We are already starting to see the massive impact that COVID-19 is having on the global economy. And as unemployment rates explode, cybercrime and fraud will grow as well. In the UK, online banking fraud losses increased from £22.6m in 2007 to £52.5m in 2008 when the Great Recession hit, and then to £59.7m in 2009, before security measures were implemented and forced fraud rates to start dropping. As we enter into another global economic downturn, we will assuredly see a dramatic increase in fraud in 2020, and the FBI has already reported seeing a sharp rise in fraud schemes due to the COVID-19 pandemic.
So how do you protect yourself as an individual against identity theft and other fraudulent scams, especially in this new person-not-present world?
Having worked in the fraud prevention/identity verification space for more than a decade, I have a fair bit of insider knowledge on how to protect myself as a consumer.
But the truth is that most of us only think about taking steps to protect ourselves after someone steals our identity, applies for a bank account or loan using our personal information or makes fraudulent purchases with our credit card information.
With a record number of massive data breaches last year, personal information is readily available for mere pennies on the dark web. All it takes is a fraudster to get hold of a couple pieces of your personal information and they can start creating a fraudulent identity. Given that most branch offices are currently closed because of the pandemic, cybercriminals can exploit online channels to perpetuate identity theft.
I’m often asked by friends, family and people I meet at dinner parties (you’d be surprised how identity verification is a conversation starter), “what are the simplest or best things to do to try and protect myself?” Here are my top tips:
Most banks these days have a mobile app which you can set to notify you anytime a transaction is made. Monzo, a digital bank out of the UK, is a perfect example. You can set your Monzo app up to send an SMS-based notification whenever there’s a card-not-present transaction on your account. You need to enter your PIN in the app in order to approve each online purchase.
Never share your banking information with anyone. Banks will never ask for your account numbers or PIN numbers via email or text. They will always redirect you to log into your online banking account. If they provide a number to call, check your bank’s website to verify the number is legitimate. When in doubt, call the bank customer service line to double check. Most fraud hotlines are open 24/7. And review your online statements frequently to ensure there are no suspicious transactions.
Phishing attacks are rife at the moment and cybercriminals are taking advantage of COVID-19 fears in a number of ways. We’ve already seen media reports about email scams advertising cheap face masks and hand sanitizers. But as unemployment rates hit record numbers, expect phishing scams to also increase.
During the Great Recession, fraudsters impersonating the U.S. government sent emails claiming that recipients needed to click on a link and provide personal information in order to complete their application for unemployment benefits. Even if an email looks legit, hover over the link and you’ll be able to see the actual redirect location. Anyone can create a hyperlink to mask the actual web link they’re sending you to. Most banks won’t ask customers to click on a link to view important information but will instead direct you to log into your online account directly via the app or website to view additional messaging.
Most of us are on some form of social media. If you have to have your profile set as public then make sure you’re conscious of the personal data that you’re sharing. Don’t complete every bit of the “About Me” section. You’re basically giving the world access to valuable personal information free of charge.
Knowledge-based authentication is a legacy form of login protection that asks personal questions that only you should know the answer to. Some businesses use this technology if you forget your password and request a reset, or if you try to log into your online account from a foreign or unusual IP address. The type of questions typically involve the name of your high school, where you were born and the make or model of your first car. If I’m on your Facebook profile and you’ve filled out the “About Me” section, I’ve just been able to answer two of those three questions, if not all of them. Data breaches exposed 4.1 billion records in just the first six months of 2019, and you can bet most of this information is already available on the dark web, giving cybercriminals even more ammo against you.
Date of Birth
We all love getting those birthday messages on Facebook once a year, but please stop putting your full birthdate on Facebook! Remove the year at the very least. When you set up anything online, nine times out of 10, if not 9.9 times out of 10 you’re going to be asked for your DOB.
While on the subject of information often readily shared on social media — let’s talk about your mobile phone number. Some of you still have your number on your public Facebook page and some of you still post it on your wall when you get a new number: “Hey guys, new number +44 xxxxxxxx – text me.” You’re handing a fraudster your phone number, your full name, your DOB and all these other little tidbits of personal information that they can use for SIM swapping — this is when a fraudster requests a new SIM card from your phone company for your phone number. Just think about what someone could do if they had access to your SIM card! That’s right, they could access all your social media accounts, your banking apps, your Uber account, even your Deliveroo. They’ll be rich, well fed and driven around by a chauffeur within the hour.
Always check your photos before you post them online. You’d be amazed at the type of photography software that people have access to, all that can enhance the clarity on that picture you took where your bank card was visible in the background. Also, if you’re traveling (or reminiscing about traveling), never post a full photo of your boarding pass since there’s actually sensitive information about your passport buried in that boarding pass, most of which makes no sense to you. If you want to post a photo of that boarding pass with a cocktail in the background, make sure you cover the majority of your ticket with your passport — but only the front cover of your passport, not your open passport!
These are just small changes you can make to protect your identity. We’re all spending more time online now so be vigilant, keep your personal information safe and report any type of suspicious fraudulent activity to your bank or social media accounts as soon as possible.
You are your first line of defense against fraud.