International Fraud Awareness Week

International Fraud Awareness Week, or Fraud Week, raises awareness about the dangers of fraud and how to help prevent it.

There were 4.8 million identity theft and fraud reports received by the FTC in 2020, up 45% from 3.3 million in 2019, mostly due to the 113% increase in identity theft complaints.

In 2020, 1.4 million complaints were for identity theft, up from 651,000 in 2019.

Watch the video below to find out how fraud could impact your day-to-day life.


3 steps to strong phishing defenses

From ransomware to SolarWinds, the cybersecurity space has been as hectic as it has ever been over the last 12-24 months. However, for all of the emerging threats and news that are cropping up on the horizon, phishing — one of the oldest pain points in cybersecurity — is continuing to quietly wreak havoc, and is as big of a threat as it has ever been.

Despite often being overlooked in terms of hype, phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene and best practices is an absolute must.

With that in mind, here are a few quick best practices and tips for dealing with phishing threats.

  1. Know the Red Flags

Phishes are masters of making their content and interactions appealing. From content design to language, it can be difficult to discern whether content is genuine or a potential threat, which is why it is so important to know the red flags. Awkward and unusual formatting, overly explicit call outs to click a hyperlink or open an attachment, and subject lines that create a sense of urgency are all hallmarks that the content you received could be potentially from phish and indicate that it should be handled with caution.

2. Verify the Source

Phishing content comes in a variety of ways, however, many phishes will try to impersonate someone you may already know — such as a colleague, service provider or friend — as a way to trick you into believing their malicious content is actually trustworthy. Don’t fall for it. If you sense any red flags that something may be out of place or unusual, reach out directly to the individual to confirm whether the content is authentic and safe. If not, break-off communication immediately and flag the incident through the proper channels.

3. Be Aware of Vishing and Other Phishing Offshoots

As more digital natives have come online and greater awareness has been spread about phishing, bad actors have begun to diversify their phishing efforts beyond traditional email. For example, voice phishing — or vishing — has become a primary alternative for bad actors looking to gain sensitive information from unsuspecting individuals. Similar to conventional phishing, vishing is typically executed by individuals posing as a legitimate organization — such as a healthcare provider or insurer — and asking for sensitive information. Simply put, it is imperative that individuals be wary of any sort of communication that asks for personal information whether it be via email, phone or chat — especially if the communication is unexpected. If anything seems suspicious, again, break-off the interaction immediately and contact the company directly to confirm the veracity of the communications.

Phishing may be “one of the oldest tricks in the book,” but it is still incredibly effective. And although it may be hard to spot when you may be in the midst of a phishing attempt, by exercising caution and deploying these few fundamentals, individuals and organizations more broadly can drastically mitigate the chances of falling victim to a phishing attack.


Cyber basics

Learn the Cyber Basics this Cybersecurity Awareness Month

At a time when we are more connected than ever, being “cyber smart” is vital. This year has already seen more than a fair share of attacks and breaches, including the SolarWinds and Kaseya breaches as well as high-profile attacks on the Colonial Pipeline and other critical infrastructure.

Cyber attacks are becoming more sophisticated with more evolved bad actors cropping up each day. Luckily, there are several steps that we can take on a daily basis to mitigate risks and stay one step ahead of malefactors. Here are a few quick tips:

  • Enable MFA

Multi-factor authentication (MFA) adds that necessary second check to verify your identity when logging in to one of your accounts. By requiring multiple methods of authentication, your account is further protected from being compromised, even if a bad actor hijacks your password. In this way, MFAs make it more difficult for password cracking tools to enable attackers to break into accounts.

  • Use strong passphrases/password manager

This may seem obvious, but all too often securing strong passphrases/password managers is overlooked. People spending more time online during the pandemic has certainly contributed to more bad actors prowling for accounts to attack. Using long, complex, and unique passwords is a good way to stop your account from being hacked, and an easy way of keeping track and remembering your passwords is by using a password manager.

  • Perform software updates

When a device prompts that it’s time to update the software, it may be tempting to simply click postpone, and ignore the message. However, having the latest security software, web browser, and operating system on devices is one of the best defenses against online threats. So, don’t wait – update.

