Our lives are increasingly digital. We shop, socialize, communicate, watch TV and play games — all from the comfort of our desktop, laptop, or mobile device. But to access most of these services we need to hand over some of our personal data. Whether it’s just our name and email address or more sensitive information like Social Security and credit card numbers, this sharing of what’s known as personally identifiable information (PII) exposes us to risk. Why? Because hackers are looking for ways to steal and monetize it.
The latest FBI Internet Crime Complaint Center (IC3) report, recently released, paints an accurate picture of the scale of these online threats. Personal data breaches were among the top the reported cybercrimes in 2018, with 50,642 victims listed. They were linked to losses of over $148.8m. This is likely just the tip of the iceberg, as many incidents aren’t reported. Identity theft, which usually results from data theft, cost victims over $100m last year. And phishing attacks, which are commonly used to trick victims into handing over sensitive PII and passwords, accounted for over $48m in losses.
The message is clear: consumers need to take urgent steps to protect their most sensitive identity and financial data from online attackers. That’s why Trend Micro has produced this guide, to help you identify where your most sensitive data is stored, how attackers might try to steal it and how best to secure it.
What is at risk?
The bottom line is that hackers are out to make money. Although they can do this via online extortion and ransomware, it is most commonly done via data theft. Once they have your PII and financial details they sell it on dark web sites for fraudsters to use in follow-on identity fraud. They could use banking log-ins to hijack your bank account and drain it of funds. Or they could open new credit cards in your name and run up huge debts.
Identity fraud is a growing threat to US consumers. It affected 14.4m of us in 2018, leading to losses of $1.7bn — more than double the 2016 figure.
As we’ve mentioned, the hackers are after as much PII as they can get their hands on. The more they have, the easier it is for them to stitch together a convincing version of your identity to trick the organizations you interact with online. It could range from names, addresses and dates of birth at one end to more serious details like Social Security numbers, bank account details, card numbers, and health insurance details at the other.
Most of this information is stored in your online accounts, protected by a password, so they will often put a great deal of effort into guessing or stealing the all-important log-ins. Even accounts you might not think would be of interest to a hacker can be monetized. Access to your Uber account, for example, could be hijacked and sold online to offer free trips to the buyer. Or your Netflix account log-ins may be sold to provide free streaming services to whoever pays for them.
Now, hackers may go after the firms directly to steal your personal data. In the past we’ve seen mega breaches at the likes of Uber (affecting 57m global users) and Yahoo (affecting 3bn users). But they might also target you individually. Sometimes they may use information they already know about you to trick you via phishing into handing over more, as with tax fraud and sextortion blackmail attempts, and sometimes they might use already breached passwords to try and hack into your accounts, hoping you reuse the same log-ins across multiple sites.
While you’re most likely to get reimbursed by your bank eventually for financial losses stemming from identity fraud, there’s a major impact beyond this. Online data theft and the fraud that follows could lead to:
How do they steal it?
There are plenty techniques the bad guys have at their disposal to part you from your data and money. They’re supported in this by a vast underground cybercrime economy, facilitated by those dark web sites. This not only offers a readymade platform for them to sell their stolen data to fraudsters, but also provides them with hacking tools, advice and cybercrime services. This black market economy could be worth as much as $1.5tr per year.
The hackers may choose to:
How can I secure it?
The good news is that there are plenty of simple things you can do to keep your data safe and secure — most of them free of charge. Consider the following: