Due to concerns over COVID-19, more people than ever are working remotely or are furloughed temporarily. With World Backup Day coming up on March 31st, it is more important now than ever to talk about data security and backing up important systems. Usually, this is just a day set aside to understand more about personal privacy, cybersecurity and identity protection. This year, there is an additional focus on some of the lesser-known reasons for backing up those files.

Start with Strong Passwords

For many newcomers to the world of telecommuting, the tools that make it possible can be a little confusing. For World Backup Day this year, people can start by making a lockdown of their information a priority. Now is the best time to change the passwords on sensitive online accounts and to make sure that they are all strong and unique. This will help prevent data loss if a hacker takes over any accounts.

When thinking of a strong password, it’s okay for someone to make a fun passphrase. For example, the letters that spell out a favorite song or movie + the name of the account or service it provides (such as “Gmail” or just “email”) + a number that might mean something only to the person, like the first year their team won a championship or the year they got their driver’s license. Consumers can then repeat the process, changing portions for every unique account. Throw in a symbol or two, it will be virtually unguessable to a thief while giving the consumer an easy way to remember it.

Conduct a Privacy Checkup

Next, on to security settings. People should go through their apps and favorite websites, especially social media sites, and make sure their privacy settings are set to a comfortable level. If that was last done when the account was first established, it’s long past due time for a checkup. While people are at it, they can also back up all of their pictures and videos, any game information or recipes and anything else that they might have tucked away in an app but do not want to lose.

People should also back-up their smartphone or mobile device. By backing up all of their special photos – from their phone, their camera’s memory stick and their laptop – and securing them on an external storage solution, they will be protecting them from harm. Bonus: pass the time reminiscing while sifting through pics while saving them.

The Final Round

Finally, it’s time for people to look at their important documents like tax records, scanned images of paperwork they might need, any medical records that might have been emailed to them, and more. By saving all of those critical files to an external source, consumers will be better prepared to stop a ransomware attack. If a consumer is ever infected with ransomware, rather than paying the hackers money, they can put it towards safeguards knowing that all of their important content is safe.

Good Identity Hygiene Means People Can Relax a Bit

Even if people are not leaving their homes these days, they still need time to relax. So, kick back, settle in on the couch with a snack and favorite binge show and clear out the DVR if they have one. They can save anything they want to keep for later but can get rid of the rest and make room for more great content. While settled in, people can also pick up their phone and get to work backing up their stored data. They will be glad they did if something happens to their phone.

For more tips, hints, stats and other important points, consumers can check out this link to World Backup Day.

If you think you may be a victim of identity theft or need tips to help protect yourself, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. You can also live chat with one of our expert advisors. Find more information about current scams and alerts here. 

You might also like…

As the COVID-19 pandemic continues to grow and seriously impacts everyone across the country, so do the number of COVID-19 scams that will pop-up trying to get access to personally identifiable information (PII) and finances. It can be difficult to decipher which emails, phone calls, social media posts or text messages are scams versus legitimate ones. Scammers will always take advantage of new opportunities in a time of crisis like evictions and foreclosures assistance, unemployment benefits, stimulus payments, etc. Here are some tips to help navigate those emails, text messages and voicemails:

Go to the source

Unsure if something is legitimate? Go to the source of the potential assistance. That means if the offer of unemployment benefits seems to be uncharacteristic, go directly to the employment development department and check their website. If it has to do with housing – whether that’s eviction or foreclosure assistance – head to that source (local housing commission, banking institution, etc.). Don’t trust an inbound message that isn’t verifiable.

Unsure of how a fraudster might try to get consumers to self-compromise?

Based on experience, the ITRC anticipates that they will give these a go:

1. Government Checks: Consumers receiving an email or phone call from someone that claims they can ensure a check from the government for an individual right now; it is likely a COVID-19 scam. The government is still working on the details of how these funds will be made available as of the original date of this post. For specific details, consumers can always visit local, state or federal government websites to get the most accurate information.

2. Asking for Verification of PII: If someone calls asking for a Social Security number, driver’s license number, credit card number or bank account information, it is a high probability that it is a scam. Say “K, Bye”, hang up and call the company directly to see if the offer is legitimate. If it is real, they will have a record of the calls and offers that were made.

3. Pay Upfront for Government Assistance: The government will not ask consumers to pay upfront to get any of the relief money. Scammers have attempted this before with the “Federal Government Empowerment Money Program” scam.

