Mark Pribish

2017 Lessons Learned from a Year of Data Breaches

By Mark Pribish
Vice President and ID Theft Practice Leader

The end of each year is a great time to take stock of the past year and highlight some lessons learned.

Unfortunately, identity theft and data breach events for consumers and businesses continue to be a significant and growing issue.

I have included below some of my favorite cybersecurity related articles from 2017 that might help all of us increase our information security knowledge – for both our families and our businesses:

Poll: Americans worry more about cybercrimes than conventional crimes https://www.newsmax.com/Newsfront/gallup-cybercrime-worry-americans/2017/11/06/id/824324/

Americans fear falling victim to cybercrime, where 67 percent worry about having personal credit card or financial information stolen by computer hackers and 66 percent are concerned about identity theft, according to a new Gallup poll.

Here is how the rest of the poll breaks down:

  • 38 percent worry about having their car stolen or broken into.
  • 36 percent fear their homes being burglarized while they're away.
  • 30 percent say they are concerned about terrorism.

Hackers Say Humans Most Responsible for Security Breaches Read more. Hackers say humans are the weak point and that traditional defenses cannot protect them. Under the principle of "set a thief to catch a thief," 250 hackers at Black Hat 2017 were asked about their hacking methods and practices. By understanding how they work and what they look for, defenders can better understand how to safeguard their own systems.

  • The hackers' number one choice for fast and easy access to sensitive data is gaining access to privileged accounts (31%).
  • Second is access to an email account (27%).
  • Third is access to a user's endpoint (21%).
  • All other routes combined totaled just 21%.

"Hackers today are able to bypass both firewalls and AV using well known applications and protocols or even VPN that hide within expected communications," explains Joseph Carson, Thycotic's chief security scientist.

The faces of fraud as identity thieves prey on auto finance, lenders and dealers http://www.autonews.com/article/20170911/FINANCE_AND_INSURANCE/170919982/auto-finance-fraud-identity-theft An erupting fraud type in auto finance, and the fastest growing form of identity theft, is synthetic identity fraud, whereby a fraudster creates an identity with attributes from several individuals. Synthetic identity fraud is largely unknown to the public but is a growing threat to auto lenders.

Cunning malware spreads, going after your bank account http://www.foxnews.com/tech/2017/11/10/cunning-malware-spreads-going-after-your-bank-account.html The Zeus Panda malware essentially "poisons" Google search results to push fake bank-related results to the top of a key word search. Then, the unwary user, looking for quick answers to a search related to their bank, is fooled into clicking on malicious links. The malware utilizes search engine optimization (SEO) "to make their malicious links more prevalent in the search results which will enable the attacker to quickly obtain credentials, banking and credit card information."

Agency report: Most businesses couldn't withstand cyberattack https://www.bbb.org/council/news-events/news-releases/2017/10/the-state-of-small-business-cybersecurity-in-north-america/ Half of small businesses report they could remain profitable for only one month if they lost essential data, according to a new report released by the Better Business Bureau in conjunction with National Cybersecurity Awareness Month.

The agency surveyed approximately 1,100 businesses in North America (71.4 percent of the sample came from the United States, 28.5 percent from Canada and 0.1 percent from Mexico). Two-thirds of the participants were BBB Accredited Businesses, and they apparently fared marginally better in most measures, such as awareness of specific threats and adoption of cybersecurity measures.

While I encourage all of our readers to be safe this Holiday season and in 2018, I would like to take this time to wish everyone a Happy Holiday and Happy New Year!


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Alert: Shipping Trick Fools Holiday Shoppers

This holiday season, be sure to vet websites before making a purchase. Scammers are using phony UPS and FedEx tracking numbers to fool shoppers into thinking their package is on the way, according to recent BBB Scam Tracker reports.

This holiday season, be sure to vet websites before making a purchase. Scammers are using phony UPS and FedEx tracking numbers to fool shoppers into thinking their package is on the way, according to recent BBB Scam Tracker reports.

How the Scam Works:

You are shopping online and find a site with amazing deals. The website and the products look legitimate, so you decide to take a chance and make a purchase. After checkout, you get a confirmation email that contains a tracking number from UPS, FedEx, or another shipping service.

What happens next depends on the scam. In some versions, the tracking number provided is completely fake. In other variations, the number is real and appears to work at first... until "your" item is delivered somewhere else. Either way, the outcome is the same. Providing a phony tracking number allows scammers to stall and shift blame for the missing package to the shipping service. In reality, your purchase never existed in the first place.

Protect Yourself from an Online Shopping Scam:

  • Before buying online, confirm the site has real contact information. Make sure the seller has a working phone number and address on the website, so you can contact them in case of problems.
  • If the price seems too good to be true, there's probably something wrong. Be wary if the item is selling for significantly lower than what you've seen elsewhere.
  • Review BBB online shopping tips. Many online purchase scams use similar tactics. See BBB.org/shoppingonline/ for more advice.

For More Information:

For more resources on shipping fraud, see FedEx's website and UPS's online resource center.

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

To learn more about scams, go to BBB Scam Tips (bbb.org/scamtips). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker).

NOTE: FedEx Corporation and United Parcel Service are BBB Accredited Businesses.

If you believe your identity has been stolen, call 866.SMART68 today.