As hacking and online fraud become more prevalent, it’s important to take steps to protect your identity and your assets. We see in the news that just a couple weeks ago DarkSide hacked into Colonial Pipeline and disrupted the gasoline supply throughout Southeastern states. There are smaller examples too. A friend of mine had his personal identifying information leaked in another hack and discovered fraudulent attempts to collect unemployment insurance in his name and several online bank accounts opened using that stolen information. His information was sold on the “dark web” (that portion of the Internet that can only be accessed through special types of software and is often used to anonymously conduct illegal activity).
It becomes important to guard your personal information. There are increasing reports of customer account takeover (ATO) incidents, where bad actors use compromised customer information such as usernames and passwords to gain access to online accounts. They lure people through phishing emails and social engineering attempts, like calling customers, pretending to be registered representatives from advisory firms and asking people to verify personal identifying information.
Fraudulent emails and text messages are not only common, but they are also increasingly convincing. If an e-mail or pop-up window asks you to enter your username or password, don’t do it. Instead, open your browser and go to the site directly. If you’re still not convinced, contact the company or entity that supposedly contacted you. Reputable companies like Brixton Capital Wealth Advisors will never ask you for your login information through an e-mail.
Some hackers use more sophisticated methods of account takeovers, like automated attacks that mimic cell phones that have been compromised.
The reality is that many people use the same login information. More and more of our financial and business affairs are handled online, using computers, tablets and cell phones. Each one needs a username and password. It’s tempting to repeat these for ease in remembering. The trouble is that if a bad actor gets your password, it can open up mayhem across many different accounts.
Consider using a password manager—an application that protects online accounts by suggesting and saving individual, strong passwords for each login. The password manager then automatically fills in the password whenever customers access their accounts online. And write down your passwords so you have a hard copy. It may be old school, but it is safe.
Passwords alone are not enough to protect your identity and accounts. Two-factor authentication (2FA or MFA, for multifactor authentication) adds another layer of protection. Authenticator apps, such as Authy, Google Authenticator, or Microsoft Authenticator, enable one of the more-secure forms of 2FA.
As implied in the name, two-factor authentication improves security beyond what a single password provides app by adding another factor in addition to that password. The 2FA sends send a code to your phone. In that way, your password plus the token from your smartphone confirm your identity.
Another practical way to protect your identity and your accounts is to check regularly to make sure no fraudulent activity has taken place. If you notice activity you do not recognize, contact the financial institution immediately.
With all the data breaches reported in the news, it may help to subscribe to a service that provides identity theft protection. Identity theft protection services cannot prevent a data breach or other types of identity theft but it can help monitor your financial accounts, as well as publicly available information about you on the internet.
The information and types of technology available to us today are truly amazing. And using them involves risk from bad actors. So be vigilant and proactive in protecting your identity.