Mark Pribish

Does the Internet of Things (IoT) Increase Your Risk of ID Theft?

By Mark Pribish
Vice President and ID Theft Practice Leader

The term "Internet of Things" (IoT) describes any "thing" that is capable of collecting and sharing data online including cars, refrigerators, thermostats and TVs.

While this new wave of technology is creating a new generation of smart devices, it has also created new privacy risks for individual consumers and business enterprises.

It is expected that by the end of 2016 there will be more than 30 billion IoT devices in the world. The Federal Trade Commission (FTC) is asking questions about the massive amount of data being produced by these smart devices.

According to a speech by FTC Chairwoman Edith Ramirez, the IoT "has the potential to provide enormous benefits for consumers. But it also has significant privacy and security implications."

While it's fascinating that we can adjust our thermostat in Arizona when we are on vacation in California or monitor our vitals and insulin levels during a 5K run with the help of a cellphone – it's also concerning that consumers and businesses using Web-connected or IoT devices increase their risk of cyber threats, according to John Iannarelli, the recently retired assistant special agent in charge of the FBI's Phoenix division and CEO of JGI Consulting Group, a security and investigations company.

"The rapid development and adoption of new Web-connected smart devices is drastically increasing the cyber threat landscape that businesses and consumers must now face each day," according to Iannarelli.

IoT devices "present unique security risks to consumers," Iannarelli said. "For example, if a hacker gains access to your smart refrigerator, it could serve as a conduit to any other device connected to your home network, such as your home security system or personal computer."

Devices with default passwords or open Wi-Fi connections are an easy target for cybercriminals pretending to be you and ready to exploit your name for their gain.

Iannarelli lists IoT devices that could be compromised including:

  • Automated devices that remotely or automatically adjust lighting or HVAC.
  • Security systems, such as security alarms or Wi-Fi cameras, including video monitors used in nursery and day-care settings.
  • Medical devices, such as wireless heart monitors or insulin dispensers.
  • Thermostats.
  • Wearables, such as fitness devices.
  • Lighting modules that activate or deactivate lights.
  • Smart appliances, such as smart refrigerators and TVs.
  • Office equipment, such as printers.
  • Entertainment devices to control music or television from a mobile device.
  • Fuel monitoring systems.

Iannarelli also lists ways to reduce your chance of being a victim or reduce the impact of an IoT breach.

  • Isolate IoT devices on their own protected networks.
  • Disable UPnP (Universal Plug 'n Play) on routers.
  • Consider whether IoT devices are ideal for their intended purpose.
  • Purchase IoT devices from manufacturers with a track record of providing secure devices.
  • When available, update IoT devices with security patches.
  • If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it operate on a home network with a secured Wi-Fi router.
  • Use current best practices when connecting IoT devices to wireless networks and when connecting remotely to an IoT device.
  • Patients should be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor.
  • Ensure all default passwords are changed to strong passwords. Do not use the default password determined by the device manufacturer.

"While the IoT offers convenience and efficiency, the IoT will always be targeted by ID-theft criminals and hackers," Iannarelli said.

To conclude, one of the greatest threats today for individual consumers and business enterprises is identity theft – so be vigilant in protecting your data, yourself and your business.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Our Top Five Tips for Preventing Scams

This month, BBB's Scam Alerts turn five years old. Tips you should know in order to prevent scams from taking place.

September 15, 2016

This month, BBB's Scam Alerts turn five years old. What have we learned over the past half decade? A lot, it turns out. To celebrate the anniversary, we are sharing our top five tips for spotting a scam.

Scam Alert's Top Five Tips:

Scammers are constantly coming up with new ways to fool victims. But most scams have a few elements in common.

  • Always be wary of "too good to be true." If a deal is significantly better, a price lower, or an offer greater than you can find elsewhere, be cautious. Keep in mind that businesses need to turn a profit. If a company's offer is so amazing that it's not sustainable, it could be a ploy.
  • Don't underestimate the power of a quick online search. An online search can go a long way in uncovering a con. Chances are that the scam has already fooled other people, and they have posted about it online. Be sure to check out BBB Scam Tracker for the latest (bbb.org/scamtracker).
  • Pay with a credit card and refuse unusual forms of payment. Protect yourself by paying with a credit card, which gives you additional protections such as the opportunity to dispute charges if the business doesn't come through. Be wary of anyone who requests alternative forms of payment, such as wire transfers, pre-paid debit cards, or gift cards.
  • Watch out for a change in routine. If an organization normally reaches you one way, be suspicious if you suddenly start receiving a different type of communication. For example, government agencies generally communicate through mail, but scammers impersonating them often call or send email.
  • Don't believe what you see. Con artists can spoof phone numbers, email templates, websites, letterhead, and social media accounts. Just because something looks real, doesn't mean it is. Instead of relying on your eyes, look for other warning signs.

For More Information

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scamtracker). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker).

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

If you believe your identity has been stolen, call 866.SMART68 today.