Mark Pribish

Don't make computer passwords a passport for ID theft criminals

By Mark Pribish
Vice President and ID Theft Practice Leader

I wish it was easier to create complex passwords that are difficult to crack or be able to use many different ones so if one is stolen, the ID theft damage is limited. Like most Americans, creating and maintaining multiple and complex passwords is difficult to manage.

Cyber criminals are aware that we typically use short, easy to remember passwords which can be "guessed" using a tactic called a brute-force attack. Password management software can help you create and maintain longer and harder to remember passwords for your protection.

Creating and maintaining multiple passwords is important because 66% of data breaches in 2013 involved attackers using stolen or misused credentials such as your passwords according to Verizon's 2014 Data Breach Investigations Report.

Password-related data breaches have hit organizations such as eBay, AOL, LinkedIn, eHarmony, and Twitter. Whenever you read a news story where a breached organization states that although they had a breach, no sensitive information was disclosed, only "passwords", you should still be concerned.

As an example, AOL users recently received a message urging account holders to "change their passwords and security questions" after accounts were compromised. eBay did likewise because of a similar cyber-attack that compromised a database containing passwords and other data.

If a hacker steals your password you are at risk of becoming a victim of identity theft, especially if you use the same password for multiple websites.

Verizon found that "poor password management" was the root cause of many of the 2013 data breaches and that "hackers are scanning the Internet for easily guessable passwords." In simple terms, "clever" passwords may not be so clever after all if you use every-day information that you share on social media regularly, such as your pet's name.

It isn't the New Year yet, but I encourage you to make a resolution. You will, starting today, set a strong, unique password for each of your sensitive accounts, including banking, retirement, and healthcare to name a few. A pain? Scary? Complicated? Help is available by using a trustworthy password management software program.

Most password management programs provide feedback as to the strength of your password(s). Providers including Sticky Password, LastPass, Dashline, Norton, RoboForm, and KeePass can generate and maintain strong, random passwords for you on demand.

My top five password defenses are easy, but they do require you to up your password game a bit.

  • Change default passwords immediately
  • Do not share passwords and change your password every 60 days
  • Use 10 or more character passwords including lower and upper case letters, numbers and signs
  • Do not use personal information like names, initials, birthdays, anniversaries, cities, pets, etc.
  • Realize and accept: no password is "unbreakable" as it can be stolen


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Why are Foreign Lottery Scams so Successful?

Better Business Bureau (BBB) has warned consumers of too-good-to-be-true sweepstakes and lottery scams for decades; however, consumers continue to fall for false claims of riches and end up losing thousands of dollars in the process. Recently, a woman in Mesa, Arizona received a letter claiming she was the winner of a $3 million foreign lottery from the UK, urging her to cash the enclosed $3,835 check and wire it back to pay government taxes in order to expedite processing of her winnings. While in need, tempted, excited, and hopeful, the woman avoided the lottery scam by calling BBB.

According to the United States Postal Inspection Service (USPIS), "sending lottery material through mail is prohibited by federal law." In addition, the Federal Trade Commission (FTC) states that "if you play a foreign lottery - through mail or over the telephone - you are violating federal law." Considering the legalities of foreign lotteries, why do so many people continue to fall for foreign lottery scams?

BBB shares four reasons why foreign lottery scams are so successful, as outlined by the Maryland Attorney General's Office:

  1. Promises of big prizes are hard to resist. It's hard not to be curious and excited when someone says you've won a very large sum of money. Even though you might not remember entering such lottery, you think that perhaps you did and forgot about it, or perhaps the letter says your name was entered in the lottery as part of a "promotion."
  2. Notifications look very official. The award notifications often look very impressive and include fancy letterhead and specific details about the date of the lottery, the number of the winning lottery ticket, the name of the "claim agent," and special identification numbers to make your claim. The notifications also include information about taxes, insurance and other things that sound like important legal information that must be told to a million-dollar lottery winner.
  3. Checks are included to pay for taxes. Along with the notification letter, a check or money order is usually enclosed to pay for taxes. You are instructed to deposit the check and then write a personal check from your account - or purchase a money order - to pay for the taxes. After paying the taxes, the winnings will be sent to you. Unfortunately, the check or money order enclosed turns out to be fake and bounces after you've sent your personal check to the con artists.
  4. Winners keep the winnings a secret. As part of the lottery's "security protocol," you are instructed to keep the notification a secret. Scammers use this tactic to ensure you don't talk to other people and find out it is all a scam. A deadline is usually included in the notification, urging you to act fast and avoid researching the scam.

For More Information

Thanks to the Better Business Bureau serving Central East Texas for their reporting on this scam. Check out their full article here.

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

If you believe your identity has been stolen, call 866.SMART68 today.