Privacy is a scarce commodity in today’s online environment. Big businesses, with the help of data brokers who gather and consolidate all the data crumbs you leave while you browse the internet, know everything there is to know about you. However, this invasion of privacy pales in comparison to the consequences of a criminal hacking team digging deep into your personal data. Big businesses want to sell you goods, while hacking groups aim to take it. They’ll cash in on their illicit access to your life as soon as possible, preferably before you even realize there’s an issue. According to some experts, the year 2022 will be the most significant in terms of data breaches ever. Your personal life will be exposed sooner or later. What should you do if you discover you’ve been hacked?
How will you be able to tell?
It’s all over the news when a significant hacking attack or data leak occurs. Often, the affected service may launch a web page where you can see if you were impacted. And you will be impacted, if not now, then in the future. The only advantage is that you’re one of millions, so the hackers may never get around to using your information. Don’t think you’ll be able to avoid a breach. Antivirus software installed on your machine is helpless in the face of a security breach on a remote server.
Not every data leak results in a well-publicized hack. A rogue internet retailer, a card skimmer, or even a waiter in a brick-and-mortar restaurant could jeopardize your credit card. The presence of unexpected products on the credit card account could be the first hint. Always study the bills and find out what each line on the bill represents, even if it’s a minor price. Before making a large transaction, card fraudsters will occasionally make a few minor purchases to ensure the card is “active.” To keep track of all your credit card transactions in one location, utilize a personal financial program like Mint.
These days, banks are adept at detecting fraud. It’s possible that you won’t find out about a compromised card until the bank refuses the charges and begins the process of issuing a new card. It’s a headache to get a new card because any automatic payments you’ve set up will require the new card number. Still, it’s preferable to allowing hackers to use your credit card to purchase an 85-inch television.
Hackers can take use of more than just credit card numbers. Scammers can send spam or targeted email scams to your contacts using a hijacked email account. Worried phone calls from friends asking whether you’re genuinely detained at a Dubai airport with no cash, or angry texts from people “you” have spammed, could be your first hint.
An identity thief can also utilize your personal information to open credit accounts under your name that you are unaware of. You might only learn about those accounts if a retailer refuses to issue a new line of credit when you ask for one. Consumers who are wary of credit bureaus utilize AnnualCreditReport.com to request a free credit report from Equifax, Experian, and TransUnion once a year, spaced out over four months. Yes, Equifax suffered a massive data breach and was forced to pay $650 million in damages as a result of their carelessness, which included free credit monitoring or a $125 minimum reimbursement for each affected. Regardless of whether you checked your credit with Equifax, you were affected.
We recommend the Credit Karma service, which pulls your credit report from TransUnion and Equifax once a week to keep track of your credit. These are “soft” enquiries, as opposed to “hard” inquiries made when you seek for greater credit. Soft inquiries have no influence on your credit score, however hard queries do.
A change in your credit score is like a ripple in a pond, where the rock that caused the ripple is the real misuse of your credit. Avast BreachGuard and IDX Privacy are two services that target those rocks. They keep an eye on the Dark Web to make sure your personal information isn’t being sold. A comparable scan is included in Norton 360 Deluxe, which is powered in part by the company’s LifeLock identity theft remediation technology.
Some password manager programs, such as Keeper and LastPass, include breach monitoring as a feature. The link makes sense because the first thing you should do if a site is hacked is change your password. You can change it to a strong, unique password that you don’t use on any other site with the aid of the password manager.
What Happens After That?
The easiest hack to overcome is credit card compromise. You are not liable for the fraudulent charges, and the matter will be resolved once the bank issues a new card. Except for the fact that you’ll need to change your payment details wherever the old card was saved.
It can be more difficult to regain control of a compromised email account. You’ll need to contact the email provider and show that you’re the rightful owner of the account. Of course, if the hacker changes your password, you won’t be able to contact the provider via your usual email. It’s critical to have multiple email addresses, each of which serves as an alternate contact address for the other.
Many websites require you to use your email address as your account’s username. That’s a lot easier than having to pick (and remember) a different login and password for each site. However, if you used the same password for other sites as your hacked email account, those accounts are now well-known as well. If a hacker obtains your login credentials for one site, he or she will almost certainly try the same username and password combination on dozens of other popular websites.
