A friend of mine, let's call him Dave, wrote to me recently about identity theft. He told me that all of his identifying information like phone numbers, email addresses, old passwords and his usual security questions, were all available on the dark web. He also had a number of notifications of personal information breaches that resulted in fraudulent charges, the need to replace credit cards and attempts to set up fake bank accounts in his name. The latter is used if a hacker is planning to get into your other accounts so they can transfer funds to themselves under your name.
- How does this happen? Information is being collected on you all the time. If you use services like TikTok, then it's the Chinese government collecting the data. If you use other services, it will be organisations, the US and other countries that are collecting and, in many cases, selling your data to others for a price. Hackers have consistently broken into organisations and stolen data that has ended up on the internet and the dark web. Sometimes this is for the amusement of the hacker, other times to make money, and sometimes lots of money. The information is used to send you phone messages or phishing attacks based on your interests. I recently made a mistake and pressed the wrong button on Amazon to sign up for Prime. I cancelled it and soon after that, I received a slew of fake phone calls telling me Prime was going to be extended for US$99.99 (3,600 baht) a month. I checked my Amazon account just to be sure and ignored all of those calls. I'm still wondering if the calls were based on random timing or if my Prime cancellation information somehow made it to the scammers.
- As a general rule of thumb, no financial organisation will ever ask you for your password. If you have called them, they may ask for some passcode or confirmation of identity, but I have never had a bank call me. Rule 1 is to never talk to anyone trying to tell you there is a charge, a fine, a refund or especially some kind of opportunity. If in doubt, hang up and then call the purported source back and ask for the relevant service. Notifications will typically come in a letter or to an email inside your account after logging in. Never do this at someone's instruction, unless YOU have called a help desk for assistance. These days, there are SMS messages, emails with codes and other ways of validation. For my bank, I have an app on my phone that generates a number linked to my account. For some transactions, I need to generate this number and enter it for those transactions to proceed further.
- So how can you protect yourself? Keep important accounts under a complex password. It should have upper and lower case characters, include numbers and special characters like $#@%* and it should be as long as possible, but one you don't have to write down to remember. I have hundreds of different accounts. For most of them, I really don't care if someone can get into it, so these get simpler passwords and often the same ones. Things like PayPal, eBay and my banks have their own passwords that are more complex and harder to crack. The important ones should also be changed regularly.
- Where possible, turn on two-factor (or three-factor if available) authentication. This means after you enter your password an SMS or an email is sent to you with a code that you then need to enter as the second stage of your login. In my case, I can use my fingerprint as biometric secondary authentication. Your mobile phone may allow you to implement this for some services. Three-factor authentication may involve you making a return call to provide a voice reference or similar. Another action you can take is to alert credit bureaus to put a freeze on all inquiries to their services along with a fraud alert, where they notify you if someone is trying to access your information.
- Why do you care? If someone can get the right information, they can take all your money, all your property and possessions and even most of your life. They can take out a series of loans in your name, keep the cash and default on them all, and you could lose everything. They can dig deep into your personal information and start passing pieces to your boss, your partner, your friends and family. The result can be a loss of trust, respect, your job and future prospects. There have been cases of all of these, so be wary.
- Stop me if you've heard this one. Microsoft's latest patch has broken. In this case, a new patch breaks printing for some in Windows 10. For most, it is a matter of deleting the duplicated printer(s) that have appeared. Some will need to uninstall and reinstall the driver. Scanners seem to also have some issues, which at the time of writing had not been acknowledged by Microsoft.
James Hein is an IT professional of over 30 years' standing. You can contact him at email@example.com.