4. Social Media: If consumers receive messages on a social media platform claiming to be the government for anything regarding COVID-19, anticipate that this is a COVID-19 scam, too. Report it to the social media platform and block the sender. The government does not contact individuals through social media. Additionally, posts or messages enticing individuals to “sign-up” to receive more information on how to get access to more information or funds should be considered gateways to compromising PII.

5. Emails: There are loads of phishing emails under the guise as COVID-19 help. If an email arrives that wasn’t expected, ignore it and go directly to the source to determine whether or not it is legitimate. Under no circumstances should consumers click on any links or open any attachments from unanticipated emails or texts. COVID-19 scams via phishing emails are going around right now attacking both businesses and consumers.

6. Phone Calls: COVID-19 phone scams are beginning to gain steam and something else consumers should be aware of. The advice for phone scams is pretty similar to email scams. Don’t answer calls from numbers you do not recognize and do not return calls from voicemails if you aren’t completely sure from whom the call originated. Should a call regarding COVID-19 assistance inadvertently get answered, say “K, Bye!,” hang up and directly call the source. Verify the legitimacy of the call.

7. Grandparent Scams: Grandparent scams have been around for a long time and play on the fear of loved ones. Recently, scammers have been posing as family members that are sick and need money to pay their medical bills. It is important for people to resist the urge to act, no matter how dramatic the story is. People should also never make a payment over email or the phone to someone they were not expecting to hear from. Instead, they should hang up and reach out to the mentioned loved one directly to see if they are okay.

Scammers Take Advantage of Public Events

Every time there is a crisis, natural disaster or newsworthy event, expect scammers to come out in full force looking to take advantage and play on the public’s fear of the unknown. It is important to not let scammers take advantage of us while scared and unsure of what to do. These tips should help reduce the risk of falling victim to a COVID-19 scam.

Contact ITRC For Free Assistance

You can call the Identity Theft Resource Center toll-free if you think you may have been a victim of any type of scam at 888.400.5530. You can also live chat with one of our expert advisors for assistance.

Don’t forget to download the ITRC’s ID Theft Help App to help in managing your identity crime case should you find that you are a victim of a scam.

Read more:

As news of a COVID-19 outbreak continues to grow, companies large and small are requiring more employees to work from home in an effort to create social distance. However, that is leading to an increase in the risk of COVID-19-related cyberattacks.

Potential Risks of Teleworking: Higher Rates of Phishing/Cyberattacks

With more than 10,000 breaches tracked since 2005, the Identity Theft Resource Center anticipates a rise in the cyberattacks on business infrastructure as more of their employees potentially work remotely from home. In 2019 alone, “hacking” accounted for 39 percent of all breaches.

Working Remotely Cybersecurity Tips

While people are working remotely, especially during an event like the COVID-19 outbreak, it is critical they follow the same security policies at home that they would at work.

1. Update all of your software including the operating system (Ex: Mac, Windows, Linux, Chrome) & applications; turn-on “auto-update” if you have not already

Hackers use known flaws that have not been fixed to break into business networks and home accounts. Keeping software updated prevents many attacks.

2. Add a stronger passphrase to your home Wi-Fi & wired networks

Many home wireless routers (and other Internet of Things or IoT devices) have easy-to-guess default passwords. Update them to stronger passwords, or use an even stronger passphrase (see below).

3. Update account passwords to a passphrase of at least 10 characters and give each account a unique passphrase you can remember

Gone are the days of changing our password every 30 days and Us1ng a C0mP1ex set of characters as your password. Current recommendations are to use a memorable phrase that you can easily remember – like a book title or movie quote.

4. Keep your work passwords and personal passwords separate to limit the potential of “credential stuffing attacks”  

Hackers use stolen passwords from data breaches to break into computer systems because they know the vast majority of people reuse the same passwords for both work and home accounts. Using the same password for your work accounts as your personal accounts could translate into fraudsters gaining access to one from the other.

5. Do not click on any email, attachment, text, social media post or weblink unless you know the source is real

Phishing attacks are not just for email anymore. And, hackers use near-flawless copies of real materials to fool people into clicking on the fake, but dangerous links or attachments.

6. Check websites and email addresses thoroughly to ensure it is the actual address of the company who sent it

The best way to avoid a phishing attempt is to verify the web or email address to make sure it comes from a legitimate company.

