Category: information

Keep your personal information safe

Fraudsters are after your personal information including – full name, address and contact details, bank account numbers, logins and passwords for websites and Identification numbers such as passport details and driving licence.

Once they obtain your full name and other personal details, they can search official records, social media etc to piece together a fuller picture about you, with the intention of scamming you or even identity theft.

How To Stay Safe

  • Use multiple email addresses [link]
  • Use disposable email addresses (https://fightback.ninja/disposable-email-addresses/)
  • Use temporary email addresses [link]
  • Use the magic phone number if you don’t want to be contacted by phone, but a website insists you provide one [https://fightback.ninja/a-magic-phone-number-and-call-blocking]
  • Stop tracking cookies
  • Opt out whenever possible of Marketing emails etc.
  • Withhold data when you can or make something up if it is unimportant

Removing your personal information from the internet

There is a trade-off between having some information on the Internet about you so that prospective employers, old friends and others can find you and the problem of there being so much that criminals can use that information to con and steal from you. Also, it’s virtually impossible to remove all traces of your Internet activity.

  1. Restrict or Delete Social Media Accounts

Scammers seeking your information may start with your social media posts so make sure not to post anything personal or mention holiday dates etc. Simply deleting such accounts is safer.

  1. Close down Blogs and Blog Posts

Close or delete any blogs posts or the whole blog if it gives away personal information on you.

Personal blogs may contain intimate details about your daily life, family, jobs, health information and financial situation — which is information a fraudster could use to scam you or access your accounts. If you publish a blog, be mindful of the details you’re sharing.

  1. Websites, Chat Groups etc. With Your Information

If someone else has posted sensitive information about you on their website or blog, then you can contact the webmaster of the site and ask them to remove the information.

If a website refuses to remove your info, then you can send a legal request to Google and ask to have it removed.

  1. Phone APPS

Many APPS on your smartphone and tablet collect personal details such as your name, email address, spending habits, and geographical location. This information could be accessed by cybercriminals, leaked or stolen, and if it ends up in the hands of scammer, your finances could be at risk.

If you’re unsure whether an app is trustworthy, it’s a good idea to review the Terms of Use and Privacy Notice first to determine what info is collected, why it is collected, and how it may be secured, stored, and shared. You might also check some user reviews.

  1. Block Tracking Software

While browsing the web, you’ve probably noticed disclaimers about “cookies,” which is technology that tracks your web browsing habits. If you don’t want that information tracked and stored, then consider running security software that contains features to block online tracking. You should also understand the limitations of your browser and any do-not-track feature.

  1. Clean out your computer data

There’s a trove of personal information stored on your browser history, including the websites you visit (including financial institutions), passwords, and cached images and files. If a cybercriminal gains access to your device, they may be able to use that information. Regularly clear your browser history, delete cookies and install and use security software that includes online privacy features.

If you do all of the above then you will remove most of the data that anyone can find about you on the open Internet. There will always be data on government systems, retailers you buy from etc. but that is harder for any criminals to access.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Police Report Common Phone Scams

The National Fraud Bureau reports that the most common phone scams are:

  1. False reports of a problem with your computer or device
  2. A fake fraud investigation
  3. An investment opportunity

Number 1 is better known as the Microsoft Support scam as most of the scammers cold call random people, pretending to be from Microsoft Support and warning of a severe computer problem. They offer to fix it and to do so they need access to your computer and will charge a fee for their time or for some software they supposedly have to install.

Since these scams became commonplace, most people know to put the phone down on any such call. A message to the same effect (you have a computer problem – call …) may pop up when you are on a new website and it will exhort you to phone a specified phone number – this will be to a scam call centre so do not call it.

Number 2 is the fake fraud investigation which can take many forms with the scammer pretending to be from your bank or the government or the Police etc. Usually, they warn you that your bank account has been hacked and they will assist you to save your remaining money – i.e. by taking it away from you. Any such callers should be ignored but if you want to check with your bank then use a different phone to call your bank on a known number.

Number 3 is scammers offering investments that have zero risk and give guaranteed returns are always fake and you should seek expert advice before making any investment.

Anything that looks too good to be true is almost certainly a scam.

Stay safe.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

How do fraudsters get my personal information?

When scammers get hold of your personal information, it can lead to serious trouble. Those details can be used directly in fraud or be used to put together a more detailed picture of you that can be sold to identity thieves.

Personal details can include:

  • Full name, address and contact details
  • Bank account numbers and login information
  • Logins and passwords for websites
  • Identification numbers, e.g. passport details or driving licence

There are four main methods that scammers use to get your personal information.

  1. Phishing Scams and Buying From Other Criminals

Criminals get your information from phishing exercises, fake competitions, fake websites etc. and often they simply find a business email address then make up entries by combining common first names with the business email address. If they get a response to their spam emails that tells them you have an active email account and you will get a lot more scam and spam messages.

They also buy this data from other scammers and spammers who sell list of people’s information on the dark web.

Simple data such as name and address sells for just tens of dollars per thousand people but financial data sells for much higher prices e.g. valid credit card details plus the security number on the back and the persons full name can sell for up to hundreds of dollars per person.

