown for October 29, 2021. Our podcast is possible thanks to support from Experian. Each week, we look at the most recent events and trends related to data security and privacy. Since this is the last business day of Cybersecurity Awareness Month, we’re going to focus on the latest ITRC report, our Business Aftermath Report. The report focuses on the impacts of small business data breaches and how small businesses, including solopreneurs, are impacted by data and security compromises.

How the Business Aftermath Report Came to Fruition

First, we want to tell you the story of how this report came to be. Back in 2019, our Chief Operating Officer, James E. Lee, posted a comment on LinkedIn that included a stat about the number of small businesses that went bankrupt due to a data breach. He got the stat from a news release issued by a U.S. Senator, so he figured that was a pretty safe bet to be accurate.

Almost immediately, a former colleague questioned the integrity of the stat and challenged James, nicely, to prove it. It turns out, the most widely reported statistic used by the media and quoted in countless online reports was wrong. So wrong that the organization that was credited with the research posted a notice on their website urging people to stop citing them as the source of the bogus information.

It was like the title of this episode, a giant game of Telephone. If you ever see a quote that says half of all small businesses fail within six months after a data breach, don’t believe it. The truth is far more troubling.

ITRC Publishes Inaugural Report on Small Business Data Breaches

With no current or accurate information on the impact of data and security compromises at small businesses, of which there are tens of millions that support tens of millions of families and individuals, the ITRC decided it was time to look more closely at what really happens to the companies that make up most of the U.S. economy.

2021 Business Aftermath Report Findings

We published our research on small business data breaches this past week, and here’s what we found based on comments from hundreds of business owners and leaders:

  • Sixty-two (62) percent of the respondents have fewer than 50 employees; 37 percent have fewer than 10.
  • Fifty-eight (58) percent of the small business owners and leaders reported a data breach, a security breach or both.
  • Seventy-five (75) percent of those have experienced more than one breach; 33 percent have experienced more than three breaches.
  • Forty-two (42) percent did not return to “business as usual” for 1-2 years; 28 percent required 3-5 years; seven (7) percent said they had not returned to pre-breach performance levels at the time of the survey this summer.
  • Forty-four (44) percent of the small businesses lost revenue or incurred costs between $250,000-$500,000; 21 percent saw impacts of more than $500,000, including five percent who were impacted to the tune of $1 million or more. 
  • Seventy (70) percent incurred debt to recover; 15 percent reduced headcount, extending the breach’s impact to more than just the business owners or leaders.

To put some of these stats into context, the U.S. Small Business Administration’s (SBA) most recent report, which reflects pre-pandemic results, shows solopreneurs average annual revenue was less than $50,000. Private research by ZenBusiness indicates only 27 percent of small businesses with employees estimated their 2020 revenue to be over $200,000. A hit of tens to hundreds of thousands of dollars in unbudgeted expenses or lost revenue is a big deal.

The data also shows a dramatic increase in the number of small businesses being targeted beginning in 2019. Nearly 80 percent of the companies that reported a breach did so in the past two years. This coincides with the overall trend of cybercriminals focusing on vendors like smaller businesses to attack larger businesses with ransomware. It also means this is likely to be a permanent condition.

There’s one final stat around small business data breaches that stands out. Small businesses have a higher incidence rate of malicious employees or contractors as the root cause of data and security breaches. Forty (40) percent of compromises are still caused by outside cybercriminals. However, 35 percent are attributed to malicious insiders.

Contact the ITRC

Next week we’ll talk about what small business owners and leaders can do to protect their business and themselves. Meanwhile, if you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (Monday-Friday 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for another episode of the Weekly Breach Breakdown.

  • Criminals claiming to be with the Internal Revenue Service (IRS) are targeting people with emails as taxpayers continue to receive the third round of Economic Impact Payments (EIP) that began in March 2021.
  • Identity criminals send messages claiming you can receive an EIP Payment. They say the IRS is sending payments each week to qualified individuals as they continue to process tax returns.
  • However, messages like these are IRS scams seeking your personal and financial information to commit identity theft and fraud.
  • The IRS will never email, text, call or send a message on social media to anyone. If you receive a message claiming to be from the IRS, ignore it. You are also encouraged to forward it to the IRS at phishing@irs.gov and note that it seems to be a phishing scam seeking your personal information.
  • To learn more, or if you believe you have received IRS scams by email, contact the Identity Theft Resource Center (ITRC) toll-free by phone (888.400.5530) or live-chat at www.idtheftcenter.org to speak with an expert advisor.

The third round of Economic Impact Payments (EIP) from the Internal Revenue Service (IRS) began to go out in March 2021. However, the Identity Theft Resource Center (ITRC) continues to receive messages about IRS scams by email, like the one below.

