Las Vegas Sun

October 23, 2018

Currently: 63° — Complete forecast

5-MINUTE EXPERT:

How to protect yourself from hackers and email phishers

Image

Damian Dovarganes / AP

Hands type on a computer keyboard in this Feb. 27, 2013, photo illustration. U.S. officials estimate an average of 12 million Americans have their identities compromised each year.

As technology improves, hackers have become smarter and their techniques more advanced. The personal information of innocent and unknowing victims, many of whom live in Las Vegas, is out there for the taking.

The U.S. Federal Trade Commission estimates an average of 12 million Americans have their identities compromised each year in the form of their driver’s license, Social Security, bank account or credit card numbers, resulting in more than $15 billion in theft annually.

An independent study from New York-based Harris Insights & Analytics estimated that as many as 16 million Americans, or 5 percent of people living in the U.S., were victims of identity theft in 2017—up from just under 15 million in 2016.

Tips for protecting your identity

Did you know?

A 2016 report from the FBI suggested the effect of phishing scams cost Americans more than $5 billion a year. Spotting a phishing attack can be difficult, Boston-based fraud expert Robert Siciliano wrote, but basic errors, such as poor spelling and grammar and a strange or mismatched sender address are warning signs.

1. Use two-factor or multifactor authentication. Known as 2FA, two-factor authentication is an extra layer of security that requires not only a username and password, but an added security measure that only the user should have access to at the time of logging in. The most common two-factor authentication required by companies is a code sent to a user's cellphone, either by text or automated call, that the user will have to confirm.

2. Create original passwords with unique capitalizations, numbers and letters. Use “3” for “e” or “!” for “i.”

3. Don't store or share personal information on social media. Facebook, Twitter and LinkedIn have all had massive data breaches since 2015. Any information on those pages can become public when the sites are hacked.

4. Stay up to date with software. Operating system upgrades and security patches are among your computer's strongest protections from identity theft hackers because they close loopholes that may leave your computer vulnerable.

5. Shred unnecessary papers with personal information. Documents with bank accounts, Social Security numbers, credit cards and signatures can also be swiped off a desk at work or home.

6. Monitor your accounts. Catch and stop identity theft in its early stages by keeping a close eye on your expenditures and accounts.

Phishing scams

Phishing is one of the easiest and most efficient ways for a cyber thief to steal a victim's personal information and identity. While most are targeted via email and phone calls, phishing has spread to social media, texting and mobile apps, writes Carrie Kerskie, a Florida-based national expert on identity theft. Here are a few common methods:

1. Fake calls or email requests to “verify” information, such as passwords, Social Security numbers, bank and credit card information, as well as scammers posing as financial institutions, tech support agencies, hospitals or collection bureaus.

2. Links disguised as “winning vouchers” that instead download and install malware and viruses. In order to win the prize, victims are directed to enter their personal information, which puts it into the hands of hackers. If an email prize offering seems too good to be true, it usually is, Kerskie said.

3. Fraudsters using false phone numbers, social media accounts and email addresses over time to develop a relationship with the victim and then obtain personal information.

4. Viruses hidden in Microsoft Word documents. The fraudster will trick the victim into enabling macros, stating an update needs to be installed or permissions need to be given to allow the document to be viewed properly, according to Boston-based fraud expert Robert Siciliano.

Cloud protections

Cloud storage is used by nearly 2 billion people worldwide, according to market research firm Statista. But only about a quarter of those people completely trust that the cloud will keep their data secure, according to a 2017 report by Forbes.

Users of popular cloud platforms such as iCloud, Google Cloud, Microsoft OneDrive and Azure, DropBox and Amazon Web Services should always exercise caution, Siciliano warned.

The best way to avoid risks is by ensuring a provider encrypts data files during storage, as well as transit, within a range of 128 to 256-bit.

Encryption

Encryption, encoding information so that only authorized parties can access it, is one way to protect from identity thieves. Messages, calls or video sent using encryption are wrapped in a digital key that’s scrambled when it’s sent and can only be “unlocked” by the recipient. Digital encryption, used by messaging service WhatsApp, is extremely complicated, said security expert Jake Williams, founder of cybersecurity provider Rendition Infosec, making the technology harder for a hacker to crack. But as any technology, encryption will not always protect users as long as it’s owned by another company.

Identity theft in Nevada

Using FBI and Federal Trade Commission data from 2017, personal security website ASecureLife ranked Nevada as the riskiest state for identity theft. The distinction factored in average loss per victim and the number of victims per 100,000 residents.

“If you think about gambling and spending in Nevada, it could be a place thieves look for victims,” company spokeswoman Emily Patterson said. “A lot of protection also is related to better online hygiene practices.”

With the average victim losing $5,964, the state ranked seventh among U.S. states in average dollar amount lost per victim. Its 14.4 victims per 100,000 residents ranked second only to Hawaii, but its total identity theft loss per capita was more than double the next closest state.

The study looked only at residents, meaning more than 42 million tourists who visit Las Vegas each year were not included, Patterson said.

Can hackers listen to me talking on the phone or video chatting?

Richard Stiennon, chief strategy officer at Blancco Technology Group, believes that each digital action and click a user makes, even on their private computers and servers, is subject to being watched—by hackers, governments or even computer companies.

That includes video chatting and phone conversations, which Stiennon said are more vulnerable than ever.

Like Williams, Stiennon recommended using fully encrypted apps, such as WhatsApp, for messaging, video chat and audio calling.

Hacking and elections/voting booths

Hackers’ reach can go as far as the ballot box, as seen during a well-publicized hack of Virginia and Illinois-based voting polls in the 2016 elections.

Demonstrators at the annual Black Hat Convention in Las Vegas demonstrated the hack, which Nevada is immune from because of updated technology that uses encrypted servers, said Wayne Thorley, deputy secretary of state for elections.

The 2017 Legislature allotted $8 million to help counties purchase updated voting equipment, which was in place statewide for this year’s primary. Electronic poll books are connected to a network that communicates with county voter registration databases, protected by counties, Thorley said.

Joe Gloria, Clark County registrar of voters, said work to secure election and voter infrastructures was ongoing well before 2016.