Your identity is under attack. Here’s how to protect it.
Your identity is one of your most valuable assets, and it is under attack. People are actively stealing, selling, and buying identities every day. What does that mean for you? It means you must manage and protect your identity.
While criminals can approach identity theft in many ways, their goal is to obtain access to your personal information for financial gain or other malicious purposes. Online or digital identity theft can have far-reaching effects in your life — beyond embarrassing social media posts that can pop up on your account when you leave your computer unattended around friends.
Here are some common ways your digital identity can be compromised, and some things you can do to reduce the probability and the impact of such an event.
Most successful cyberattacks do not start with some mastermind criminal hacker fighting their way through our defenses, past our firewalls and intrusion prevention systems, and executing zero-day exploits. Most threat actors start by compromising user credentials or enticing someone to open a malicious link or attachment (e.g., a phishing attack).
When one of your accounts is compromised, your credentials (username/email and password) are going to be used, or at least tried, in other places. If a bad actor finds or buys a set of compromised credentials that includes your login information, they will likely find other accounts where you’ve used those attributes, too. When an attacker gains access to your other personal data, they can open credit accounts in your name and create a tremendous amount of complications and frustration in your life.
Compromised accounts are also frequently used to trick others. A bad actor might use your compromised email or social media accounts to message your contacts and compel them to take actions they otherwise would not. Compromised accounts are frequently used to persuade someone to send money or other personal information, or to open a link or document — all the things they would never normally do, except that the message seemingly came from you, and they trust you.
Reducing your risks
In other Cybersecurity Awareness Month articles, we’ve already talked about using good password practices and multi- or two-factor authentication (MFA and 2FA) for your online accounts. We’ve also covered how to spot red flags in phishing attacks and one of the possible outcomes of poor digital hygiene and phishing attacks — ransomware.
- Think before posting about yourself and others online. Consider what a post reveals,
who might see it and how it might affect you or others. Consider creating an alternate
persona for online profiles to limit how much of your own personal information you
- Why? Personal information readily available online can be used by attackers to do a variety of things, including impersonating someone, and guessing usernames and passwords.
- Use a virtual private network (VPN) when connecting to public Wi-Fi. Public wireless
networks are not secure — anyone could potentially see what you are doing on your
laptop or smartphone while you are connected to them. Limit what you do on public
Wi-Fi and avoid logging in to key accounts like email and bank accounts. Use a VPN
or a personal/mobile hotspot if you need a more secure connection.
- Why? Attackers can insert themselves between your device and an unsecured Wi-Fi network to intercept account information and other sensitive data, or to download malware to your unprotected device.
- Please visit this IT Knowledge Base article for more information about the U’s VPN services.
Now more than ever, cybersecurity — including identity protection — is an essential part of our lives. We all must do our part to protect those around us, at work, school, and home. The online best practices that help us to protect the U’s students, faculty, staff, patients, and guests also help us safeguard our families, friends, and ourselves from cyberthreats.
- Node 4 article: Don't give up the keys to the castle — be identity smart
- Identity theft Knowledge Base article
- Protect your computer or device Knowledge Base article
- Stay Safe Online: Be Identity Smart
- Stay Safe Online: 7 tips to manage your identity and protect your privacy online
- Identity Defined Security Alliance
- FTC: Identity theft
- FTC: IdentityTheft.gov website
- FTC: Warning signs of identity theft