According to an official IRS notice, the Service is still sending EIP Payments weekly as 2020 tax returns are processed. Criminals have been striking with scams since the first stimulus package was passed in 2020. While many EIP Payments have been received, you should beware of scams asking for payment to receive compensation and remember that the IRS will never call, message or email anyone.

Who are the Targets?

U.S. Taxpayers

What is the Scam?

In the latest IRS scams by email, identity criminals send emails to inboxes claiming that they are eligible to receive a payment after the last annual calculation of their “fiscal activity.” The email goes on to say that each week the IRS will continue to send the third EIP Payments to eligible individuals as they process tax returns. The phishing emails also include a button to “claim my payment.”

What They Want

Scammers want you to either respond or click on a malicious link so they can steal your personal and financial information to commit different forms of identity crimes, including financial identity theft.

How to Avoid Being Scammed

  • Ignore emails, texts or social media messages claiming to be from the IRS. Do not respond to the messages or click on any links or attachments because they could be malicious. Acting on the IRS scams by email, text or social media could lead to having your information stolen. The IRS will not email or message anyone. Do not share any personal information, including credit card and bank account numbers, except on the official www.IRS.gov website or the representative you contacted by calling the IRS.
  • Ignore calls claiming to be from the IRS. While IRS scams by email continue to circulate, identity criminals could call you, too. If you receive an unsolicited call claiming to be from the IRS, ignore it. The IRS will not call anyone unsolicited, either.
  • Send phishing emails to the IRS. The IRS asks anyone who receives a phony email to forward it to phishing@irs.gov and note that it seems to be a phishing scam seeking your information.
  • Report the identity crime. You can report any identity fraud to the Federal Trade Commission (FTC) by visiting www.IdentityTheft.gov.

If you have received IRS scams by email, text message, social media or by phone, you can also contact the ITRC toll-free by calling 888.400.5530 or using the live-chat function at www.idtheftcenter.org. ITRC expert advisors will help you create a resolution plan with the steps you need to take.

The National Cyber Security Alliance talks with the Identity Theft Resource Center in the newest Fraudian Slip Podcast about what businesses and consumers can do to protect themselves from a cyberattack event 

  • October is Cybersecurity Awareness Month, a time devoted to discussions about keeping consumers and businesses safe in the digital world from a cyberattack event. 
  • This month we learned that cyberattacks have caused more data breaches in 2021 than in 2020. We also learned that we are fewer than 250 data breaches away from breaking the record in a single year.  
  • The Identity Theft Resource Center (ITRC) will release a new report that confirms that there is no quarter given by threat actors to small businesses, the companies that are least able to easily prevent or recover from a security breach, data breach or both. 
  • The ITRC sat down with the National Cyber Security Alliance (NCSA) to discuss Cybersecurity Awareness Month and how businesses and consumers can protect themselves from cybercrimes. 
  • You can learn more about cyberattack events, ways to protect yourself and other topics discussed in this podcast by visiting the ITRC’s website www.idtheftcenter.org.    
  • If you think you are the victim of an identity crime, you can call the ITRC (888.400.5530) or live-chat on the company website to speak with an expert advisor. 

Below is a transcript of our podcast with special guest Zarmeena Waseem, Director of Cyber Education at the National Cyber Security Alliance 

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, Audible, Amazon now.   

October is a very special month for both the ITRC and the National Cyber Security Alliance (NCSA). It’s Cybersecurity Awareness Month, the time of the year when we devote four weeks to discussions about how to keep organizations and individuals safe in the digital world from cyberattack events. 

As usual, real-world events keep reinforcing the need for all of us to be more cyber-savvy so we can be more cyber-secure. So far this month, we’ve learned that there have been more data breaches caused by cyberattacks this year than there were data breaches in 2020. We also learned that we are fewer than 250 data compromises away from breaking the all-time record for data breaches and exposures in a single year. 

Next week, the ITRC will release a new report that confirms what many small business owners and leaders already know: there is no quarter given by threat actors to small businesses, the companies that are least able to easily prevent or recover from a security breach, data breach or both. 

Joining us to talk about cyberattack events and how you can protect your business, your family, and yourself is the ITRC’s CEO Eva Velasquez and Zarmeena Waseem, Director of Cyber Education at the National Cyber Security Alliance. 