  • Do your research

Common sense is a crucial part of maintaining good online hygiene, and an intuitive step to stay safe online is to do some research before downloading anything new you are downloading to your device, such as apps. Before downloading any new learning app on your device, make sure that it’s a by checking who created the app, what the user reviews say, and if there are any articles published online about the app’s privacy and security features.

  • Check your settings

Be diligent to double check your privacy and security settings, and be aware who can access your documents. This extends from Google docs, to Zoom calls, and beyond. For meetings on Zoom, for example, create passwords so only those invited to the session can attend, and restrict who can share their screen or files with the rest of the attendees.

Being cyber smart and maintaining stellar online hygiene is the best way to protect yourself and others from cyber attacks. No single tip is foolproof, but taken together they can make a real difference for taking control of your online presence. Following these tips is also easy, and free. By taking preventive measures and making a habit of practicing online safety, you can decrease your odds of being hacked exponentially – and prevent lost time and money, as well as annoyance.

Find out more about Cybersecurity Awareness Month here.


Steps to take to recover after a data breach

Data breaches have become a part of modern life in our connected world. Everyone is at risk of potential data breaches and having their data used fraudulently. However, just because there is a data breach, it doesn’t mean you’ll become a victim of Identity theft. To avoid any further harm to your online identity, there are certain steps you can take to make sure you contain the threat. These will potentially save your finances, credit score and your identity, keeping them away from criminals.

Here are the steps you need to take right away if you find out that your data has been breached:

1.) Immediately change your password. 

These need to be a combination of letters, numbers and special characters. The password needs to be unique to every online account you have. Duplicating passwords gives hackers more chances to access your accounts. Using a password manager can help you store your passwords securely. You also need to change your passwords regularly.

2.) Set up two factor authentication. 

Adding two factor authentication increases your protection, companies such as Facebook and Microsoft have these authentication processes in place if you wish to use them. They add an extra layer of security, usually requiring you to enter a code you’ve received via SMS.

3.) Check your credit report and accounts regularly.

Make sure that there is nothing there that is unfamiliar to you, if there is, contact the company straight away and alert them to what has happened, the quicker you act the less damage caused. A credit report allows you to view most of your financial information in one place.

4.) Look out for regular updates from the breached company.

They may release press releases and maintain a feed to the affected parties. For example, users were usually logged out of their Facebook accounts if they were affected in the most recent Facebook data breach. Users should keep up to date with any information regarding the breach by using social media platforms or the company websites, users may also be notified by email.

Following these steps may result in limiting the amount of damage caused by your leaked data. There are many tools that can alert you to suspicious activity and help protect your personal data, such as Cyberman365. There is also a free service offered by the Federal Trade Commission which offers a recovery plan for when the worst happens, you can find it here: 

Take a look at our other articles for more useful resources.


6 ways to fall victim to identity theft

Overall, 33 percent of U.S. adults have experienced identity theft, which is more than twice the global average. Make sure you are aware of these common traps when it comes to identity theft.

Malware & Viruses

Criminals use tactics to infiltrate your devices and may steal information or hold your device and files to ransom until you pay a fee.

Data Breaches

Unfortunately companies often fall victim to data breaches where customers’ personal information is exposed. This means criminals can get hold of your data.

Mail Theft

If you have an unlocked mailbox, identity thieves can easily steal your mail containing your personal information.This also applies to your garbage so make sure you shred any personal data.

Change of Address

With just a name and address someone can divert your mail. They can then collect additional information about you such as credit card information or your Social Security Number.

Wallet Theft

If someone gets hold of your wallet, think about how much information they would have on you, SSN, name, age, bank accounts, health insurance details and more.

Oversharing on Social Media

Always be aware of what you are sharing, if strangers can predict your movements it’s easy for them to steal your identity or belongings.


World Password Day! How long would it take to crack your passwords?

Months, days, hours, seconds?

Here are the top 5 worst passwords of 2020 from NordPass. The list shows you how many times a password has been used, and how much time it would take to crack it. Find out more here.