7. If anyone asks for personal data related to COVID-19, it is probably a scam

Scam artists take advantage of vulnerable people during times of crisis and they are using the current COVID-19 pandemic to get the attention of people online and on the phone. Never give personal information to any person or organization that contacts you unsolicited. 

ITRC is Available for Questions & Assistance

The Identity Theft Resource Center, based in San Diego, is operating at limited-capacity during the COVID-19 outbreak to ensure the health and safety of our staff, their families and the community. The ITRC will continue to assist individuals across the country who are victims of identity crime, data breaches and identity-based scams, including COVID-19-related scams. We are here for individuals and businesses who may have questions or need assistance with these scams. You can reach one of our expert advisors via our website Live Chat, toll-free phone number (888.400.5530) and email (itrc@idtheftcenter.org).

You might also be interested in…

Is This a Census Scam?
Fake Vendor Emails on the Rise 
Coronavirus Business Scam Targeting Employees 

There are more remote workers now than ever, either as telecommuting employees or freelancers. At the same time, more businesses than ever before are relying on these hard-working individuals to keep their companies in operation. The end result is people who don’t work in your building—or even live in your city—and who have never laid eyes on the boss may be the best line of defense when it comes to protecting your business from cybercrimes.

These remote workers can turn out to be the weakest link in the business cybersecurity chain. With their access to company servers, their connection via email to the onsite employees’ network and the fact that they are typically utilizing their own technology—whether it is virus-protected or not—these outsiders could be the avenue that savvy hackers use to deploy their malicious tactics.

Going through an outside source is nothing new for hackers. In fact, the infamous Black Friday breach of Target’s payment card system in 2013 happened because hackers sent a phishing email to a small HVAC repair company. This company had the contract to work on a number of Target locations in its area, and as such, had been connected to Target’s computer network. When hackers tricked an employee of the HVAC company into downloading malicious software on the smaller company’s network, they were able to infiltrate all of the POS systems for Target on the biggest shopping day of the year.

How can a company know that its outside freelancers or remote workers are not falling for phishing attacks? How will they know if those employees’ personally-owned computers and devices are password protected and have antivirus software installed? Without a system of checks in place, businesses are leaving a lot up to chance.

There are a lot of other hidden pitfalls these remote workers and companies face, as shown here, but fortunately, many of the same preventive measures that protect individuals can also protect businesses. Here are some tips on the employee’s end that can reduce the risk of a breach:

  • Locking down your Wi-Fi and your accounts with strong, unique passwords is crucial, and regularly changing your passwords is a good idea
  • Enabling two-factor authentication is a good idea too, as it can keep hackers out of a lost or stolen smartphone or laptop
  • Be sure that antivirus software is installed and up-to-date at all times, and consider using a VPN to hide your information when you are working online

For businesses and employees alike, the most important steps to take involve learning to spot the signs of suspicious activity. Know how to recognize a phishing email, and know what the proper steps are to avoid becoming a victim of a phishing attack. Make it a policy and all-around good habit to never click on a link, open an attachment or download a file that you were not specifically expecting. Create a workspace that rewards employees for verbally confirming even the simplest of commands and requests if there is any doubt that they are legitimate.

Companies have to work together from the top down to create a safe, effective workplace. Avoiding business cybersecurity issues can only happen when everyone works together and knows how to be safe.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.

For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

In what has become a frequent event, another company has fallen victim to exposing their sensitive company information to the entire internet, all because they failed to password-protect their web-based storage system. LimeLeads, a San Francisco-based company that matches individuals and businesses with potential leads, left its internal database of users unsecured. The LimeLeads overexposure was discovered by a hacker, who downloaded it and sold more than 49 million of the users’ information online.

This type of overexposure continues to happen because many of the systems that offer cloud-based or web-based storage to their customers have the password setting off by default. That might seem like a bad idea, given how many times in recent months this very scenario has happened. However, there are important reasons for not automatically locking everyone out of the system, especially when the company is transitioning to this service. As soon as the transition is underway, that default setting should be changed immediately to a password-protected setting.

Instead, too many companies leave it unprotected, never changing the default, which is what led to the LimeLeads overexposure. That means literally anyone who knows to look for it—or just gets curious and starts browsing around online—can find both the storage bucket and the contents. In this case, a security researcher who routinely looks for unsecured databases discovered it. Unfortunately, they did not discover it before someone else got to it first.

