Many people believe that by not using the Internet to manage their accounts they are keeping their personal information offline and staying safe. In fact, they may simply be making it easier for criminals to masquerade as them and take over their accounts.
KrebsOnSecurity has documented many examples of scammers creating online accounts in a victim’s name at the Internal Revenue Service, U.S. Postal Service and the Social Security Administration. When the victim later tries to establish accounts on those sites they are locked out because the accounts already exist.
Krebs also reports that a man had almost a quarter of a million dollars stolen from a bank account because he had not linked the account to an online identity and a thief did. According to Carrie Kerskie, president of Griffon Force LLC, “What we found is that the attacker linked the client’s bank account to an American Express Gift card, but in order to do that the bad guy had to know the exact amount of the microdeposit that AMEX placed in his account. So the bad guy called the 800 number for the victim’s bank, provided the client’s name, date of birth, and Social Security number, and then gave them an email address he controlled. In this case, had the client established an online account previously, he would have received a message asking to confirm the fraudulent transaction.” The thief then made withdrawals in $5,000 increments, stealing $170,000 over the course of six months.
The best way to protect yourself is to claim your online accounts so the bad guys can’t. That means establishing online accounts with government agencies, banks and other financial institutions, as well as your cable and internet providers and social media platforms. You should also place a credit freeze on your files with the big four credit reporting agencies.
While you are at it, make sure elderly relatives have claimed their accounts and placed a freeze on their credit files. Many seniors are hesitant to use the internet but, as we have seen, that won’t stop the thieves from impersonating them.
One of the best ways to protect your accounts is to turn on multi-factor (or two-factor) authentication (MFA). MFA requires that a user have at least two of three types of credentials to log in to an account. The three types are: something you know (such as a PIN or password), something you have (such as an ATM card, phone, or fob) and something you are (such as a fingerprint or voice print). MFA protects your account, and failing to implement it can make it harder to recover your account if you are hacked as the crooks can implement MFA and lock you out.
