Bookseller Barnes & Noble announced that it had suffered a data breach which it only recently discovered. Fortunately, customers’ credit card information appears not to have been compromised in the data breach, however, some personal information including transaction history and, most significantly, email addresses were stolen in the data breach. Cybercriminals often use the information gathered in data breaches such as this to form the basis of scams that start with spear phishing emails which are phishing emails specifically tailored with information about you and your interests. Information about the books you have bought can be used by cybercriminals to send specifically crafted spear phishing emails to Barnes & Noble customers using the stolen email addresses. These spear phishing emails will attempt to lure you into either providing personal information that can be used to make you a victim of identity theft or to click on links containing harmful malware. You should always be skeptical of any email asking for personal information or prompting you to click on a link. Never provide such information or click on links until you have confirmed that the email is legitimate.
This data breach is another reminder that you should have unique usernames and strong passwords for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked. Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
Also, whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account. For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.
In addition, if you have not frozen your credit reports, this would be a good time to do so.
To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.
I also urge you to regularly go to the website https://haveibeenpwned.com/ where you can insert your email address and find what data breaches may have compromised your information.
Finally, Barnes & Noble customers should be on the lookout for spear phishing emails.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”