The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
You can spot a Nigerian email scam without opening it. You know what you’re doing when it comes to keeping ID thieves from conning you. And if someone tried to get the kind of personal information needed to open credit in your name, well, it just wouldn’t happen.
Except it would.
Credit gets stolen using personal information all the time. In the wake of the Equifax breach it’s happening even more than usual.
The Identity Theft Resource Center tracks data breaches every year and publishes a year-end report (full disclosure, my company CyberScout, sponsors it). Last year, the ITRC found that of the 174 million records breached last year, more than 91 percent came from corporate databases.
There are data breaches every day, and while they do not rise to the level of the Equifax event, they still add up in a big way. In fact, it would be a miracle if your data were not somewhere available on the dark web, which is a sort of digital black market.
Consider the December discovery of an enormous cache of unecrypted, searchable login credentials that the dark web analysis firm 4iQ discovered on the dark web.
“This dump aggregates 252 previous breaches, including known credential lists such as Anti Public and Exploit.in, decrypted passwords of known breaches like LinkedIn as well as smaller breaches like Bitcoin and Pastebin sites,” Julio Casal, co-founder of 4IQ explained in a blog post.
The total number of credentials: 1.4 billion. The discovery added 385 million new credential pairs, 318 million unique users, and 147 million passwords to what was already out there.
That’s a big number. It’s the kind of number that should make you take certain precautions. But the easiest one is most often disregarded, at least according to Time Magazine: maintaining good password behavior.
The worst passwords of 2017 were pretty bad: 123456, Password, 12345678, qwerty, 12345, 123456789, letmein, 1234567, football, iloveyou, admin, welcome, monkey, login, abc123, starwars, 123123, dragon, passw0rd, maste, hello, freedom, whatever, qazwsx, trustno1.
Not hard to guess, because they’re not long and strong, or better yet created by a random password generator. But there’s something worse than using weak passwords. The re-use of passwords across accounts is far more dangerous—and common. Hackers know if they find your credentials for LinkedIn (one of the contributing sources to the above-cited credential dump on the dark web), there’s a good chance they will be able to use something similar or identical to hit your financial accounts.
But go ahead and check your accounts right now. You have that all set up so you can do it quickly, right? If you are like most people, you don’t.
How about transaction alerts? You’ll know if this is set up, because a text or email is delivered to you every time you use a credit card or move money from a bank account.
If that sounds like a hassle, it isn’t. There’s something reassuring about those alerts following a purchase, and if something ever pops up that you didn’t trigger—well it’s even more reassuring that you’ll know right away.
But the above only helps with existing accounts, and that’s not the only danger when it comes to credentials being “out there.”
When you “win” the ID theft lottery, and an ID thief locks onto your credentials stored on one of those massive dark web data bases, a criminal can open a new credit account of any kind—a mortgage, a car loan, a new smartphone with wireless or a credit account. They can dip into your email, and figure out what they need to know to do almost anything: take over your healthcare, con your friends, even become you.
According to Javelin Strategy and Research, 2017 saw a new trend. “While credit card accounts remained the most prevalent targets for new account fraud, there was significant growth in the opening of new intermediary accounts, such as email payments (e.g. PayPal) and other internet accounts (e.g. e-commerce merchants such as Amazon) by fraudsters. Although not as easily monetized alone, these account types are invaluable in helping fraudsters transfer funds from the existing accounts of their victims.”
What can you do?
In this Wild West of information insecurity, you are the most qualified person to protect yourself from the dangers that lurk “out there.” But remember, you have to stay on your game, because the bad guys definitely are.
If you’re concerned about your credit, you can check your three credit reports for free once a year. To track your credit more regularly, Credit.com’s free Credit Report Card is an easy-to-understand breakdown of your credit report information that uses letter grades—plus you get two free credit scores updated every 14 days.
You can also carry on the conversation on our social media platforms. Like and follow us on Facebook and leave us a tweet on Twitter.
Image Credit DeanDrobot
April 11, 2023
Uncategorized
September 13, 2021
Uncategorized
August 4, 2021
Uncategorized