Cybersecurity Account Take-Overs

Protecting Yourself Online

Account Take-Overs

This is a follow-up to this post on digital safety.

A few weeks ago, I received in the mail yet another data breach notification.  This time, from Ticketmaster–my name, address and credit card info had been stolen.  That was on the tail of a massive AT&T data breach that leaked pretty much everything about me, including my social security number.  That came after T-Mobile was also breached (twice).

So… yeah. My entire identity is pretty much out there, available to any scammer to exploit.  

This post is about protecting yourself against ATOs (Account Take-Overs) and securing your credit reports. 

Password Managers: Your First Line of Defense

My assumption is that you have read my previous post and have chosen to use a password manager.  A password manager is an essential tool for maintaining strong, unique passwords across all your accounts. Here’s what you need to know:

  • Choose a reputable password manager (e.g., Apple Password Manager, Google Password Manager, or third-party options like Bitwarden or 1Password).
  • Use the password manager to generate and store complex, unique passwords for each account.
  • Remember ONE master password to access your password manager.

Important Notes:

  • If using Apple Password Manager, you only need to remember your Apple ID password.
  • For Google Password Manager users:
    • Remember your Google Account password.
    • If you’ve encrypted your password data (recommended), you’ll need a SECOND password.
  • Users of third-party Android phones may need to remember an additional (THIRD) password for their vendor ecosystem (e.g. Samsung, etc).

By using a password manager, you significantly enhance your online security without the burden of memorizing multiple complex passwords.

Protecting Yourself

Studies show that social media, banking and email accounts are the most likely accounts to be taken over by scammers.  So let’s use that information to focus our attention.

Protecting Your Most Crucial Accounts

Of all the accounts you own, your email and mobile accounts are the ones you need to protect above all else.  Your email is used to reset passwords, receive 2FA (Two Factor Authentication) codes, can be used to retrieve personal information, etc…   Your mobile phone is used to receive 2FA codes or password reset links. 

So, what you need to do right away, is make sure you are using:

  • A really strong password managed by a password manager. The password should be something that you CANNOT remember because you are using a password manager to keep track of it.
  • A 2FA method for your email (most likely your phone to receive SMS codes).  For your mobile account, you can use SMS codes, but also consider using an authenticator app. That way, even if you cannot receive an SMS code for whatever reason (middle of the ocean on a cruise ship), you can always access your mobile account.
  • SIM Swap or Port-Out Attack:  Make sure you lock down your mobile account to prevent a fraudster from requesting your phone number be ported out to a different carrier.  If that happened, you would lose access to your phone number and the scammer would gain access to your SMS authentication codes.

Account Cleanup

Strengthen your overall security by addressing potential vulnerabilities:

  1. Review and update contact information for all important accounts.
  2. Remove outdated information (e.g., old phone numbers or email addresses).
  3. Disable or remove unused accounts.
  4. Use your password manager to set unique, strong passwords for each account.
  5. Enable multi-factor authentication wherever possible.

Tip: Your security is only as strong as your weakest link. Regularly review and update your account settings to maintain robust protection.

Dealing with Security Questions

While outdated, some services still use security questions. Here’s how to handle them securely:

  1. Never use real, easily researched answers.
  2. Create random, nonsensical answers for each question.
  3. Store these answers securely in your password manager or a secure note app.

Example:

  • Question: “What’s your mother’s maiden name?”
  • Secure Answer: “PurpleElephantSunshine22”

Remember: Treat security question answers like additional passwords. They should be unique for each account and impossible for others to guess.

Securing Bank Accounts

Banking information requires extra vigilance due to its sensitive nature:

  1. Use strong, unique passwords and enable 2FA for all online banking accounts.
  2. Monitor your accounts daily for any unauthorized transactions.
  3. Be cautious with your account and routing numbers:
    • Avoid writing checks when possible.
    • Use secure online payment methods instead.
  4. Never share account information over phone, email, or text unless you initiated contact.
  5. Set up alerts for large transactions or unusual activity.

Remember: Your bank will never ask for your full account details or passwords via email or phone. When in doubt, contact your bank directly using their official website or app.