According to ZDNet, a hacker who goes by the name Omnichorus also stumbled upon the database. They then downloaded the contents and posted it for sale on the Dark Web. In many other events like the LimeLeads overexposure, the companies were lucky. They never found evidence that anyone else (before the security researcher who reported it) found or used the information.

Unfortunately, any time personal data is collected and stored, it is the responsibility of the new owner to keep it secure. The LimeLeads overexposure amounts to a data breach, despite the unintentional nature of the event, and those users’ records have now been compromised. Businesses must make comprehensive computer training and updates a priority in order to prevent issues like the LimeLeads overexposure.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live-chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.

For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

A Golden Entertainment phishing attack is forcing the gaming company to see if any exposed information has been used in a harmful way and to look at ways to protect employees from possible attacks in the future.

There are many different ways that hackers can strike. From infiltrating entire networks to installing viruses and malware, their methods are varied and unfortunately, quite effective. A newly announced breach of one company’s employee email accounts shows how simple and effective it can be.

In what seems to be a phishing attack, hackers sent an email to an employee of Golden Entertainment, a company that manages casinos, distributed gaming venues and more. The email enticed the employee to follow through with some sort of instructions, which have not been released. Those instructions could have been to open an attachment, download a file, click a link or any other avenue that the hackers chose.

The end result was that the email contained malicious steps that gave the hackers access to email accounts for the employees. The report states that the unauthorized user(s) may have visited that account more than once throughout an eight-month period. As such, they were able to access sensitive emails, including some that had attachments. Those attachments included complete customer identities for some clients, including payment card data, Social Security numbers and much more.

The company has not found any evidence that the affected customers’ information was used in a harmful way, but they are being very cautious about their investigation and resulting steps.

The Golden Entertainment phishing attack is just another reminder that all companies, no matter how big or small and no matter what industry they are in, should have comprehensive employee training on how to respond to emails, messages and social media posts. Those trainings should include instructions on never opening an attachment or clicking a link that was unexpected, even if the email appears to come from a trusted sender. Instead, the employees should verify the instructions verbally before complying.

Failure to do so can lead to cybercrimes such as hacking, account takeover, ransomware and identity theft, as seen in the Golden Entertainment phishing attack. The high costs of the aftermath of these attacks can make anyone wish they had simply never clicked. Be sure you are doing all you can to protect yourself from attacks like the Golden Entertainment phishing attack by being able to spot a phishing attack and reporting it to your employer.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live-chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.

For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

There are a lot of different kinds of identity theft. One common form is a social media hack, which involves a hacker taking over control of your social media accounts. Compared to some of the other ways an identity thief can wreak havoc with your personally identifiable information, it might not seem like a big deal. However, as a number of high-profile individuals and businesses have discovered, it actually is.

A social media hack can allow the thief to post any kind of messages that appear to come from you. They may be offensive in nature, sharing sensitive or untrue personal details and more. This can have repercussions with your employer, family and friends.

Beyond just damaging your reputation, access to your social media accounts can also lead to access to other accounts. Any website or app in which you used your Facebook, Twitter or Google connection to sign up and login can potentially be taken over once someone has control of your social media account.

A social media hack is a great way to spread malware and snare other victims. If you were to suddenly post a link on your Facebook page to something that promises to be interesting or fun, how many of your followers would click it? If you sent out private messages on these platforms to your friends and family members, how many of them would respond? All the hacker has to do is pretend to be you when they post or send these harmful messages.

There are a variety of ways criminals get into accounts, and even more ways that experts have not discovered yet. When Twitter’s own CEO Jack Dorsey had his account hacked, it happened through porting his phone number to a different cell phone. Either by hacking the cellular provider or getting an employee at the cellular company to do it, the hackers gained access to Dorsey’s phone and his logins.

However, when the NFL and numerous pro football teams had their Twitter and Instagram accounts taken over by hackers, the criminals broke in through a third-party platform. By compromising the email account for an employee of the third-party platform, hackers were able to gain access to these major accounts via a tool that measures engagement. Since all of the affected teams within the organization use the same tool to keep up with the data on their tweets and posts, breaking in was very useful.

