WASHINGTON D.C. — Moments after discussing Election Security issues March 15 on Capitol Hill, Adam K. Levin spoke by phone to Aim Media about the ongoing battle between financial institutions and computer hackers, and what consumers need to do to protect themselves.
Levin is the co-founder of Credit.com and CyberScout. According to his website, www.adamlevin.com, Credit.com is a credit education and consumer advocacy company; CyberScout works to fight identity theft, identity management and provides data breach response for 500 institutions and 600,000 small businesses.
He said banks can and do throw millions of dollars into cyber security platforms, but if consumers aren’t creative with their passwords, they’ll still find themselves easy prey for hackers and scammers.
“A lot of consumers have the tendency to use easily decipherable, simple passwords, but they tend to use these passwords not in specific places. They tend to use these passwords throughout the entire universe of websites,” Levin said. “If a website gets compromised, even if it has absolutely nothing to do with their financial accounts, but they’re using the same password, they’re inviting trouble. How many institutions have you used your email address as your user I.D?
“Right there, they can figure out what it is. So how do you figure out somebody’s password? One of the ways is you compromise it from someplace else (online). Another way is, you can answer security questions that pop up on an unfamiliar device when it is used on a particular website. They’ll sometimes have two-factor identification, which is a code that is sent to your mobile device. We’ve seen instances of mobile devices being hijacked, where someone convinces the institution that they are you, and they have the phone number transferred to another mobile device. They get your code!
And when the security questions pop up, the answers can often be found on your social networking sites. Your mother’s maiden name. You’re father’s middle name. The mascot of the high school you attended. Favorite street, your favorite color … this goes on and on.”
Levin suggests several ways for consumers to protect themselves from online theft. Foremost, don’t use the same password over several websites. You’re just inviting someone to figure out the password on one site and try to access your information using that password on another site.
“Long and strong passwords, two-factor authentication, securing your mobile devices so that they don’t become unwitting entry ways to downloading an unverified app from someplace that’s not reputable like the Apple Store or Google Play.
“If you don’t shred documents, but you just throw them out. If you don’t freeze your credit, so that when someone gets your information they can then get into your credit report and figure out some of your financial accounts that way, by using that file or fake tax returns to get into your account. People don’t check their credit, so they don’t even know when someone may be crawling around their accounts,” Levin explained.
The bad guys have figured out ways to sell bogus credit cards on the black market by the zip code that the card was acquired in. That way, if they make purchases using your account within the zip code you reside, the scammers can spend freely without the bank getting suspicious of the purchase.
“The only way you’re going to find out is if you check your accounts daily, or you get a notification of activity in your account. Then you’d go ‘Wait a minute. That may have been a purchase in my zip code, but that wasn’t by me!” Levin said.
“These are the kinds of things that people need to do.”
Consumers need to beware of the many kinds of online and phone scams as well. Levin says there are four primary scams being utilized:
– Phishing, where you are contacted as a credit card holder by someone posing as an employee from that credit card company. They’ll ask to confirm sensitive information such as user names, passwords or credit card details over the phone.
– Spear Fishing, where a person is contacted by name as the card holder either by phone or email in order to retrieve some personal information the company needs from you.
– Vishing, where a friendly voice on the other side of the phone line calls supposedly on behalf of a company in order to assist you, with often a financial reward or discount for you in return for your information.
– Smishing. This is becoming more prevalent, where an email is sent out masquerading as a reliable company. They’ll say there’s a problem with your account and will ask you to click on the supplied link to provide your account information.
For each of these, don’t fall for it. Hang up the phone. Don’t open the link.
“People have to be more careful. Institutions have to be more careful. The government can’t even agree on the day of the week! … We have 52 separate breach notification laws, but not a national law. This is the environment that we face,” he said. “That doesn’t mean you go home, turn off the lights, unplug every device, get under your mattress and burn off your finger prints, but what it means is that you just have to be careful.
More information regarding identity theft, data security,privacy and consumer protection can be found on Levin’s website: www.adamlevin.com.
