Just yesterday afternoon, I had a great podcast with the Vice President of Fraud & Identity at Lexis Nexis Risk Solutions. What made this show a bit different was that we did not talk exclusively all about Cybersecurity, rather we talked at length about another, related area.
Which is that of Fraud. Sure, I may have written something about here and there in my previous blog postings, but I have never realized just how bad fraud really is until yesterday’s show.
I’ve got to be honest; it really opened my eyes up. When I thought of Fraud, I just kept thinking back to my days of about two years ago when my credit card was hacked into.
Luckily, I caught in time, and there was only about $200 of worth of fraudulent activities that took place. But now, I am completely awakened by this whole new area of Fraud.
One of the questions that I asked my guest was where does all of this Fraudulent activity actually take place, or in other words, where does it all originate from? My first thought is that it all started in places like China, North Korea, or Russia, like we have seen other Cyberattacks precipitate from.
She said no, this is not really the case, believe it or not, most of them Fraud Attacks are homegrown, meaning that they originate here in the United States.
My mouth dropped even further after she had said that. So, speaking of Fraud, this is going to be even a bigger topic as we fast approach the Holiday shopping season. The days of visiting the traditional brick and mortar stores are quickly evaporating, as people are choosing to shop online from the convenience of their Smartphone.
After all, why go through the torture of trying to find a parking spot and wait in a long line to buy your stuff, right???
But just as much as Cyberattackers and Fraudsters are trying to find our weak spots to penetrate into, we are also to some degree or another, responsible for any backdoors that we may leave open for this to happen. But there is a difference here.
I am not talking about employees at a business, where it is primarily the owner and/or the C-Suite to fortify their lines of defense, I am talking about us, when we take our work hats off and live the life of an everyday American.
In this regard, it appears that the American society is taking more types of so-called “risky behaviors” when they actually engage themselves online, on a personal level. This is at according to a study from a Cybersecurity organization known as “PCI Pal”.
An interesting component of this survey is that it also included a component as to how we engage ourselves on the phone, in the way of divulging out our Personal Identifiable Information (PII).
Here is what the study discovered, in the various categories:
*The use of passwords:
An overwhelming 47% of the respondents said that they use the exact same password for all of the sites that they log into, for conducting financial transactions and shopping online.
*Use of Public Wi-Fi Systems:
45% of the respondents claimed that they use a non-secure, Public Wi-Fi when it comes to online shopping. Quite astonishingly enough, many of these respondents have even said they are willing to sacrifice their own security if it means that they can get the products that their heart desires quickly and easily.
*Talking to Customer Service Representatives (CSR):
Whenever we call the customer support line of an online store, we want to talk to somebody right now, and best of all, one that can speak English at a great level. But unfortunately, when we talk to a CSR, we always take it for granted that they are the “real thing” and are quick to give away our credit card number and/or checking account information so we can make our purchases. 44% of the respondents in this survey are too trustworthy, and are quick to give away such information, even if the CSR has a foreign sounding voice.
*Being too friendly on Social Media:
Let’s face it, we all want friends, whether it is in the physical or virtual world. Almost 63% of the respondents will accept friend requests from people who they do not even know (Facebook is especially notorious for this), and even giving money away to strangers that they do not even know (especially when somebody sets up a “Go Fund Me” page).
*Phishing still prevails:
As I have said before, this is probably the oldest Cyber threat vector out there and will continue to be the number one tool used by the Cyberattacker and even Fraudsters. But despite all that we hear about it and have heard not to download any attachments or click on any links that we are unsure of; the human being is still a curious cat. In this regard, 30% of the respondents claimed that they have done this very exact thing, when they knew they should not have. The reason why? Just plain ‘ole curiosity.
*Not using Two Factor Authentication (2FA):
To some degree or another, most of us have heard about this. This is where one can use more than on layer of security in order to fully confirm their identity. The latest versions of the iPhone are the best examples of this, where you can use your fingerprint (TouchID) or even face (FaceID) to log into your device after you have initially entered in your PIN number. In fact, many of the Social Media sites offer 2FA, just like the iPhone does. But even despite this, 76% of the respondents have not used it when they log into their Social Media accounts, or when they shop online.
My Thoughts On This:
I could go on with the usual laundry list of what you can do to remedy the above (OK, get a Password Manager, only log into secure Wi-Fi spots, make sure you to talk to a CSR from a reputable company, don’t friend everybody on the Earth with Facebook, don’t click on malicious links or download unusual attachments, and enable 2FA).
But I want to add one more point. As you shop online, you are going to see a lot of what are called “Chatbots” out there. These are Virtual CSRs that you can chat with, and they are designed so that they can answer a bulk of your questions and concerns without having to wait hours on end to talk to a real-life CSR. While this does have its advantages, it can also pose a great security threat as well, because you really just do not know who is on the other end.
While I am not saying not to engage one, just don’t give out any credit card or banking information over these particular lines of communication. In fact, it is even doubtful if these chat lines even have any sort of Encryption deployed onto them. Only give out your Personal Identifiable Information (PII) to a real life at a reputable, well established brick and mortar store.
My guest and I did talk in some length as to what you can do to protect yourself from being a Fraud victim. She basically said just to have a vigilant mindset, and if something just does not feel right, immediately disconnect the Web session or just hang up the phone (if you are talking to an actual CSR).
She even said that even despite all of the proactive steps that you may take, one is never guaranteed from not being a Fraud victim.
We are all at risk, some more than others, despite the preventative measures that we might take. But she did say one thing that I have never espoused on too much: That is, always check your credit activity at least 2X a day, and monitor your credit reports on a regular basis. That way, in the unfortunate incident that you do become a Fraud victim, you can stop in its tracks before it is too late.