Halting Hackers on the Holidays 2023

by Gary S. Miliefsky, Publisher of Cyber Defense Magazine

As we saw with major holidays including Black Friday and Cyber Monday and now right around the corner and a massive increase in shopping online for the Christmas season, we count the breaches and total personally identifiable information (PII) records lost reaching the billions.  According to Cyber Defense Magazine, someone loses their identity to a breach, every second.  Every American has had an identity theft event happen in their life more than once by the time they reach the age of 30.  There are over 25+ billion records stolen on the internet as of today.  Most of them include personally identifiable information such as names, addresses, credit cards, emails, phone numbers, passwords and many have medical records information in them.

Identity Theft Statistics: Fast Facts – Did you know?

• Losses from identity theft cost Americans $5.8 billion
• The FTC received 5.7 million fraud and identity theft reports
• 4 million identity theft cases were reported to the FTC
• $2.8 billion of losses were from imposter scams
• $392 million of losses were from consumer online shopping

With major holidays and online shopping, Cybercrime is not going away – it’s huge.  In fact it’s now the biggest form of crime, worldwide.  It has just surpassed two times the size of Drug Crime, so it’s over $1.2 Trillion in annual theft and more than doubling, annually.

Source: IdentityTheft.org

Businesses can suffer significant losses from cybercrime. The worldwide average cost of a data breach was over $5 million and over $10 million in the United States. These expenses include detecting and addressing the breach, downtime and profits lost, and long-term reputation damage to a firm and its brand. According to the FBI, total cybercrime losses are estimated to be $10.2 billion. This is nearly double the amount of the previous year ($6.9 billion).

So, with identity theft on the rise, privacy disappearing, hackers seem to love this time of year so I’ll help you navigate it with some tips and ideas to avoid the cyber grinch, this holiday season.  Now is the most important time to understand the latest threats and to be vigilant. This is your chance to help halt hackers on the holidays.

Bitcoin and other cryptocurrencies are a hot new target.  As the cryptocurrency market continues to grow year after year, cybercriminals have also become more active, taking advantage of the funds that can be found within digital exchanges and hackable online wallets. The amount stolen by hackers is over $10B in crypto and growing.  If you don’t know how to secure your crypto currency, you are a prime target for theft.  I wrote a lot about the subject in my bestseller entitled Cryptoconomy®: Bitcoins, Blockchains and Bad Guys available on Amazon.com.

NFTs are becoming increasingly popular. The NFT digital marketplace has grown to an estimated $22 billion by 2021, and it is disrupting the art world. However, theft of NFTs is expected to increase over the next few years. In spite of reports of $7 million being stolen from OpenSea users in a recent phishing attack, NFTs are still popular.   You’ll need to think about how to secure your NFT electronically just as you secure your valuables in your home.

As I’ve said before, there’s creepware and there’s spyware.  Trusted Apps on your Smartphones are spying on you.  Apps you trust like Facebook that turn on your microphone and listen in on your conversations is creepware – they admit in their End User License Agreement (EULA) that you’ve become the product, by accepting their EULA and installing their application.  Spyware is criminal software disguised as ‘cool’ apps.  Examples – flashlight apps, deepfake facial video apps, emoji keyboards.  Also, many Smartdevices have built in microphones and cameras from your smartphone to your smartTV.

Cyber hackers and criminals love the holidays:

• There’s a surge in debit and credit card usage
• There’s more packages for ‘porch pirates’ to steal
• Online shopping is easily turned into a cybercrime honeypot

With that said, here are my top ten expert tips to help you enjoy the Christmas and holiday shopping experiences, right around the corner, without losing your privacy and identity or putting your children’s safety at risk, please leverage my best tips for the holiday season

