Cybercriminals are always interested in getting their hands on the identities -- and ultimately the money -- of individuals, but lately, bad actors have turned their sights to another source of illicit income: COVID-19 benefits.
At the end of last year, the U.S. Department of Labor reported that at least $36 billion in COVID-19 benefits had been stolen by criminals, mostly through fraud. Criminals have been stealing the identities of individuals and using that information to cash in on CARES Act unemployment benefits. Recently, I spoke with Fox 5 News about the unemployment scammers targeting New Yorkers.
Unemployment fraud is only the latest in COVID-related theft since the pandemic’s start a year ago. According to the Federal Trade Commission (FTC), there were 37,770 reports of COVID-related identity theft last year. Pandemic-related cyber crimes have taken a variety of forms over the past year — phishing, attacks on healthcare organizations, COVID-related sweetheart scams, and malicious domains with pandemic-related keywords — bad actors have used all these tactics to steal money, credentials, or data.
Criminals are always changing their tactics to take advantage of new opportunities, but there are ways individuals can protect themselves from being taken in by scammers and con artists.
Protecting yourself against email and social media scams
Email is a major vehicle for scammers behind phishing attacks. In recent years, cybercriminals have shifted their focus to phishing attacks in order to harvest people’s credentials. According to Microsoft, credential harvesting is up by about 70% over other types of phishing attacks, like malware.
Those emails are not always obvious. Sometimes harmful emails can appear to come from people you know and organizations you trust.
Scrutinize every email you get, especially the ones that ask you for something, like personal information. Hover over links before clicking to check the URL and take a good look at the email address to make sure it’s really coming from the email. No matter where the email is coming from, however, never enter information into forms without being sure that you're not handing over the keys to your digital identity in the process, and don’t click links that take you to a login screen.
If the sender of a suspicious email is someone you think you know, verify with them that the email is legitimate before clicking on it – their account could have been hacked. Even if they are, don’t send any personal information over email or text.
You should also be smart about what you share on social media. You’d never tell a stranger you met in real life what street you grew up on, when you’ll be out of the house, or who your family members are. You might, however, accidentally share these details with complete strangers. People often inadvertently overshare online.
Be cautious about what you share and who can see it; your publicly available information could be used to find answers to security questions or learn your routines and location. Check your privacy settings to make sure information like your birthday, family members, and employer isn’t visible, and set up alerts to notify you when the account has been logged into elsewhere.
Guarding your apps and devices
Any software you’re using on your computer or your devices is patched regularly by the company to close security loopholes, but many users don’t update those apps immediately. About 38% of users say they update apps “when it’s convenient.” Criminals rely on security loopholes to get valuable information, and they’re counting on users to forget or postpone updates. Make sure that all of your systems are running the latest version of applications, up to date with the latest patches, and that they are running antivirus software.
Passwords are just as critical as updates. A Google/Harris poll found that 52% of people reuse passwords across multiple sites while 13% use the same password on all their sites. Criminals know this too, and when they get a hold of one of your passwords, rest assured, they’ll try it on the rest of your sites.
To keep track of multiple unique passwords, use a password manager. Don’t write them down, share them or use combinations with any of your personally identifiable information in it. Instead use password phrases, like song lyrics or words with numbers in them.
Information security is about all information – even paper
There’s a misconception in the general public that information security is solely concerned with digital information, but cybersecurity and information security are not the same. Information security concerns all information, and that includes data that isn’t necessarily online, like a lot of the perceived junk mail that gets sent to your house.
Many consumers simply toss out credit card statements, bank account statements, notifications regarding other accounts, and credit card offers. But putting those pieces of paper directly into the trash isn’t safe. Criminals aren’t above going through your trash or your mail, and mail from banking institutions may contain enough information to convince someone over the phone that a criminal is you.
Pick up your mail, don’t leave it visible on the seat of your car, and shred your mail before throwing it out or recycling it. If you don’t, you might put your personal information into the hands of thieves.
This is also true for electronic devices, like an old iPhone. Make sure you are properly discarding computing devices that may have your information stored on them — hundreds of thousands of phones are improperly discarded every year in the U.S. alone, and Consumer Reports finds that 40% of users aren’t erasing their data.
Monitor your finances
It’s important to keep tabs on your finances, as that’s what bad actors are after. A Lexington Law survey found that 18% of people check their bank accounts less than once a month, leaving themselves vulnerable to unnoticed financial activity on their accounts.
Get in the habit of checking bank and credit card accounts as often as works for you, but at least monthly. If you notice anything, notify your financial institution immediately. Set up fraud alerts to notify you when a suspicious purchase is made on your accounts. If you plan to go on vacation, call your bank to let them know where you’ll be. Watch the news for data breaches of banks, retailers, credit agencies, and other companies that store customers’ personal information so you can act before someone has a chance to use your data.
You should also guard your credit, placing security freezes and fraud alerts on your credit reports at all three major credit bureaus. This prevents lenders from looking at your credit report except for the companies that already have a financial relationship with you, as well as some government agencies and exempt entities.
By being proactive, you can protect yourself from criminals who are after your identity and your finances.