Today, we’ll take you through a recent incident where a client was targeted by a sophisticated and targeted cyber attack. We’ll share the steps we took to help the company recover, preserve digital forensic evidence, and implement safeguards to protect against future attacks.

Beyond just sharing this experience, we’ll also provide you with six essential steps that any company can take to secure itself against cybersecurity attacks. We’ll also discuss what you should do if your personal data has been exposed and cover specific types of fraud schemes that malicious actors may use to monetize exposed information.

So, whether you’re a business owner looking to secure your company against future attacks or an individual who wants to safeguard your personal information, this post is for you. Read on to learn more.

6 Precaution Steps Against Identity Theft and Related Fraud Schemes

Steps to Take to Protect Against Cybersecurity Attacks and Identity Theft

Recently, we assisted a company in recovering from a cybersecurity incident. They were the target of a sophisticated and targeted attack that combined business email compromise (BEC) with a wire transfer fraud scheme that cost them nearly $100,000. This is a considerable amount for any business, but it was particularly significant for our client, a small business with fewer than 10 employees. Fortunately, thanks to a quick response from their bank and the involvement of the FBI and US Secret Service, they were able to recover.

After the incident, we helped the company preserve digital forensic evidence, clean up their system, and implement safeguards to protect against future attacks.

The lessons learned from this incident were not new; we see them in corporate environments all the time. However, due to the frequency of this type of attack, it is worth repeating them here.

Here are 6 steps any company can take to secure itself against cybersecurity attacks:

  1. Develop an incident response plan that includes contact information for executives, technical personnel, your bank, major suppliers/customers, and law enforcement. Alert involved parties as soon as possible to minimize damage in the event of a breach.
  2. Implement spam/phishing filters for your corporate email (Office 365, Google Apps, etc.) and monitor for suspicious activity.
  3. Implement strong password policies, single sign-on (SSO), multi-factor authentication (MFA), and a password manager.
  4. Implement endpoint protection tools against viruses, malware, and advanced attacks.
  5. Regularly scan and patch your systems and applications.
  6. Implement a security monitoring, alerting, and incident response process.

With these controls in place, we are confident that our client’s corporate systems will be protected. We can monitor and respond to any future attack attempts.

Our client raised a different question: The CEO had sensitive data like names, emails, SSNs, and addresses of himself and his family members on his laptop. This information was in the hands of bad actors and potentially already sold in dark web marketplaces. What should you do to protect yourself and your family members in this situation?

The bad actors have one goal: to make money. They don’t care if they accomplish this by taking over your corporate servers or using your SSN to create a fraudulent credit card to buy goods online.

This article may interest you: What is a Cyber Attack?

If You Suspect Your Data Has been Exposed…

Although the tactics and results may vary, the basics of Identity Theft are well understood. The Federal Trade Commission (FTC) has a handy site that can guide you through the process of what to do if you are a victim of Identity Theft and related fraud. However, we want to focus on the cases where you had a data breach but are not aware of any fraudulent activity with your personal information.

Here is a short guide that will help you if you ever find yourself in this situation, with links to resources and further reading:

  1. Start with the FTC Identify Theft site which provides a checklist of personal data items that might have been compromised with steps to take for each if you suspect theft
  2. Sign-up with an Identify Theft Protection Service. Although you can do almost all of the tasks to protect yourself from Identity Theft on your own, some services do it for you for a fee. If you do not have time to monitor it yourself, consider using one of these services. Besides saving you time and hassle, some of these services also provide monetary guarantees and legal assistance in case you fall victim to Identity Theft fraud. Again, the FTC provides a great resource to understand these services. You can also check out comparison sites like NerdWallet and SafeHome to learn more about different providers and pick one that fits your needs.
  3. If you want to be extra safe, you can place a credit freeze with one of the three major credit card monitoring bureaus. Be aware that this will make it harder for fraudsters to open accounts with your information, but it will also be harder for you to open a new credit card next time you are shopping at the mall. It can be worth the extra effort though, especially if you suspect your data is already exposed. A credit freeze will last for one year. If you experience Identity Theft, you are eligible to request an extended alert or freeze which will last for seven years. Consult this FTC page for instructions on placing a credit freeze.

