A lot of people ask why they should be so concerned with privacy when they are online. They get the bank account thing, but as far as their email accounts, for example, they usually argue they aren’t sending state secrets and there is nothing in their correspondence that would be illegal, embarrassing, or fattening. Well, probably true. But let’s think about one example that suggests you need to be worried about privacy: your personal email account.
First, Your email contact list has the contact addresses of business accounts you may have, alerting hackers to the names of banks and other firms with whom you may have an account.
Your email account also has a contact list with the addresses of friends and colleagues. Hackers can steal your contact list to send phishing emails to all of your friends and contacts under your name. At best this is embarrassing. At worst, you might have some friends angry because they opened the fraudulent link you “sent” them and downloaded malware or ransomware. Awkward!!!
Secondly, your email address is routinely used as a login in for many social media sites, as well as video sites, retail, travel sites, etc. Once hackers have your email address, they can then use the reset password button to reset your password and suddenly… they are into your account.
We also often notice a similar lack of privacy awareness from clients about social media accounts. Why be so worried about privacy settings on a social media site, such as Facebook? Here is one reason to be concerned: Facebook usually has your birthday, a critical piece of data for identity theft. Think of the number of your Facebook friends for whom you get a notification that “Today is their birthday. Wish XX Happy Birthday.” We also post to our high school and college alumni pages, providing more specific information that can help with identity theft.
Did you know?–your manager may look at your Facebook account and learn things about your personal life that you might prefer they not know. Also, annual surveys of employers indicate that between 60%-70% of all recruiters look at an applicant’s social media accounts in the
hiring process.
So where are we? We determined that online privacy is more important than you may have originally thought. With that in mind, we get to the first line of defense of online privacy and data protection. The password.
Passwords are the initial gatekeepers to your online privacy. If you are like most of us, you probably are sick and tired about hearing about password security. That demand every three months from your financial institution that you reset your password is SUCH an annoyance. So why the concern about password safety? Does it really matter?
As noted above, passwords can give access to sites you might consider full of relatively benign information, such as Facebook, Twitter and Instagram. However, they actually contain a lot of information useful for identity theft.
And of course, passwords restrict access to important information that every cybercriminal is interested in: your financial data. Your savings and checking accounts, IRA brokerage accounts, as well as all of your credit cards. Not to mention if you pay your utility bills online. A utility bill is often a required piece of documentation when taking out loans.
Password theft.
Passwords can be stolen in a number of ways.
1) Viruses that are downloaded from a phishing email or a visit to a corrupted website may allow the tracking of keystrokes. Very shortly, the hacker has identified the login and password information to almost every site you visit. These types of malware are especially insidious as they lurk in the background and don’t provide the user any identifiable hint that they are on the computer.
2) Similar to the above are password-stealing trojans that take advantage of web-browsers that have auto-fill capabilities. This refers to a browser’s feature that offers to remember your login information to every website you visit and auto-fill when you return, saving you the nuisance of finding and re-entering the info each time.
3) Emails can also be “guessed.” Password crackers use tools that try to break the password with blunt force, essentially running combinations of characters until it hits the right one.
4) Then there is always laxness on the part of the user. You may rarely change your password, or for convenience, use the same password for all of your accounts. At work, you may leave a page open on a shared computer or give a password to a trusted colleague for the convenience of not having to log in again and again on a shared computer.
5) Phishing is one of the most popular and successful tools out there. Using social engineering, they trick the user into thinking they are getting a request from a legitimate site, the vendor they have used, etc. There is a link to a fraudulent website that is almost identical to the real one and it asks for a password. Or else there is a link available that, once opened…that cat is out of the bag.
With all of this in mind, you still may be tempted to take shortcuts, simply because you suspect you aren’t a good target or the nuisance factor is pretty high. So…let’s take a look at some of the impacts of having your identity hacked or your accounts being broken into.
The impact of cybercrime on an individual.
The severity of cybercrime varies depending upon what has been stolen. It can be as limited as one-time fraudulent charges to a credit card or as severe as the use of a Social Security number to file for tax refunds with the IRS, open credit card accounts, and take out loans.
Your credit rating: If your identity is hacked, credit cards are opened and used in your name, or tax refunds are filed fraudulently. This can damage your credit rating. Aside from the long and tedious process of trying to get your good credit name restored, this could mean higher loan rates should you wish to apply for a home mortgage, vehicle loan or line of credit.
Tax refund fraud: If a criminal has access to sufficient information they can file for a tax refund if you are eligible for one. If they file a fraudulent return before you get around to it, they get the refund, and then you have to start the arduous task of setting things right with the IRS and your state tax office. This can be a long-drawn-out process that can consume hours and hours of your time.
Credit and debit card fraud: If your credit cards are used fraudulently, even if the credit card company has a zero liability protection policy (You aren’t liable for bad charges) the account will likely be frozen for a period of time. Not convenient if you are out of town on holiday or on a business trip. Also, debit cards and some business accounts come with less protection, and you may be out on some or all of the charges.
Ransomware charges: Ransomware is a virus that locks up your data and then blackmails you to unlock it again. Ransomware is an especially pernicious virus as the infection cannot usually be circumvented. In most cases, your data is lost unless you pay the “charges.”
Personal Embarrassment: Sometimes hackers want your email to gain access to your contact list and may send out phishing emails to everyone on your list under your name. Similar embarrassing spam posts may appear on your Facebook or Twitter account.
