Shame on me, one of the most organized and security-conscious people you’ll ever meet (if I do say so myself) for logging onto the unsecured Wi-Fi at Miami International Airport this past summer. I knew it was the wrong thing to do, but feeling impervious to hackers and somewhat cavalier, I figured; what could happen in fifteen minutes….
What ensued was nothing shy of hell! The criminals hi-jacked my email and my mobile accounts and tried(unsuccessfully, thank God) to take over my Apple account, and that was just the beginning!
This type of cyber crime goes far beyond identity theft, in fact, it’s called “account takeover,” and TAKE OVER is exactly what they did. By hijacking my mobile phone and email accounts, the crooks were able to circumvent numerous email and text alerts, which were being sent to me by my bank and credit card company, as well as by the mobile and cable companies, as the criminals systematically drained my checking account and ran up thousands of dollars worth of fraudulent charges on my credit card.
Understand all this happened in spite of the fact I had, and still have; security freezes on all three of the major credit bureau accounts and impossible-to-remember passwords, usernames and security questions, not to mention copious multi-factor verifications and security blocks on ALL of my bank and credit card accounts.
Account take-over is a very real and very frightening issue and goes far beyond “transactional” theft (i.e.: someone gets your credit card number and you have to get a replacement card). To help others avoid what I went through, here are some basic things you can do, which won’t necessarily prevent fraud, but should make you a little less vulnerable:
- Never, ever, ever use public (un-secured) Wi-Fi such as the Wi-Fi in a café, hotel or airport. To remain anonymous and secure on the Internet, invest in a Virtual Private Network (VPN) account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack into a VPN.
- If you or someone you know is 18 years old or older, you need to create a Social Security account. Today! Go to SSA.gov
- Add multi-factor verifications to ALL online accounts offering this additional layer of protection, including mobile and cable accounts. (Note: Have the codes sent to your email, as SIM card “swapping” is becoming a huge, and thus far, unstoppable security problem.)
- Create hard to crack 12-character passwords. NOT your mother’s maiden name, not the last four of your Social, not your birthday and not your address, and whenever possible, use a “pass-phrase” as your answer to account security questions, such as “youllneverguessmybrotherinlawsmiddlename.”
- Avoid the temptation to use the same user name and password for every account and whenever possible, change your passwords every six months.
- To prevent “new account fraud (i.e.: someone trying to open an account using your date of birth and Social Security number), place a security freeze on all three national credit bureaus. (Equifax, Experian & TransUnion). There is no charge for this service.
- Never plug your devices (mobile phone, tablet and/or laptop) into an electrical outlet in an airport. Doing so will make you more susceptible to being hacked. Instead, travel with an external battery charger to keep your devices charged.
Finally, avoid the temptation to share your life on Facebook, Instagram and other social media venues, especially when traveling. Crooks aren’t just trolling these sites to see if you’re out of town so they can break into your home; they’re also looking for information with which they can take over your life!
Be smart. Be aware. Be careful. If it can happen to me, it can happen to you.