Check if your password is on the list, if it is, then you need to strengthen it. Try using a random password generator.

If you’d like to share you can download our image here.


The sites that are sharing your personal information

You may be shocked to discover just how much these sites share about you.

People data sites may contain your current and previous home addresses, relatives, phone numbers, email addresses, neighbors and more. Anybody can visit these sites and look up your personal data.

Cyber and Privacy expert David Derigiotis has created a useful resource to explain how you can opt-out of these data sites.

This is a great first step to start reducing your digital footprint.

The downloadable resource covers the following points and more:

  1. When removing the information from the following organizations, consider creating an anonymous email.
  2. Consider using the following email service providers which offer users a greater sense of privacy.
    • ProtonMail:
    • Tutanota:
  3. These two email providers offer a secure email service with built in end to end encryption. With end to end encryption, content within the email is not accessible by the company itself when emailing within the network (ex. ProtonMail to ProtonMail user). Only the communicating users can read the content.

The list is not exhaustive but will provide a good start for reducing your digital footprint. Many of these sites may require your follow up before successful data removal occurs. Please be sure to record the date you initially contact the service and document once removal is verified. Be diligent.

Download our guide with links for the websites that are holding your information and where you can opt-out to remove your data.


Stay Alert for COVID-19 Vaccine Scams!

COVID-19 vaccines are rolling out and that’s great news! While we eagerly anticipate vaccine distribution, please stay alert for COVID-19 vaccine scams.

Here’s how to avoid a vaccine-related scam:

  • The vaccine will most likely be free (given the public health emergency) so be highly skeptical of any email or communication requesting money in exchange for the vaccine.
  • You can’t pay to put your name on a list or get early access to the vaccine.
  • No one from a vaccine distribution site or health care provider will contact you for your Social Security number, credit card or bank account information.
  • Stay alert for providers offering other products, treatments, or medicines to prevent the virus.
  • ALWAYS check with your health care provider before paying for or receiving any COVID-19-related treatment.

Additionally, be highly skeptical of emails that create a sense of urgency or fear and persuade you to click on a link or open an attachment like the following. 

  • “CLICK here/OPEN this attachment to learn about the potential side effects of the vaccine!”
  • “CLICK here/OPEN this attachment to hear real stories of allergic reactions to the vaccine!”
  • “CLICK here/OPEN this attachment to get early access to the vaccine!”


Lose the contents of your bank account in a few taps

Scam alert! Despite instant fraud alerts from banks, victims are still authorizing money transfers straight into criminals’ bank accounts with this convincing scam.

This new scam is skyrocketing in Europe and it’s already started growing in the US too.

The report includes a real life case study featuring a regular family who transferred £25,000 out of their account to fraudsters. Find out where they went wrong so you can recognize when you are at risk.

Find out more with Neil Gurnhill’s in depth piece on the topic.


Data Privacy Day tips: How to protect your personal information

You may feel like there is little you can do to protect your personal data. However, there are steps you can take to learn about how your data is collected, shared and used. Follow these basic privacy tips to help improve how you manage your personal information and make informed decisions about who receives your data.

Tips to protect your privacy:

  1. Personal info is like money: Personal information, such as your purchase history, IP address, or location, has tremendous value to businesses – just like money. Have you ever received something for free? Installed a free app or downloaded an eBook? If so it’s usually not really free, the cost is access to your personal information. Consider whether the benefit is worth sharing your data.
  2. Keep tabs on your apps. Many apps ask for access to personal information, such as your geographic location, contacts list and photo album, before you can use their services. Be wary of apps that require access to information that is not required or relevant for the services they are offering. Delete unused apps on your internet-connect devices and keep others secure by performing updates. 
  3. Manage your privacy settings. Check the privacy and security settings on web services and apps and set them to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information. Get started with NCSA’s Manage Your Privacy Settings page:
  4. Check for data breaches. Google Chrome has a super useful feature that alerts you if your accounts have been breached and alerts you to change your passwords. You can also use other sites like to see if your email address has been involved in a data breach.

Find out more here.