SpearTip | February 20th, 2019

The end of the year is a valuable time to clean up bad cyber habits. With a new year comes new opportunities for both you, and the bad guys. Bad guys prey on ignorance to compromise your identity and assets. I frequently hear, “I’m not worth a whole lot so bad guys aren’t going to waste time trying to compromise me,” or “there’s nothing in my bank accounts so I’m not a target.”

Consider this – in most cases, the content of your bank account is irrelevant to the hacker because the original hacker is only after your account information to be sold to a third party on the dark net. The average credit/debit card is worth about 25 dollars on the cyber black market. This is why you see “skimmers” being used at retail locations and gas stations. Each time a consumer swipes a card at that terminal with a hidden skimmer, the bad guy pockets 25 bucks, regardless of the owner of the card, or his/her current wealth.

Easy Ways To Protect Yourself
There are a myriad of easy steps you can take to better protect yourself from cybercrime on and off the internet. First and foremost is good password hygiene. Having at least a 10-digit password utilizing at least 2 upper and lower-case letters, as well as a special character drastically lowers an adversary’s ability to break your password. Think of it this way; if I was tasked with trying to guess a co-worker’s password, and the co-worker’s password was 123456, it may be a quick day at the office. However, if that co-worker’s password was 9ijhB&^72A, I’m in for a long night. The password cracking ability of a hacker works in the exact same manner. If a password is short and typical, such as password1, the hacker’s computer will guess it correctly in a matter of minutes. If the password is 9ijhB&^72A, the hacker would give up long before the computer program came close to guessing the correct sequence. In addition, use different passwords for each website visited, especially sites with sensitive information such as online banking or social media accounts. This way, if one site’s credentials are compromised, the attacker doesn’t have access to all the others with the same credentials.

Your Debit Card Is A Dangerous Portal To All Your Accounts
The internet however is not the only place you can unknowingly give up your identity or bank account information. Every time you swipe a credit/debit card, you give up your data to the vendor, hoping that vendor has the means and infrastructure in place to keep your information safe. As we’ve seen with Target and The Home Depot, assuming an organization is secure, based on its size, is a recipe for identity theft. So, the question isn’t should I never swipe a card again, as much as what card should I be swiping?

If you can navigate the temptations of the almighty credit card, this is your safest option. When using a debit card as your everyday method of payment, you are accepting the risk of losing the entirety of your bank account relevant to that card. In other words, when you swipe with your debit card, whatever amount is in all accounts relevant to that card, ie -checking, savings, IRA’s, you are liable for that full combined amount in the event that the card is compromised. With a credit card however, limitations of liability are attached, usually around 500 dollars, which is your responsibility in the event of a breach. Banks and other financial institutions are getting better and better about not holding their members liable for these fraudulent activities; however, you can limit your liability by simply switching to a credit card as your go-to method for making everyday purchases.

Around 90% of compromises are initiated from user ignorance of cyber best practices. In most cases, if it feels like a scam, it probably is a scam.

If It Sounds Too Good To Be True . . .
Guys, be realistic . . . the Victoria’s Secret model on Tinder didn’t find your profile so irresistible that she absolutely has to chat with you right now on an alternate website that only requires one simple click for access. And ladies . . . sorry, but you didn’t really win the designer handbag shopping spree featured on the winning email from a contest you never entered. So it’s probably not the best idea to provide them with your social security number, so they can process your winnings.

Bottom line: if it feels like a scam, or seems too good to be too be true, consult with an information security expert who can diagnose the contact as legitimate or spam. If you don’t know one, all of us here at SpearTip are happy to help!