Good Practices

Fighting data breach fatigue: Give cyber thieves a run for ‘their’ money

If you enjoy surfing the web and browsing through the news, you’ve definitely stumbled upon reports of cybersecurity trends and infamous data breaches. Last year marked a milestone in data breaches, as the criminal economy soared with more than 15 billion records exposed. Maybe you were unfortunate enough to receive an email notification informing you that your personal information was exposed. I can relate.

Do you Yahoo? I did.

My email address was among the 3 billion Yahoo accounts compromised in a breach of historic proportions. Like most victims, I paid little attention to it. For me, the news was water under the bridge, since I was no longer using that particular email. “What harm could an old, leaked email account do?” I remember asking myself. I am positive that I had changed the password and enabled two-factor authentication. However, I did not check any of my other online accounts linked to the leaked email address. Every once in a while, I check the account and notice an increase of spam and phishing emails popping up in my Inbox.

A storm is brewing

Since then, that particular email address appeared in multiple data breaches, including the infamous Collection#1 from January 2019. When security breaches start piling up day after day, at some point, you turn a blind eye and stop caring. The numb state you find yourself in can be defined as data breach fatigue. Due to their magnitude data breaches become less and less surprising for consumers. So what?

The wake-up call

Last year, I received a phone call from my bank asking me if I was trying to purchase games on the Steam platform at 3 o’clock in the morning. The unemotional and passive state I was in quickly faded away; anxiety and rage kicked in. When it comes to our hard-earned money, we tend to be more aware of the negative impact of a data breach. Paranoia and uncertainty replace indifference. A complete stranger got hold of my credit card information and I had no idea how.

The “why” is easy to answer. I was clearly a victim of credit card fraud. The criminal simply wanted to check if I hadn’t put additional security measures in place for online payments before draining my account. The bank representative confirmed that the compromised credit card had been cancelled and I was asked to head to the closest office to receive a new one. In my case, I was ready to continue with my daily schedule in about 30 minutes.

Zoom in on credit card fraud

Credit card fraud can take many forms. For example, thieves can use leaked financial data from data breaches, skimming or the traditional phishing email. In skimming, criminals use a device that illegally reads or duplicates the information from your card. Phishing, on the other hand, implies that a criminal deploys an email resembling a legitimate one from your bank or service provider with the sole purpose of tricking you into revealing your personal information. Phishing emails are like a wolf in sheep’s clothing. If you don’t pay attention, you can easily fall victim.

Lessons to be learned

I consider myself lucky. The thieves tried to use the information but failed. Many people can’t say the same — a data breach can be quite devastating both financially and time wise.

Get rid of the “it can’t happen to me” attitude. Be aware of the signs of data breach fatigue. Although we all feel powerless when it comes to stopping the data breach phenomenon, succumbing to apathy and acceptance can further erode privacy issues for both consumers and businesses.

Since the incidents are so common, a false sense of safety sets in and the sense of diligence seems to be no longer needed. But, if someone broke into your home, would you leave the door unlocked the next day? I think not.

Most data breaches don’t even make the headlines. The information exposed is not worthy of serious media attention, and as long as no financial data is taken, everything seems all right. But that’s far from the truth. Any personal information is valuable to cybercriminals. Some more than others. In 2018, a study showed that account credentials on the dark web were sold for as little as $0.20 for e-commerce websites and up to $15.50 for money transfer services.

Although not all data breaches result in tax-related identity theft, the odds of becoming another identity theft statistic are high, especially when looking at consumer behavior and e-commerce practices. Cybercrime-related complaints and monetary loss setting record highs. In 2019, the IC3 processed 467,361 incidents for a total of $3.5 billion in losses for consumers and businesses.

Yes, data on the dark web has no expiration date, and yes, data breaches happen daily. However, this does not mean we should make the job of a cybercriminal easier. Be ever-vigilant and adopt healthier online hygiene while also promoting awareness to friends, family and coworkers. Don’t recycle old passwords and do enable two-factor authentication where possible. It’s also a good idea to limit the information you share online and keep an eye out for impersonators and that too-good-to-be-true deal.

On top of a security solution that can protect your devices from malware attacks, signing up for an identity-theft monitoring service can help you breathe easy. When pieces of your personal information appear on the dark web, the 24/7 monitoring feature will notify you and provide immediate mitigations steps to prevent any further damages. These steps can differentiate you from an identity theft or fraud victim.

To further expand your knowledge of digital identity and online threats, click here.

Don’t fall asleep during a data breach storm. Stay awake!

About the author

Alina Bizga

Alina has been a part of the Bitdefender family for some years now, as her past role involved interfacing with end users and partners, advocating Bitdefender technologies and solutions. She is a history buff and passionate about cybersecurity and anything sci-fi. Her spare time is usually split between her two feline friends and traveling.