If you’re a fan of superhero films, chances are good you’re familiar with the super villains in the latest films from DC (Wonder Woman and Justice League) and Marvel (Spiderman: Homecoming and Doctor Strange). And though those villains are just a fantasy, rest assured that villains exist in real life too—and they’re closer to you than you might think.
This year, cyber villains are on the loose and armed like never before. The Equifax and Alteryx breaches mean your personal information is out there for cyber criminals to find and use for personal gain. High net worth individuals, their families and their businesses are at a particular risk of attracting the attention of cyber criminals. It’s important to be aware of the risk and learn from others’ mistakes to ensure you’re not the next victim.
Here’s a scenario: A cybercriminal selected his target, a highly reputable and well-known doctor. The bad actor then contacted the doctor’s internet server provider and social engineered the customer service representative that he was locked out of this email account. Once in the doctor’s email account, the criminal determined where he held his investments and which credit card company he used. With this information, the villain then social engineered the investment company representative to transfer all of the assets into his account.
Although the doctor did not have strong authentication set on his accounts, his investment company did leave him several voicemails because the transaction was abnormal based on his previous activity. This time, the criminal was thwarted by a single phone call made by the doctor between seeing patients.
Unbeknownst to the doctor, the criminal was also manipulating the customer service representative at his credit card company. Once again, the doctor received a message that new credit cards had been ordered and would be shipped to a new address that was not on file. The villain was thwarted again. Or so the doctor thought…
Because of the account compromise, the company issued the doctor new credit cards. The criminal logged into the doctor’s online shipping account and changed the destination in his favor. Several days later, after not receiving his cards, the doctor became suspicious. He called his credit card company to find out why the credit cards had yet to arrive, only to find out that shipping address had been changed and the delivery signed for. Various large purchases had also been made in his name.
The doctor had had enough. He had patients’ lives to save, and no time for cybercrime. So he turned to the various tools that are available to anyone to protect their privacy online. Here’s what he did to protect himself—and what you can do too.
- His first tool was a password storage utility. The doctor used the safe to auto generate strong, unique passwords for each of his accounts. Take a look at LastPass, PasswordSafe, LogMeOnce or KeePass.
- His second tool was Multifactor Authentication (MFA) enablement. This way, next time someone got hold of one of his passwords, it would not be enough to compromise his account. To manage your MFA accounts, try Google Authenticator or Microsoft Authenticator.
- Next, the doctor called his financial institutions and had them enable voice and phone printing and lower limits on all transfers. (Thank you, Pindrop).
- Fourth, the doctor changed all of his security question answers to nothing that would resemble the truth. Because of prior security breaches, true identity information could easily be found online. He stored the illogical answers in his password storage utility.
- Finally, the doctor committed to tell all who would listen how to protect themselves from bad actors everywhere. It’s most important to remember to spread the word. The more people who talk about cyber safety, the more difficult it will be for bad actors to steal their information.