We talked with Zarmeena Waseem about the following: 

  • NCSA & Cybersecurity Awareness Month 
  • What actions businesses can take to prevent a ransomware attack 
  • What actions businesses can take to prevent a phishing attack 
  • What actions businesses can take to prevent a social engineering attack 
  • The number one action businesses and consumers can take to protect themselves 

We talked with Eva Velasquez about the following: 

  • What victims tell the ITRC today 
  • What actions consumers can take to prevent a ransomware attack 
  • What actions consumers can take to prevent a phishing attack 
  • What actions consumers can take to prevent a social engineering attack 
  • The number one action businesses and consumers can take to protect themselves 

You can learn more about cyberattack events and how to protect your personal privacy, as well as get help if you have been the victim of an identity crime by visiting the ITRC’s website www.idtheftcenter.org. You can learn more from the NCSA about how to be CyberSecure at www.staysafeonline.org.  

Be sure to join us next week for our Weekly Breach Breakdown podcast and next month for another episode of The Fraudian Slip

  • When the Identity Theft Resource Center (ITRC) was founded nearly 22 years ago, the root cause of most data breaches and data crimes involved paper. Now, it is far and away cyberattacks.
  • Phishing is the number one attack vector that leads to data breaches, ransomware second and malware third.
  • However, there are ways to protect yourself from cyberattacks. Back up your information, update your software, use strong and unique passphrases, and collect and maintain less information.
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified. 
  • If you believe you are the victim of an identity crime, data breach or want to learn more ways to protect yourself from cyberattacks, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.

The Crimes, They Are Changing

Welcome to the Identity Theft Resource Center’s (ITRC’s)Weekly Breach Breakdown for October 15, 2021. Our podcast is possible thanks to support from Experian. Each week, we look at the most recent events and trends related to data security and privacy. We also use a lot of literary references – especially Shakespeare. Today, though, we turn to a different classic for inspiration – Bob Dylan – in honor of Cybersecurity Awareness Month. October is the time each year when you focus on ways to protect yourself from cyberattacks and other identity crimes. That’s why we’re calling today’s episode: The crimes, they are changing.

The Rise in Digital Data Theft

When the ITRC was founded nearly 22 years ago, the root cause of most data breaches and data crimes involved paper. Digital data theft didn’t arrive until the mid-2000s. Even then, it was usually because someone’s laptop or external hard drive was stolen.

Not so today. Physical attacks and human errors were once the leading cause of data compromises. Today it is far and away cyberattacks. In fact, cyberattacks are so common that the number of data breaches and exposures associated with them so far this year exceeds all forms of data compromises in 2020.

Phishing is the leading attack vector that leads to data breaches. The login and password credentials stolen in these email, text and website-related attacks are often used by cybercriminals to access company networks and databases held hostage in a ransomware assault – the second most common cause of data compromises.

Malware is the third leading cause of identity-related data breaches. It is often used to exploit software flaws or penetrate networks as part of a ransomware attack or just good old-fashioned data theft. Caught in the cross-hairs of all these cyberattacks are consumers – people whose data is held in trust by organizations that are the targets of cybercriminals.

The ITRC to Release Inaugural Business Aftermath Report

We often think of data breaches and ransomware only impacting big businesses whose names we recognize. However, later this month, the ITRC will issue a new report on the impact of identity crimes on small businesses and solopreneurs – the tens of millions of companies with zero or just a handful of employees. Without giving away too much right now, the research shows more than half of all small businesses have experienced one or more data breaches, security breaches or both.

Use Good Cyber-Hygiene Habits to Protect Yourself

What are some ways to protect yourself from cyberattacks both at work and at home?  The actions must be the same. Regular listeners already know the basics of a good cyber defense. Make good back-ups of your information, update or patch your software as fast as possible, and practice good password hygiene. Do not use the same password at work and at home. Each account gets a unique, 12+ character password.

There are two additional ways to protect yourself from cyberattacks you should consider:

  1. Collect and maintain less information. If you are a business, get rid of the personal data you no longer need once you complete a transaction. The same is true for consumers. Don’t keep sensitive information you no longer need. Cyberthieves can’t steal what you don’t have.
  2.  If you are a business leader, train your teams like you’re voting in Chicago – early and often. If you’re a consumer, you can use some routine training, too. Why is this important? Cybercriminals are constantly improving their attack methods and inventing new ones. We need to make sure we know what to do to stay safe from identity scams and cyber risks, and that takes training and education.

Contact the ITRC

If you think you have been the victim of an identity crime or a data breach and need help figuring out what to do next, you can speak with an expert advisor on the phone (888.400.5530), live on the web or exchange emails during our normal business hours. Just visit www.idtheftcenter.org.

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for our sister podcast, The Fraudian Slip, when we talk more about cyber education with Zarmeena Waseem of the National Cybersecurity Alliance and our very own ITRC CEO, Eva Velasquez. We will be back in two weeks with another episode of the Weekly Breach Breakdown.