  1. Data brokers

These companies collect and sell all the data they can legally find, such as names, date of birth, telephone numbers, addresses, land records, marriage records, criminal history, social media profiles etc. They consolidate this data from dozens of different public records, then compile it online.

A lot of the information is likely to be out of date or just wrong, but some is likely to be accurate.

  1. Data breaches

This is where hackers break into organisation’s computer systems to steal data. Sometimes this is published on the dark web and sometimes sold directly to other criminals.

The targeted information may include names, driver’s license numbers, medical and financial records, and email addresses and passwords.

  1. Social media and blogs

Your social media accounts may contain all the pieces a cybercriminal needs to commit fraud, such as your full name, where you live and work, photos of you and your family, holiday plans, and your favourite bands and hobbies. E,g,  some people use a pet’s name as a password or as an answer to a security question so if your pet is on your social media then they will try it.

Removing social profiles and information on blogs or at least restricting the personal information makes it harder for the criminals to scam you.

Make sure the scammers cannot get your personal information – stay safe.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Don’t Be Tracked Online So Easily

More and more websites, online services, social media sites, APPS etc want to track us – track what we buy, track where we go online, track any details about us they can get e.g. IP address, location etc.  because that data is valuable to them.

Sometimes they ask for permission to track us e.g. when you agree to their terms and condition, but often that’s not the case.

Is it all bad?

No.

For example, that tracking means the website can serve up adverts more to your liking rather than random ads, but many people don’t like that as it often takes the form of the same adverts following you from website to website.

How to Reduce Your Trackable Information

Reduce the level of information about you on the Internet to a necessary minimum and be aware that criminals can use whatever information they find against you.

  1. Email addresses

You can use multiple email addresses to separate your online activities e.g. use one email address for financial matters and one for social media and one for retail sites and one for unimportant websites.

You can also use disposable/ one time email addresses for any site you think will send you spam.

  1. Withhold your information or make stuff up where it’s not important e.g. misspell your name and give a fake birthdate
  2. If you’re not using any online accounts then delete them – you can always open a new one if needed
  3. Be careful of anything you publish on social media or that other people publish about you – e.g. pets names (possible passwords) or dates you’ll be away e.g. on holiday

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Data Breaches Facts

Hackers break into company computer systems and steal confidential information. i.e. they make copies of it for their own purposes.

The hackers might then ransom the data back to the owner or sell it to a competitor or sell it to other scammers or  might make us of it in phishing scams i.e. to get more confidential information which they can then sell to fraudsters.

This is big business and usually it’s the customers of the hacked business that suffer.

We give our private and financial information to companies to do business with them but we expect they will do everything necessary to keep that data secure.

Many companies do have excellent data security but some fall short.

The cost to a company of a data breach can include:-

  1. Creation of contact databases
  2. Regulatory requirements
  3. External experts
  4. Postal costs
  5. Communications set-ups
  6. Audit services
  7. Helpdesk
  8. Legal expenditures
  9. Reimbursement for customers
  10. Cost of cleaning up data

Besides the material costs, there may be reputation damage.

Recent research shows:-

  • The average cost of a data breach is $3.86 million
  • The average global total cost per record stolen is $141 but there is huge variance across incidents.
  • Companies in South Africa and India have the highest chance of data breaches whereas companies in Germany and Canada have the lowest.
  • The mean time to identify and contain a breach is 280 days
  • The faster the breach is recognised, then generally the lower the total cost
  • The increasing use of mobile platforms is increasing the chances of data breaches.

For information on how to recognise a cyber-attack see

https://fightbackonline.org/index.php/business/102-do-you-know-if-your-business-has-been-cyber-attacked

[facts taken from 2020 Cost of Data Breach Study]

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

ISO27001 Information Security Standard

ISO 27001, also known as IEC 27001 is an information security standard and is published by the International Organization for Standardization  and the International Electrotechnical Commission.

Most organizations have some information security controls, but these may not be sufficiently comprehensive in their coverage. An information security management system (ISMS) can remedy this situation.

It specifies a management system and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.

ISO 27001 requires that management:

  • Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
  • Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis

The ISO 27001 certification, like other ISO management system certifications, usually involves a three-stage external audit process.

Stage 1 is a preliminary, informal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization’s information security policy, Statement of Applicability and Risk Treatment Plan. This stage serves to familiarize the auditors with the organization and vice versa.

Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO/ 27001. The auditors will seek evidence to confirm that the management system has been properly designed and implemented, and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS). Certification audits are usually conducted by ISO 27001 Lead Auditors. Passing this stage results in the ISMS being certified compliant with ISO/ 27001.

Stage 3 is Ongoing and involves follow-up reviews or audits to confirm that the organization remains in compliance with the standard. Certification maintenance requires periodic re-assessment audits to confirm that the ISMS continues to operate as specified and intended. These should happen at least annually but (by agreement with management) are often conducted more frequently, particularly while the ISMS is still maturing.

For detailed information on ISO 27001 refer to https://www.itgovernance.co.uk/iso27001

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature