Spending spree incoming? Avoid credit card, identity theft this holiday season

Written by 

cybersecurity green streamWith the holidays approaching, spending in America is predicted to increase by 5 percent. That’s a lot of card-swiping and online shopping — prime opportunities for thieves to steal credit card information or other personal data.

This past year, more than 16 million people in the United States were victims of identity theft or fraud — what the Department of Justice defines as wrongfully obtaining personal data to use for fraudulent means.

Don’t be one of those millions this year: Learn the best ways to keep your financial and personal data safe this holiday shopping season, whether you’re pounding the pavement to make it to the best Black Friday sales or perusing your favorite websites for deals on Cyber Monday.

And while you’re at it, make sure your UAB information is locked down to keep your own data and any vulnerable university materials from falling into the wrong hands.

Monitor your card activity.

Don’t wait for your print statement to come in the mail, advises Consumer Reports. Instead, sign in online or use a mobile banking app to check real-time updates on your card use. If you see something unfamiliar, report it to your bank immediately.

Freeze your credit.

Credit security freezes essentially shut off all access to your credit history by would-be lenders, Consumer Reports says. That way, if your card or identity is compromised and the thief attempts to open new accounts, loans or credit cards in your name, you are less likely to be approved.

“One username and password combination might not seem that serious at first glance, but if you use that combination for multiple accounts, cyber criminals will keep trying to use them until they gain access. The best thing to do is use unique, complicated, strong passwords for each individual account.”

Change your passwords often — and be creative.

The money you spend during holiday sales can come back to haunt you later, and not because of caveat emptor. Large retailers often are vulnerable to cyberattacks: In Home Depot’s 2014 information breach, 56 million customers’ credit and debit card information was compromised, After Target’s 2013 attack, 110 million people were affected.

The most basic rule is to not use the same password or passwords for multiple accounts, says Gary Warner, director of research in computer forensics at UAB. This keeps your information safe in case there is a data breach at a large company you’ve patronized.

“One username and password combination might not seem that serious at first glance, but if you use that combination for multiple accounts, cyber criminals will keep trying to use them until they gain access,” Warner says. “The best thing to do is use unique, complicated, strong passwords for each individual account.”

Type in a website URL instead of clicking that email or pop-up ad.

Sophisticated cybercriminals can make emails and advertisements look like they were sent from popular retailers such as Amazon or Best Buy — a tactic called phishing, when scammers use fraudulent email or texts or copycat websites to fool consumers into sharing valuable personal information, according to the U. S. Federal Trade Commission.

“If an email or text offer looks too good to be true this holiday season, it just might be,” Warner said. “Instead of clicking on any links included in the ad, try going to the retailer’s homepage itself by typing in the direct URL and look for the offer there. If you don’t see it, you just might have foiled a major phishing attempt.”

Keep your UAB information squared away.

What do I do if my data has been compromised?

  • If your credit card information has been stolen, call your card company or your bank and follow the steps they recommend.
  • If your personal data, such as your Social Security number or other identifying information has been breached, call the companies where you know fraud occurred, says the United States Federal Trade Commission (FTC), and place a security freeze on your credit. See the rest of the FTC’s identity theft recovery plan online.
  • If your UAB personal information, such as your BlazerID and strong password, was compromised, report it to AskIT immediately; call 205-996-5555 or open a ticket at uab.edu/techhelp.

From September 2017 through August 2018, the UAB IT Security Operations Center received more than 3,500 phishing reports; when combined with their colleagues in AskIT, that number skyrocketed to more than 10,000. And while the SOC is more than adept at quickly remedying the issue, averaging just 16 minutes between the initial report and final threat containment, employees should take care not to compromise their data at UAB.

  • Create a strong password.
    UAB policy dictates it needs 15 characters. Consider using a passphrase, such as a mnemonic device: “I hope to run 15 miles a week” can be turned into a password such as “!h0pet0run15maweek.”
  • Use two-factor authentication (2FA).
    2FA leverages two separate methods of proving a user is who they claim to be. When you log in with 2FA enter your BlazerID and password as usual. Then choose Duo Push through the Duo app, which notifies users when they attempt to log in to sites or apps that require 2FA and requires them to push a button in the app or enter a PIN that confirms the login is legitimate. Users with older devices that do not support apps can also request a passcode via SMS text.
  • Know a phish when you see one.
    Check the sender’s email address to ensure it’s a UAB domain. Watch out for strange grammatical or spelling errors and don’t click on any links within the email. Even if it just looks suspicious, email phishing@uab.edu to doublecheck. You can also download the PhishMe Reporter app to report a phish with one click through Outlook.

Visit UAB IT’s security awareness website to access the Security Awareness Toolkit, view informative short videos and learn to spot phishing attacks.