• Understand Email security basics. In an email phishing attack, you’ll receive a hyperlink that if you click, installs malware or there will be an attachment with a name you think you can trust so if you try to open the attachment, you will also get infected.  Don’t trust any hyperlinks or attachments in emails unless you are 100% certain you can trust the source.
• Learn to guard against even more sophisticated Email and SMS Spear phishing attacks. Every day, there’s a cybercriminal somewhere in the world looking to gain access to your identity and credit. They are getting smarter and they are using even more sophisticated techniques to send emails and SMS messages that look really good – like they came from someone you trust. It will usually have a link or attachment that leads to a malware infection. Some people have clicked links from banks with the name America but the hackers tricked them by using a font that makes an r and an n look like an m so it was really Arnerica and if you are really busy, you might not notice the r and n and click the link and get infected. Don’t click the links and don’t open the attachments. Talk to your family, friends and business associates and confirm the email really came from them. Most likely, it’s a cyber-attack. Ultimately, if it looks too good to be true, especially an email and even an SMS message, it probably is – so be extra cautious and vigilant this holiday season.
• Don’t fall for bank, lawsuit or IRS telephone scams.  Your bank, a lawyer or the IRS will not call you and ask for your password over the phone or tell you that you are about to be sued or that you’re going to be arrested for not paying taxes.  Visit www.donotcall.gov and put all your phone #’s on the do not call list.  If someone really annoys you and keeps calling you, report it to this group who will investigate it for you.  Also, go to www.AnnualCreditReport.com  for your free once a year credit report and look for anything strange?  If you see something odd, call all three credit bureaus and tell them you want a credit freeze and to put a lock on your credit report account.
• Change your passwords – all of them. Do it now and do it as frequently as you can tolerate. If you don’t want to change them often, then use any unique characters you can think of, such as a dollar sign ($) or an exclamation mark (!) or replace a letter “o” with a 0 (zero). This goes a long way in preventing brute force attacks against your password.  If a hacker can’t get your password easily, they will probably give up and try to attack someone else.  Make it hard for them with strong passwords that you change as frequently as you are comfortable with and no less than once per year and especially after the news that one of your accounts has been compromised.

• Clean up your apps and show your children. Assume most of your smartphone or tablet apps are malware that spies on you and your online behavior. Do you really need them? Delete any apps you don’t use often. Replace apps that take advantage of too many of your privacy settings with similar apps that don’t. On an iPhone, you’re not being eavesdropped on until you run the app.  However, I’ve discovered flashlight apps, bible apps and emoji keyboard apps that appear trustworthy and turn out to be spyware that passed the ‘security’ tests by Google Play and Apple iTune online app stores.  You really need to know who made the app, what permissions it really needs (does your flashlight need to turn on your microphone? Does your emoji keyboard need to send your keystrokes to China ie have any form of internet access and the list goes on?)  If an app uses too many permissions, or has a strange website or no customer support telephone number and the developers won’t answer your emails, better to delete the app and find one from someone you can trust and if they lose your identity, someone you can sue or get some form of reparations for the damages of identity theft. Teach your children to be smart about who they talk to online and let them know that meeting a stranger at a mall that they met online could lead to their kidnapping.  Many perverts pretend to be a 10-13 year old online so they can make friends with younger children and trick them.  Talk with your kids about this and other safety issues frequently.

• Shop online only from websites you trust. If you don’t know where the merchant is located, don’t shop online there. If they don’t have a corporate address or are located in another country, it could be iffy whether you ever see the goods you think you purchased. Also, if their shopping-cart experience is not an HTTPS browser session, then everything you type in – your name, address and credit card information – is going over the Internet unencrypted, in plain view.
• Never buy online using your credit card on a site that doesn’t have SSL (secure sockets layer) encryption installed. It’s easy to tell you are in a secure, encrypted session. You should see an icon of a locked padlock in your browser and the website URL starts with HTTPS not HTTP. Also, if you receive emails from the merchant, no matter the reason, don’t give them your credit card information over email.  If the shopping website looks too good to be true, it probably is.  Only shop at sites where you know the owner, such as a small business site or at big sites like Amazon.com where you have built-in identity theft protections.  Remember to make sure anywhere you shop is also using SSL (the lock on the browser icon next to the website name in any browser).
• Don’t use cash or debit cards. You have three major choices when shopping – cash, credit or debit. In rare but growing instances there’s even a fourth option called “Bitcoins,” which are now accepted at some merchants including Overstock.com. Bitcoins could be considered the equivalent to the cash option, because once used, you can’t get them back. So, if you have to choose among these options, the best is the credit card. Here’s why: If you experience identity theft, credit card laws allow you to keep all of your credit immediately, with no responsibility during an identity theft or fraud investigation. With a debit card, your bank’s policy can be to tie up your money in the amount of the fraudulent transactions for up to 30 days. Some have been known to take up to 60 days to resolve the issue.

