If I told you that every hour spent online—responding to emails, researching for work or pleasure and even searching restaurant reviews—significantly increases your risk of identity theft or impersonation, would you believe me?
I did not always have this dire-sounding opinion. Although I have had my debit card compromised a few times, I never had trouble getting the money put back into my account or getting a new card. I know some people have had their identities or banking information stolen to the point where they could not even pay their bills, but those stories lacked a personal connection. It seemed far-fetched, like something that would never happen to me.
My naivety changed when I heard the following stories first-hand. I am now convinced this problem has come to all households, small businesses, and non-profits across America. Today I want to tell you how you can prevent this from happening to you. But first, these are three of the stories that brought this exposure home for me.
- The bookkeeper of a local small business with about 25 employees received a terse email from the CEO, asking him to wire several thousand dollars. The bookkeeper started setting up the transfer of funds. Only when he happened to personally speak with the CEO did he discover this request was a scam. Interestingly, this exact same situation took place in a small local non-profit as well.
- Similarly, an employee of a 40-person company received an email, purportedly from his CEO, asking him to purchase several gift cards and send photos of the front and back, so they could be cashed remotely. This request was timed to coincide with the travel of the CEO. The employee complied, and only discovered after the gift cards were drained that the request was a hoax.
- Shortly after purchasing a phone system from a trusted vendor, a non-profit received an email asking for payment by wire. Since they had wired money to this vendor in the past, they complied. Several weeks later, they learned the vendor had been cleverly impersonated and the money was gone forever.
The risk is not only having your own money or identity stolen, but also compromising the private information of others. A friend who works for a public affairs firm, is concerned about the sensitive client information that could be exposed if his emails were compromised. Being the weak link in someone’s trade secrets being exposed could be grounds for a lawsuit.
So, what can you do to minimize your risk? Start with these three safeguards:
- First, guard access to your computer and phones. Be careful of the apps you download, the sites you visit, and the links or attachments you click on, to name a few examples. An innocuous attachment could download hidden software onto your computer, allowing criminals to see every keystroke. The same sort of unauthorized access can happen over an unsecured Wi-Fi network.
- Second, be careful of the information you send and act on via the Internet. Any urgent request should be viewed with suspicion. Criminals make requests in such a way to play into our desire to help others. Always verify urgent requests by speaking to the person via phone or in person. If you can’t do that, call a phone number you already have on file instead of using the one included in the email. The links and phone numbers in the email could actually connect you to a smooth-talking criminal.
- Consider the following insurance products, in case your preventative measures fail. As an individual, you can purchase Identity Fraud reimbursement coverage, typically for about $25 annually, as an add-on to your homeowners or renters insurance. This coverage can provide reimbursement for the expenses incurred from reclaiming a stolen identity–attorney and bank fees or missed work, for example. Small businesses and non-profits can often add some coverage to an existing insurance policy, or purchase a stand-alone Cyber policy for more complete protection.
Even if you do not purchase insurance at this time, obtaining a quote will help you learn your current vulnerabilities. I encourage you to contact one of the Merriam representatives who typically assists you, or contact me directly.