A few days ago, our corporate parent sent an email to all employees, warning of the growing threat of cyberattacks focused on disrupting critical infrastructure and financial systems in Ukraine and beyond.
Protect yourself:Americans are at higher risk of Russian cyberattacks after Ukraine invasion: What you should do right now
We were instructed to take stronger steps to protect our social media accounts with something called two-factor authentication, which just means the platform will send you a text or email to your verified account in order to give you an extra code when you log on. That can be further protection against a scammer taking over your account or locking you out.
It was also suggested that we do the same for our personal email accounts. Our work accounts already have layered protections in place.
We were also warned against humanitarian aid fraud, fake Linkedin profiles and phishing, the term used for emails that appear to come from real accounts you have, but are a ploy to get you to share your log-in or other financial information.
Talking Tech: How to protect yourself from possible cyberattacks: Talking Tech podcast
That led me to reach out to Eva Velasquez, the CEO of the Identity Theft Resource Center. I have interviewed Velasquez quite a bit over the years and she and her San Diego-based nonprofit are very helpful for consumers who have been victims of Identity Theft or in counseling people on how to protect themselves. Their services are free at at www.idtheftcenter.org or 888-400-5530.
Velasquez gave me so much great information that I want to share with readers. I’m going to split it between two columns this week and next. You can also listen to my interview with Velasquez on this week’s Now You Know Akron podcast, which is the weekly Beacon Journal podcast available at www.beaconjournal.com, wherever you download your favorite podcasts or at https://tinyurl.com/yu9xbknn
Podcast:Missed a Now You Know Akron podcast? Here’s the set list
Scammers take advantage of times of crisis
Velasquez said it doesn’t matter if it’s a weather event, like a hurricane, or the pandemic, or now the crisis in Ukraine, there are always fraudsters who will take advantage of that sense or urgency or need.
“We know that these types of conflicts are always going to bring cyber incidents,” she said.
Last year, her organization tracked more than 1,862 data breaches. That’s an all-time high since the organization began tracking the events in 2005.
“So we are already at a peak and when you add a conflict such as this into that mix, we’re going to continue to see data breaches and cyber events,” she said.
Consumers need to be leery of a few things, she said.
Beware of charity scams
The first is charity scams.
“Very good-hearted, philanthropic people are going to want to support others. But I always tell people ‘Don’t let the charity pick you. You pick the charity,” she said.
Do your homework, including looking at third-party accreditation sites, like the Better Business Bureau’s Wise Giving Alliance or GuideStar or Charity Navigator, she said.
“If you already donate to an organization that may that you know well and that you’re familiar with, that’s one thing. But with new organizations or places you’ve never heard of — and I say this as a charity organization that relies on donations — I’m not at all saying never give to a new charity. I’m simply saying, do your homework.”
“Scammers rely on your emotions,“ Velasquez said.
Don’t recognize? Don’t click, share info
Be on the lookout for phishing emails. Don’t respond to unsolicited text messages or click on any links and don’t respond to direct messages on your social media from people you don’t know who are asking you to take some action, she said.
The advice to set up multi-factor or two-factor authentication on all accounts, including social media accounts which have become the target of scammers, is important for everyone, Velasquez said.
Equally important, she said, is don’t share those codes with anyone.
Scammers are doing a lot of social engineering, which is a term for working on people by watching their social media posts or other methods to gain your trust and tricking you into giving your information to them instead of them stealing it, said Velasquez.
More:Betty Lin-Fisher: Think you know all the tricks of the trade of hackers? Here’s some more
What social media harm happens?
We know that when scammers are trying to trick consumers in many ways to hand over financial information or go and buy a pre-paid debit card to “pay” them, but I asked Velasquez to explain the extent of the harm of someone taking over your Facebook or Instagram account.
The scammers are trying to pose as you to gain the trust of your social media friends or followers, she said.
Then the “chain of victimization goes on and on,” she said, because your friends may then think it’s you and become victimized by whatever the scammers are touting. That could be anything from a request for a “donation” to a cause you have had previously on your social media (or so you think) to buying a product or an investment.
It gets crazy enough that there have even been victims of what Velasquez called “hostage videos” or videos people feel they are forced to make when a scammer has taken money from a victim and says you have to make this video to get access back to your account. The scammer orders a “hostage video” for the victim to pretend everything is great and to say something good about the “opportunity” or scam.
Don’t make the hostage video, Velasquez said. Report it to the social media platform where you have lost your access to reclaim your account and contact the ID Theft Center if you have been a victim, she said.
Practice good password hygiene
We’re all well aware of good COVID-19 hygiene or washing our hands and socially distancing. But good password hygiene is also important, said Velasquez.
“Unfortunately, due to the state of data breaches, a lot of usernames and passwords have been compromised. They’re available for sale on the Dark Web,’ she said.
More:Betty Lin-Fisher: A behind-the-scenes look at the Dark Web and professional break-in artis
She suggests practicing good password hygiene, which means not using the same password for multiple accounts.
You should have unique user names and passwords on each account and passwords should be 12 characters or longer and unique, Velasquez said. Additionally, don’t forget to set up that multi-factor authentication, “so even if the password and username are compromised, they can’t get in.”
Coming next week
Did you get an email letting you know that you were part of a settlement for free credit monitoring through the Equifax data breach settlement? Velasquez and I will share more about credit monitoring and credit freezes.
Beacon Journal staff reporter Betty Lin-Fisher can be reached at 330-996-3724 or firstname.lastname@example.org. Follow her @blinfisherABJ on Twitter or www.facebook.com/BettyLinFisherABJ To see her most recent stories and columns, go to www.tinyurl.com/bettylinfisher