Well, this morning has turned out to be an interesting day.  We have finally agreed to healthcare plan through Obamacare (this is about the only kind of medical insurance one can get if you are an SMB owner and do not have a full-time job). 

Normally, when I have paid medical insurance premiums before, I have usually paid online, it seems to be a lot quicker rather than having to call in the customer support line at BCBSIL and wait for hours on end to make a payment.

So, I went to log in this morning to pay the medical premiums for the new plan starting next year.  I swear that I entered in the right username and password.  I tried a few times, but unfortunately, I was blocked out after 3 attempts for a 30-minute time period. 

So, I tried again after 30 minutes, still no luck.  As a result, I called the help desk, and to very much my surprise, I was able to get a hold of somebody within a matter of a few minutes (and to my surprise, they could actually speak English).

The help desk agent told me I had to create a new account, and after 3 more attempts, I was finally able to create a new account and make the payment.  WHEW.  Anyways, you are probably wondering at this point where I am going with all of this. 

One of the recurring themes in my past few blogs has been that of Fraudulent Activity.  As I have mentioned, there are a lot of lines associated with it that intersect with Cybersecurity, and there are some key differences as well.

Now, I want to bring up another important area of Fraudulent Activity.  That is, when a Cyberattacker opens up an entire new account, using your name and other relevant PII in order to establish and initiate it.  Let us illustrate this with an example. 

Suppose that unfortunately you have become a victim of a large scale Cyberattack, along with many others.  In this barrage, your credit card information and other forms of PII have been hijacked and have become available for sale on the Dark Web.

After a Cyberattacker has purchased these, he or she then has enough data in order to create a brand new, online account using your name.  Yes, this does very scary, and it really is.  But the reality is this trend is only going to proliferate during the shopping season, and as we go into 2020. 

In fact, a market research study was conducted which specifically examined this very subject by an entity known as “Jumio”.  Their report is entitled the “Holiday New Account Fraud Report”, and it can be downloaded at this link:

https://go.jumio.com/2019-holiday-fraud-report

Here are some of their major findings:

*Just this year alone, the number of fake, online accounts being set has more than doubled;

*There has been a 106.8% increase of these kinds of accounts being set up since 2014;

*Believe it or not, it is the Asia-Pacific Rim geographic area that are the prime targets for phony accounts being set up, while the United States appears to the least susceptible;

*Overall, this kind of Fraudulent Activity (which is the setting up of phony accounts) takes place more in the developing countries than when compared to the developed nations;

*In terms of the industries that are most prone to this are the cryptocurrency and online gaming/gambling ones;

*It is the travelling and the gaming industries that are the least susceptible to it.

My Thoughts On This

I am actually quite surprised to see that the United States is at the bottom of the list in terms of fake, online accounts being set up.  I honestly thought that it would be near the top, with all of the reports we keep hearing about in the news when it comes to all of the security breaches and data loss events that occur on a daily basis.

I am also sort of surprised to see that it is the Cryptocurrency industry that is the most vulnerable to this sort of Fraudulent Activity.  The reason why I say this is that engaging in this kind of activity is more of just using your computer, rather than using your credit card in public places. 

For instance, you have direct control over the websites that you use, and you can decide if you want to visit a site that is not protected by SSL. 

This stands in sharp contrast to the gaming and travelling industries where typically, you use your credit card and other financial information in order to make purchases on an almost basis when you are on vacation or visiting another place.  

In this aspect, you really do not have much control over the security practices that the places use (such as restaurants, cafes, hotels, rental agencies, etc.) for credit card transactions.

So, in my opinion, these two industries should really be the reverse of each other, and that is why I am quite surprised that they are not.  Anyways the bottom line is that as much as you have to be proactive in checking your credit card activity and other financial information, you have to be on the lookout to as well to see if any phony, online accounts are being set up in your name. 

This can be a more difficult task to do, and a future blog will go into more detail as to how this can be accomplished.

Also, be on the lookout for Phishing Emails you may receive asking you to log into an existing account.  This is yet another conniving way for the Cyberattacker to get your PII so that they can create even more phony accounts your name. 

In fact, I got an Email just like this yesterday.  It basically stated that my account was set up, and that all I had to do was merely create a username and password.

The alarm bells that set me off were is that I have never engaged in sort of transaction that would prompt this kind of Email from being sent, and there were also numerous typos in the body of the message.  So, all I did was just delete it.

But this brings up also another important point.  Even after you engage in a legitimate transaction, you may still get a phony Email asking you to take action.

This happened to me twice, with BCBSIL and PayPal.  Normally, these Emails are sent within minutes after you have completed a purchase or selection, in order to create that sense of urgency and fear into your mind that action has to be taken.  In this regard, no matter what, always call the entity with whom you have engaged in this transaction with to see if they have really sent this kind of Email.

In the end, you should still enjoy the Holiday Shopping Season, but just be on the lookout for any illegitimate activity taking place on your credit card or checking account.  You should check these at least 2X a day.