Cybercrime is on the rise and we’re all exposed, without exception.
The FBI fielded 300,000 more complaints regarding suspected internet scams in 2020 than it did in 2019 — many designed specifically to exploit the COVID-19 pandemic and the stimulus money doled out by the federal government. On the dark web, Social Security numbers, passports and credit card information sell for as little as $1.
“Everyone’s information is available,” says cybersecurity expert Brett Johnson.
With all the non-stop news about cyber attacks on gas pipelines, meat plants and fertility clinics, it’s easy to get overwhelmed. But Johnson, a former cybercriminal who once ran a popular online identity theft ring, says being aware of these dangers isn’t enough. If you want to avoid becoming a victim, you need to take action.
“You can't wait for someone to protect you," he says. "You have to try to protect yourself.”
Step one: Think like a hacker
Johnson knows a thing or two about cyber attacks. Between 2002 and 2004, he ran ShadowCrew, credited as the first forum for cybercriminals to share tips on hacking, credit card fraud and various other scams.
These days, Johnson works as a cybersecurity consultant and public speaker, and is dedicated to helping people avoid falling victim to cybercrime.
His advice varies from person to person.
Someone who works in upper management at the top of the corporate ladder might get hit with sophisticated cyber attacks aimed at installing ransomware in their company’s network. (Often, this kind of attack paralyzes their company’s operations until they agree to pay a ransom.) Other people might fall victim to identity theft or credit card fraud.
Understanding your place in this "cybercrime spectrum" will allow you to protect yourself accordingly, Johnson says.
Regardless, who gets hit first is not determined by algorithm or strategy, he says. It’s all ease of execution.
“It boils down to who is an easier victim,” he says. "Who is that lowest-hanging fruit?"
Step two: Protect yourself like one
The best deterrent for cybercrime is making a criminal think you're not worth the effort. And Johnson says "you can be better protected than 90% of the people out there" with these three things:
Use a password manager
Most people use the same password, or variations of the same password, across their digital existence. So if just one of their credentials falls into the wrong hands, they can end up losing everything from their Gmail account to their online banking logins.
The solution, Johnson says, is a password manager. With the help of this software, you can generate a unique and strong password for every one of your online accounts — all stored behind an encrypted key known as a master password.
Monitor your credit
Sites like CreditKarma and Experian offer credit monitoring services that alert you of any suspicious activity on your accounts, or if your information has been compromised in a data breach. Some even notify you if your information has been spotted for sale on the dark web. Many credit monitoring services are free and offer premium features as an upgrade.
Freeze your credit
A credit freeze can be an effective tool even if you've never been a victim of identity theft, Johnson says.
It restricts access to your credit report, making it impossible for a criminal to open up a new line of credit under your name. Freezes don't prevent unauthorized credit card purchases, and you'll have to unfreeze your credit if you want to, say, open up a new credit card. But the process is completely free, and usually takes effect immediately.
Step three: Treat social media like the threat it is
Posting an overabundance of information, photos, geo-tags and other data on your social media profiles gives bad guys some key resources to act against you.
Mother’s maiden name? There’s that selfie with a tag. Alma mater? Check out the pic from last year’s reunion. It’s all there.
“Criminals will go through every single bit of social media to find anything they can use to their advantage,” says Johnson. Carelessly volunteering all this data can become a big liability.
Be careful about what you post. Check your privacy settings, and make sure you're not revealing your location, or using the same password to log into third-party websites. It's also a good idea to go over your “friend” list with a fine-tooth comb, Johnson says.
"Do you actually know your 10,000 'friends?'" he says. " If you don't, why on earth are you sharing anything with them?”
Step four: Protect yourself offline too
New scams have emerged in light of the pandemic, looking to cheat people out of their stimulus money. Wide-scale uncertainty added to the problem, with many Americans lowering their guard due to work from home arrangements and other new responsibilities. And while many of the scams people fall victim to have been around for decades, they're becoming more sophisticated every day.
"Spoof calls"— fake calls that appear to come from a police station, hospital or social security office — are a prime example. For most people, getting these kinds of calls forces them to react emotionally while proper reasoning takes a back seat.
Let’s say you get a call informing you that something terrible will happen unless you hand over some money. Maybe you’re being told that your last few child support payments have bounced, or that your grandson is in jail and needs bail money.
Even if you're skeptical, simply engaging with these scammers can be harmful, Johnson says, since the person on the other end can use whatever you tell them to fill in the blanks on the profile they're creating of you and your household. (Saying something as innocuous as "stop calling my house," for instance, confirms that you're on a residential phone that another family member might also use.)
The best advice, Johnson says, is to hang up the phone.
If you believe your personal information may have been compromised, use Money’s free search tool to check if your email address was exposed as part of a data breach.