Even if you don’t use any duplicate passwords, email account penetration can be a major issue. Consider the following scenario. What should you do if you forget your website password? Right—you click to receive an email with a password reset link. If a competent hacker gains access to your email account, he or she will immediately look for additional accounts, such as social media, or, worse, shopping and banking accounts. The hacker now owns those accounts as well, thanks to a simple password change.
After you’ve recovered from an email account takeover, you should change your password on every site associated with that email address. A password manager will be really useful in this situation.
Prevention is worth its weight in gold.
It’s not easy to keep the consequences of data breaches to a minimum. You must take the necessary precautions and remain vigilant. However, the effort required is far less than the Herculean challenge of regaining your identity after it has been stolen by hackers.
Get Help If You’ve Been the Victim of Identity Theft
Identity theft in its most extreme form may be a nightmare. Victims often spend thousands of dollars over the course of weeks or months trying to regain control of their online identities and lives. The Federal Trade Commission has a great website with detailed instructions on how to proceed. The site recommends that you order your credit reports to check what’s going on and file an official identity theft report with the FTC, among other things.
The website then goes on to detail all you need to know in a step-by-step manner. It includes checklists, as well as sample letters and paperwork, to ensure you don’t forget anything. You won’t go wrong if you use this helpful tool.
You’ve seen the advertising for identity theft recovery services provided by third parties. These can be useful, but only if you have them in place before something major occurs. It’s similar to buying an insurance policy: you pay for the coverage in the hopes of never having to use it. Adding such a service to your monthly payments won’t fix the problem you just had, but it will help you avoid it in the future.
Each large data breach is followed by a flurry of stories urging you to freeze your credit, set up a fraud alert (which means you’ll have to go through additional verification processes to open a new account), and so on. Such changes to your credit-using habits should be regarded as permanent. After all, the next major security breach is on the horizon; in fact, it may have already occurred. In the Equifax case, the actual breach occurred months before it was detected. When it comes to credit cards, there’s not much you can do except avoid buying at dodgy stores, both in person and online. The majority of physical establishments now accept chipped credit cards (though there are still holdouts). Chipped cards provide excellent security for in-person transactions, but they are ineffective for card-not-present internet transactions.
Apple Pay and Google Pay, both mobile-based payment methods, are more secure than conventional credit cards. Hackers gain nothing by obtaining existing transaction data since each transaction is assigned a unique number. You can also utilize the mobile payment system to make online purchases. Simply use a fingerprint scanner or a strong passcode to secure your phone and keep it with you at all times.
Poorly secured websites can reveal your email address and a perfectly strong password to hackers, but a terrible password puts your account vulnerable to a brute-force attack. For your email account, use a strong password, and for every other account or protected site, use a different strong password. Yes, you’ll need a password manager, but there’s no need to pay for one. The most effective free password managers are pretty useful.
You can request a password reset on some websites by completing a few easy security questions. The problem is that the bad guys can usually find the answers to those questions in seconds online. If you have the option of defining your own security questions, do so, and make sure they’re tough—questions that only you could answer. Don’t use an honest answer if you’re forced to choose from dumb questions like your mother’s maiden name. Choose a fictitious answer that you’ll remember. Also, don’t reuse question/answer pairs across multiple websites. I recommend keeping your erroneous answers in the notes section of your password manager… However, if you used a password manager, you wouldn’t have needed to reset your password in the first place.
Your personal information is sometimes exposed to the public eye with no way to hide it. Real estate transactions, for example, are public information. Data brokers trawl the internet for publicly available information to compile a profile that they may subsequently sell to advertising… or identity thieves. Gathering and aggregating data is totally lawful, but brokers must also erase your data if you request it. Optery is a service that searches hundreds of brokers for your information and either assists you in removing it or removes it for you for a fee. Privacy Bee scans even more sites than Optery and performs automatic deletions.
When it comes to preventing full-scale identity theft, there are a few things you can do to make life difficult for identity thieves. Never provide any information on a web form that isn’t strictly necessary. Make something up if something is necessary but irrelevant, such as your street address on a site that does not ship to you. For paper invoices and statements, invest in a low-cost shredder. Examine all of your statements and take use of your free credit reports. Install a robust security package to back up your efforts.