Five days ago in a required filing to the California Attorney General, clothing company J. Crew revealed that it had suffered a data breach last April in which personal information of an undisclosed number of its customers was taken.  The stolen customer online account information included some credit card data and other personal information.  The hackers were able to access these accounts by using the usernames and passwords of customers that were harvested from other data breaches.  This information is regularly sold on the Dark Web, that part of the Internet where cybercriminals buy and sell goods and services.  Cybercriminals often use the information gathered in data breaches such as this to form the basis of scams that start with spear phishing emails which are phishing emails specifically tailored with information about you and your interests. These spear phishing emails will attempt to lure you into either providing personal information that can be used to make you a victim of identity theft or to click on links containing harmful malware. Everyone should be skeptical of any email asking for personal information or prompting you to click on a link. Never provide such information or click on links until you have confirmed that the email is legitimate.

TIPS

This data breach is another reminder that you should have unique usernames and  strong passwords for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked.  Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Also, whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

In addition, if you have not frozen your credit reports, this would be a good time to do so.

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:

https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”