Sensitive consumer information is bought and sold every day to be used for phishing, identity theft, online hacking, and bank fraud. Hackers can pool information retrieved from various sites to create an entire customer record.
It does not take years, or months, or even days; it can happen in less than one hour. Just ask Mat Honan, the Senior staff writer of Wired was the target of an epic hack.
“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, and then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”
How Can This Happen?
Hackers gathered data from various sources to wreak online havoc. The target of the attack was Honan’s Twitter account, but it could have been much worse.
Synthetic fraud schemes are on the rise, thanks to the abundance of security breaches recently, including: two million German Vodaphone customers, credit card numbers from Home Depot, and the Apple iCloud hack.
Simple data such as name, gender, birth date, and addresses are used to gather more data. Victims of recent hacks were warned of possible phishing attempts. With attackers having significant amounts of real information, phishing seems like legitimate communication from banks and credit card companies.
Synthetic ID fraud has emerged, accounting for 88% of Identity Fraud. Hackers still cross-reference data, but they either create fake IDs to get credit cards or re-create debit cards to withdraw cash from ATMs.
How Can Consumers Protect Themselves?
While people cannot prevent attackers from hacking into businesses that store sensitive data, consumers can take steps to control any collateral damage.
Make it Harder. Mat Honan admitted that many of his accounts were daisy-chained together. It is something that many of us do, especially when engaging in so many different social media and regularly visited sites. People tend to use the same password for everything as a convenience.
Password Protection. Never use personal data as a password, like a birthday. Don’t click on links in emails asking for password changes or requests to confirm account information. Make security question answers less generic.
Don’t let hackers destroy your identity.