Online Identity Fraud and Employee Engagement
In order to increase engagement in a cyber awareness program, show employees how better cyber hygiene can help their personal lives. One way? Preventing online identity theft.
Online Identity Fraud
A 2018 Identity Fraud Study conducted by Javelin Strategy & Research found that in 2017, the total number of fraud victims was estimated at 16.7 million consumers. So much of this fraud happens online. The report also noted that 6.64% of consumers fell victim to identity fraud last year, an increase of one million victims from 2016, due mostly to an increase in account takeover schemes (ATO).
Account Takeover Schemes
An account takeover occurs when a fraudster gains control of your account. Often, phishing scams are the precursor to an account takeover. The fraudster gets your username and password through a successful phishing attempt. If your email account login is phished, the fraudster can control your entire online identity. They will search your inbox for financial information, other account login information, and spam your contacts with malware or spyware. Javelin found that ATO losses reached $5.1 billion last year and victims spend an average of $290 out-of-pocket costs and 16 (highly frustrating!) hours to resolve the issue.
How to Protect Yourself
A joint study between Google, University of California, Berkeley, and the International Computer Science Institute entitled Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials notes the danger of authentication that relies solely on a username and password- these credentials are easily stolen or phished away, leading to an account takeover. The study also identifies mitigation techniques that focus on three areas: password hygiene, phishing recognition, and two factor authentication (2FA).
First, maintain a strong password and do not repeat passwords across accounts. If your password is compromised on one account, all other accounts with the same password will be vulnerable. We know it’s difficult to keep track of a bunch of complicated passwords so consider a password manager.
Next, be on alert for phishing scams. Don’t let that complicated password fall into the hands of a fraudster. Think before you click! If something feels off about an email or social media message, delete it or verify the request independently.
Finally, the last line of protection is two factor authentication. If your username and password falls into the wrong hands for any reason, 2FA will protect you from an account takeover by requiring an additional passcode that is stored on an authentication app. It’s an extra step well worth taking.
Protection from online identity fraud lies in knowledge, awareness, and safer choices. The cyber awareness education and training that employees receive at work can translate to protecting their personal information and online identity.