Software Hygiene

Maintaining your devices and software is crucial for overall cybersecurity:

  1. Keep all devices (computers, phones, tablets) updated with the latest operating system and security patches.
  2. Use antivirus software, especially on Windows computers.
  3. Be cautious with browser extensions:
    • Only install from official stores.
    • Regularly review and remove unused extensions.
  4. For MacOS users:
    • Stick to App Store downloads for increased security.
    • Enable automatic updates.
  5. For Windows users:
    • Consider using Microsoft Defender.
    • Be cautious when downloading software outside the Microsoft Store.
  6. Separate your activities:
    • Use different devices or user accounts for sensitive tasks (banking, email) and general browsing (especially by kids) or gaming.

Tip: Set up automatic updates for all your devices and software to ensure you always have the latest security protections.

Social Engineering Scams

Social engineering attacks exploit human psychology rather than technical vulnerabilities.  Those attacks can be harder to detect and guard against.

  1. Be skeptical of unsolicited communications, even if they appear to be from friends or trusted organizations.
  2. Verify unexpected requests for money or personal information through a separate, trusted channel.
  3. Be wary of urgency in requests – scammers often create a false sense of emergency.
  4. Watch for red flags in social media:
    • Sudden changes in posting behavior
    • Requests for money or personal information
    • Links to unfamiliar websites
  5. Educate yourself about common scams:
    • Romance scams
    • Phishing emails
    • Fake tech support calls
    • Investment scams
  6. Consider restricting your privacy settings on your social media accounts (like Facebook) so scammers have fewer bits of information available at their disposal.

Resources:

Remember: If something seems too good to be true, it probably is. Trust your instincts and verify before taking action.

Credit Reports

Securing your credit reports is another crucial step in protecting your financial identity:

  1. Create online accounts with all three major credit bureaus:
    • Equifax (equifax.com)
    • Experian (experian.com)
    • TransUnion (transunion.com)
  2. Use your password manager to create strong, unique passwords for each bureau.
  3. Freeze your credit reports with each bureau:
    • This prevents new accounts from being opened in your name.
    • You can temporarily lift the freeze when needed (e.g., applying for a loan).
  4. Store any PINs or passwords related to your credit freezes securely.
  5. Consider credit monitoring services:
    • Many are offered free after data breaches.
    • They can alert you to potential fraudulent activity.

Note: While credit bureaus currently lack 2FA options, use all available security measures they offer.

What to Do If You’ve Been Scammed

If you suspect you’ve fallen victim to a scam:

  1. Don’t blame yourself – scammers are sophisticated and anyone can be vulnerable.
  2. Act quickly:
    • Contact your bank or the affected company immediately.
    • Report the incident to local law enforcement.
  3. Document everything:
    • Save all communications related to the scam.
    • Take screenshots if necessary.
  4. Contact AARP’s Fraud Watch Network Helpline (877-908-3360) for guidance and support.
  5. Report the scam to relevant authorities:
    • Federal Trade Commission (FTC) at ftc.gov/complaint
    • Internet Crime Complaint Center (IC3) at ic3.gov
  6. Monitor your credit reports and financial accounts closely for any suspicious activity.
  7. Consider placing a fraud alert on your credit reports.

Remember: Recovery from a scam can take time. Be patient with yourself and don’t hesitate to seek support from friends, family, or professional counseling services if needed.

Conclusion

In today’s digital landscape, protecting your online accounts is more important than ever. By implementing the strategies outlined in this guide – from using a password manager to securing your credit reports – you can significantly reduce your risk of falling victim to cyber attacks and fraud.

Remember, cybersecurity is an ongoing process. Regularly review and update your security measures, stay informed about new threats, and always err on the side of caution when it comes to your personal information.

Take action today: Choose one security measure from this guide and implement it right now. Your future self will thank you for taking these important steps to protect your digital life.


Comments

3 responses to “

Protecting Yourself Online

Account Take-Overs

  1. Gordon Smith Avatar
    Gordon Smith

    Jean-Marie, this is a really useful, crisp yet comprehensive set of practical tips for keeping my digital information safe. Thanks!

  2. Karin Crosby Avatar
    Karin Crosby

    Thanks Jean Marie, this is very helpful.

  3. Donna Lewis Avatar
    Donna Lewis

    Excellent advice! Thank you Jean-Marie!

Leave a Reply

Your email address will not be published. Required fields are marked *