NCSAM is back for another year, let us see what we can get in to … starting with Identity Theft

Folks, NCSAM or National Cyber Security Awareness Month is now back for another year. This year has been quite different because of COVID-19 and of course the wild fires around the western United States that has consumed our lives as well.

I want to start this month with an identity theft article which we’ll also talk about in the next Security Box. More specifically, this is talking about identity fraud, not theft per see, but still worth talking about.


The article does talk about covid-19 and the fact that we’re now online more than ever. This is because we can’t go anywhere, and some states have relaxed those rules though but I’d still be caucious. With the advant of us spending more time online, we have more risks.

The bottom line is that personally identifiable information (PII) is the currency of internet crime. And cyber-criminals will do whatever they can to get
their hands on it. When they commit identity theft with this data, it can be a messy business, potentially taking months for banks and businesses to investigate
before you get your money and credit rating back. At a time of extreme financial hardship, this is the last thing anyone needs.

I can’t agree more! I believe this is the perfect paragraph to quote because it is more true this year than in past years. I’m not saying that Identity theft or fraud was not a problem last year, the year before, or even the year before that. We just need to be more proactive now because we’re not outside enjoying the weather, doing our outdoor activities, and seening friends and family.

At-risk personal data could be anything from email and account log-ins to medical info, SSNs, card and bank details, insurance details and much more. It
all has a value on the cybercrime underground and the price fraudsters are prepared to pay will depend on supply and demand, just like in the ‘real’ world.

The question is, how would we be able to scour to see if we’re at risk? Well, there is TOR which is a browser that allows you to connect to addresses ending in onion. You actually need to know what these addresses are, and there is no Google like service to search these things out.

According to one blind individual who did use TOR once, they claim that it is accessible with access technology. The person, who will not be named in this article, does not use the service anymore, and I’ve asked them to come on and talk about their experience of usage, not necessarily what they found. So far, they have declined to do this, and I honestly do not blame them. It is a slippery slope that I definitely would probably not want to touch if I were asked, and I’ve never pushed the issue. The TOR project linked within this article is where you can learn more.

Here is some other information taken from this article which is why I want to cover it in depth.

There are various ways for attackers to get your data. The main ones are:

  • Phishing: usually aimed at stealing your log-ins or tricking you into downloading keylogging or other info-stealing malware. Phishing mainly happens
    via email but could also occur via web, text, or phone. Around $667m was lost in imposter scams last year, according to the
    FTC.
  • Malicious mobile apps disguised as legitimate software.
  • Eavesdropping on social media: If you overshare even innocuous personal data (pet names, birth dates, etc.,) it could be used by fraudsters to access
    your accounts.
  • Public Wi-Fi eavesdropping: If you’re using it, the bad guys may be too.
  • Dumpster diving and shoulder surfing: Sometimes the old ways are still popular.
  • Stealing devices or finding lost/misplaced devices in public places.
  • Attacking the organizations you interact with: Unfortunately this is out of your control somewhat, but it’s no less serious. There were 1,473 reported
    corporate breaches in 2019, up 17% year-on-year.
  • Harvesting card details covertly from the sites you shop with. Incidents involving this kind of “web skimming”
    increased 26% in March as more users flocked to e-commerce sites during lockdown.

There are links within this section which were removed from copy/paste, so I highly encourage you to click through to read the entire article.
The article goes on more to talk about the covid-19 challenge. Phishers and other actors are going to dull out information that talks about remedies and other possible credible info that they want to pass along. They do this by impersinating trusted agencies such as the CDC, the WHO, and other institutions that are trying to get out the information dealing with this virus. While people may question the WHO’s involvement in this ordeal, this is not what this post is about.

There is an entire article to read here, and I can’t cover every single thing here that I’d love to cover as part of the podcast. I don’t think I can even do that either. Just go on over and read the great article by Trend Micro entitled Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis and I’m sure we’ll be bringing this up for a nice debate on the podcast. Please stay safe, read the information provided, and learn what you can possibly do so you’re not a target that falls for these schemes. Remember, just because the FBI may have taken fraudulent products and merchandise off the market and out of the criminals hands for now, doesn’t mean they’ll try and come up with more and put up web sites and other ways of selling it in the future.

Want to talk about this? Please get in touch! The blog awaits comments, my email box is open, and awaiting your interaction. Text, imessage, Whats App, and other info is gathered for everyone throughout my web site. Thanks so much for reading!


Discover more from The Technology blog and podcast

Subscribe to get the latest posts sent to your email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.