• Don’t use public WiFi without using SSL encryption. Public Wifi networks can be a hacker’s dream. If they want, they can see what websites you are visiting and insert malware into your computer or other device. The hacker also has access to any information you are sending out over the Internet, which could include credit card numbers or other critical information.  Do some research about trustworthy VPNs (virtual private networks) and consider installing a VPN on all your devices.  I trust https://proprivacy.com/vpn/comparison/best-vpn-services for the list of some great personal VPN software and I’ve found one from my research on their site that I like a lot.  Most personal VPNs cost between $5 to $10 per month. If you find a free VPN you should NOT trust it.  All your device traffic flows through your VPN so the more you pay, most likely, the better the service (software, support, telephone, email, etc) although many offer discounts for annual payment vs monthly payment plans and you might even find some coupons online where you’ll get a VPN for ½ price for the first year.

• Be Wary of Porch Pirates and Scummy Skimmers.  There are hackers who have learned how to track packages online. Some of them may be criminals in your city or town. If they know a package is arriving on your porch when you are not home, they might just nab it. It’s best to have items delivered to your office or a family or friend’s house that you know will be home during the day so they can sign for it and take it inside where it will be safe.  We’ve had credit card skimmers on the gas pumps that are not monitored frequently such as at the major highway liquor store/shopping areas.  Go inside and put the card into the machine at the cash register area to be safe. Skimmers are nearly invisible and when you find out you’ve been skimmed, it’s usually after they’ve used your credit card to make illegal purchases.

Some solutions you might consider include…

• Data Recovery Services
• Cloud Backup Services
• Password Managers
• Credit Repair Services
• Parental Control Software
• People Verification Services
• Reverse Phone Number Lookups

Finally, I just want to remind you that if it’s too good to be true, it probably is a scam.  There are new attacks online where they pretend to be a family or friend you haven’t seen in years by faking their Facebook account or stealing their password.  Then they claim you can trust them to go give $500 to the US Government to get a $10,000 grant.  Then they have the fake US Government agent’s facebook account contact you in Messenger and confirm that it’s all real and you can trust them.  Just remember, money does NOT fall from trees and if you give anyone a penny of your hard earned money, never expect to see it back.  There’s online dating scams where your future soulmate asks you for money online because they need the money for the plane ticket to see you.  These people are also fraudsters who should be in jail.  Remember, if someone calls you claiming to be from the IRS or a law firm or Microsoft technical support asking for money these are the three biggest phone scams lately. Never give your credit card or personal information to anyone over the phone, especially if they are calling you. It costs you nothing to put yourself on the National Do Not Call Registry https://www.donotcall.gov  – it won’t stop everyone but it will cut down on unwanted telemarketers. If you think you’ve been a victim of an identity theft, please visit https://www.identitytheft.gov  and follow their instructions.  Also, read this excellent resource from National Cybersecurity Alliance (staysafeonline.org).

About the Publisher

Gary Miliefsky, Publisher & Author. Gary Miliefsky is an internationally recognized cybersecurity expert, bestselling author and keynote speaker. He is a Founding Member of the US Department of Homeland Security, served on the National Information Security Group and served on the OVAL advisory board of MITRE responsible for the CVE Program. He founded and is the Publisher of Cyber Defense Magazine since 2012. Visit Gary online at: https://www.cyberdefensemagazine.com/