No one is immune from a social media hack, even if you are not a celebrity or a major organization. It is important to protect yourself with strong, unique passwords, multi-factor authentication tools if you can use them and not leaving your social media apps logged in on your phone unless you have to. Also, changing your passwords frequently is a good idea, just in case hackers manage to grab outdated login information. Do what you can to keep yourself safe from hackers who are looking to land you on the wrong side of a social media hack.

 Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You may also like…

Identity Theft Resource Center®’s Annual End-of-Year Data Breach Report Reveals 17 Percent Increase in Breaches over 2018

Scam Alert: FedEx Delivery Text Scam

Scam Alert: Australian Fire Fundraising Scam

After much debate, it turns out abbreviating 2020 is not dangerous after all. When something gets posted online, there is a good chance that it can take on a life of its own. That seems to be what happened to an interesting tidbit of advice, posted by a Twitter user at the start of the new year. The advice said that you should not abbreviate the year (writing “20” instead of “2020”) due to fraud and forgery concerns because someone could add additional digits to the end of your “20” and change the year on your document.

From there, the advice about abbreviating 2020 not only went viral but it also somehow grew in magnitude and severity. The information has now been shared by police departments and other experts in different parts of the country. Some reports even said that authorities have issued a warning.

Fortunately, this seems to be a very small cause for concern. Someone could add their own two digits to the end of the date if you simply wrote “20,” changing the date to “2007,” for example. However, you have to ask yourself how that would benefit someone and what harm could it actually do to you.

Luckily, a well-thought-out explanation of the risks and worries of abbreviating 2020 can be found here. The only documents that could really be negatively impacted by abbreviating 2020 would already have the type-written date beside the signed date. Other documents, like some tax return forms, already have the precise number of blanks for you to write the date. However, your checks, for example, are not really in danger; after all, how does it benefit a thief to change the year on a check?

There are some really important reminders that come from this story, and they are relevant no matter what year it is.

  • Some viral posts are nothing more than a hoax, and others like this one start out as a gentle warning. That does not make them dire or dangerous
  • People tend to share posts that seem to be great advice on the surface—such as the infamous “Facebook is going to start using your photos unless you copy and paste this onto your wall right now!” hoax—but those posts can sound scarier as they make the internet and social media rounds
  • Good habits should not be ignored

The good habits you develop to protect yourself can actually help you in different ways. It does not hurt anything to write out “2020” instead of just the last two digits. And if writing out the year makes you more aware of your privacy and the need to protect yourself, then, by all means, write it out.

Other good habits to focus on this year include avoiding phishing scams, not sharing social media posts that are not fact-checked, maintaining strong password security and hygiene and monitoring all of your accounts for any signs of suspicious activity. If any of those habits are not clear, check out the information at the Identity Theft Resource Center’s helpful website to learn more about how to protect yourself this year. Be sure to follow the ITRC on Facebook and Twitter for up-to-date information as well.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

A PayPal vulnerability in the login system was recently discovered by a white-hat hacker, allowing the company to create a patch for the problem. When we picture highly-skilled hackers at work, we might think of darkened rooms and faces peering out of black hoodies, lit by the glow of several computer monitors. At least, that is how Hollywood portrays these criminal masterminds who can break into a secure network from anywhere in the world and cause harm.

Fortunately, that is not often the reality. In fact, a number of hackers—the so-called “white-hat hackers”—like to sift around in a major company’s security defenses just to see what they can find. The company might pay them handsomely as a reward.

That was the case with a recently patched login vulnerability at PayPal. A hacker discovered that the Java script in the login page could potentially allow unauthorized outsiders to access accounts. Alex Birsan then reported the issue to PayPal and publicly disclosed it, for which he received over $15,000 from the company.

The method involved in accessing an account without authorization is so roundabout that PayPal has no reason to think anyone actually accomplished it. According to the company, an unsuspecting user would have had to go to PayPal by first clicking a button on a malicious website and entering their credentials to take advantage of the PayPal vulnerability. Then a hacker would have had to access the Google CAPTCHA that verifies the users’ identities on certain accounts. Still, there is no reason to leave a vulnerability unchecked, and PayPal created a patch for the PayPal vulnerability.

While PayPal users do not have to do anything to install this patch—since the issue was with PayPal’s own site, not downloaded user software—this is a good reminder that any time a vulnerability is discovered and a patch is issued, that patch will not be useful unless it is implemented. If the PayPal vulnerability had involved user software or apps, you would not be protected if you had not installed the latest update.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…