UPDATE (Thursday, February 4, 2020):

The Internal Revenue Service launched Identity Theft Central, designed to improve online access to information on identity theft and data security protection for taxpayers, tax professionals, and businesses. The site is full of useful resources, especially on how to contact IRS and what steps to take if you are a victim. In addition to the traditional Identity Theft schemes, in recent years we have seen some specific types of fraud schemes.

If your information has been exposed, these are three ways malicious actors may try to monetize that information.

  • Tax Return Fraud
  • Medical Identity Fraud
  • Child Identity Theft

Tax Return Fraud

Tax return fraud occurs when someone uses you and your family members’ personal data like name, SSN, and address to file a tax return in your name in order to claim a refund. Often victims of this type of fraud only learn that their identity has been stolen when they file their tax return and it is rejected. because someone has already filed a return using the same SSN. As tax season approaches, there is no doubt that the fraudsters are getting ready to exploit this vulnerability. Although there is no magic button to protect yourself from tax return fraud, we recommend you file your tax returns as early as possible.

If you want to learn more about tax return fraud and what to do if you are a victim, check the links:

Also see: How Do Cybercriminals Take Advantage of COVID-19?

Medical Identity Fraud

In this fraud scheme, your personal information can be used to seek treatment in the emergency room, get prescription drugs, and file insurance claims. Individuals whose health data (insurance ID, Medicare enrollment ID, etc.) have been exposed along with their personal information are particularly at risk. If the thief’s health information is mixed with your own, your treatment, insurance, payment records, and credit report may be affected.

If you receive bills, medical collection notices, or debt collector calls about medical services you did not receive, or if your health insurance provider notifies you that you have reached your benefits limit, you may have fallen victim to medical identity fraud. Even if there are no warning signs, you should regularly review your medical bills and records to check for accuracy, particularly if your personal data has recently been exposed to a breach.

The following sources provide additional practical steps to protect yourself from medical identity fraud:

Child Identity Theft

Child identity theft occurs when someone uses a child’s SSN to open bank or credit card accounts, apply for loans, apply for government benefits, etc. The crime can go undetected for years because most people do not monitor their children’s credit. In fact, most younger children should not have a credit report unless there has been an incidence of fraud, so it is harder to request a minor’s credit report from credit bureaus. Because of this, victims of child identity theft often do not know about the theft until years later when they are denied benefits and loans due to bad credit.

In general, you should protect your child’s personal data the way you would protect your own. Do not share your child’s SSN unless absolutely necessary. Ask how your child’s school is using and storing their personal data.

If there is a data breach reported at your child’s school, much the same as if your employer suffers a breach, take action to ensure your child is not a victim of Identity Theft with this further reading on the topic:

It is normal to keep records of family members on your work computer. Perhaps you needed the SSNs of all your family members to enroll them in the company-sponsored healthcare plan. Maybe it was easier to manage your family finances all in one place. Whatever the reason, the reality is that most employees have some personal data from their family members on their work computers.

If this data has been exposed, you need to consider taking preventative steps for every family member whose data might have been compromised. For adult family members, this process is the same as your own, while special steps must be taken for minors.

Conclusion

In conclusion, cybersecurity attacks can have significant and costly consequences for businesses and individuals alike. However, by taking steps to secure your systems and personal information, you can mitigate the risk of cyber attacks and protect yourself from the devastating effects of identity theft and related fraud schemes. At PurpleBox, we help our clients stay secure and recover quickly from cyber incidents.

Contact us to learn more about our Vulnerability Management services and how we can help you protect your business.

Cybersecurity Risk and Compliance