It seems like it happens on a weekly or monthly basis that you hear about a data breach that effects millions of accounts or someone whose account has been hacked. A single breach or hacking may not be enough to steal your identity or break into your bank account but it can definitely make you more vulnerable.
Why it matters
Hackers and other unscrupulous people lurking around use the information in multiple different schemes. They use it to invade your accounts and drain them or present themselves as you to create fraudulent accounts and pose as you.
One thing they can do with the information is create dark web profiles called “Fullz” that may contain more information about you than you realize. They can then use that information (that can be compiled from multiple breaches) to compile enough of your personal information to steal your identity or they sell the information to others so they can do the same.
Another popular thing the hackers will do with the information from a data breach is to test your username and password on other popular services to see if they can gain access to them. Things like big banks, popular entertainment services are the target of these types of attacks and they can get in and take your money, run up bills, access more of your information or simply get free access.
How can you try to prevent it?
If you find out that you have been the victim of a Data Breach there are a few things you should do. One of the first things you should to is change the password of that account to a unique password and also change the password of any accounts that may have used the same username (or email) and password combination. The next thing I would do is determine what information in that account could be used to gain access to my financial or other personal information (that isn’t generally out in the public). I would also monitor my credit report or have some sort of identity protection in place ( I use ID Shield) to make sure there is not any abnormal activity on your accounts.
What About if I am Targeted?
Preventing your passwords from being hacked by the main forms of target attack (meaning they are trying to break into your account specifically vs them gaining your information in a breach) takes some discipline on your part. Lots of Targeted Attacks work because they take human error into account and the easiest and most common way for a hacker to gain access to your accounts is for you to give it to them.
Different types of targeted attacks are:
Social Engineering – Hackers who try to gain access using the weakness that everyone has… Human Psychology. These attacks try to use a wide variety of media, social social media or even phone calls. Attackers trick people into offering them access to sensitive information. Typical types of attacks include Phishing, Baiting, and a newer one called Shaming.
Brute Force or Dictionary – Hackers use a computer program that’s configured to attempt entry by trying usernames, along with millions of password combinations. If they already have your username from a data breach or other method it makes it exponentially easier for them to gain access.
Tips to help Protect from Targeted Attacks.
- Do not use the same password, security question and answer for multiple important accounts such as banking or other accounts that have financial information contained in them.
- Change your passwords every 10 to 12 weeks.
- Do not tell your passwords to anyone. If you do have to give out your password do not do it in an email or text message.
- Use a password that has at least 16 characters but is not found in a dictionary. Use at least one number, one uppercase letter, one lowercase letter and one special symbol. Example of strong passwords are twAh+4S@-6wEZ$QB or JN55mNtESy%XPF&e
- Do not use the names of your family, pets, zip-code, house number, phone number, birthday, social security numbers or other information that is public in your passwords.
- Do not allow cloud services or your web browser store your passwords. Passwords saved in certain cloud services and web browsers can be easily revealed.
- Do not log in to important accounts on shared computers or when connected to public Wi-Fi.
- Turn on 2-step authentication whenever possible. Close your web browser when you leave your computer.
- Access important websites from bookmarks or directly. Do not reset your password or access a website through a link in an email or text message.
- Protect your computer with firewall and antivirus software. Make sure your software is the most up to date version available.
- Keep the operating systems and Web browsers of all your devices up-to-date by installing the latest security updates.
Conclusion
The first line of defense from having your identity stolen online is you. You need to be vigilant about the safekeeping of username and passwords. You should try to keep up to date on what hackers are trying to do. If something seems fishy in an email or text, close it. Do not download programs or files or click on links from untrusted sources. You can minimize the chance that being hacked or the effects of it can be harmful to you.