I am sure most people are familiar with Gieco from its clever commercials which often feature a talking Gecko.  Geico is the second largest auto insurer in the country and recently it suffered a data breach in which the driver’s license numbers of an, at this time, undetermined number of its customers were stolen.  These license numbers can be used for a number of illegal purposes including synthetic identity theft where the criminals take a number of unrelated items of identification such as Social Security numbers and addresses to form a new identity for an imaginary person that they then use for criminal purposes.  Driver’s licenses are also used in applying for benefits such as unemployment compensation, which at the present time is experiencing a huge increase in fraudulent claims since the start of the Coronavirus pandemic.

One element of the Geico data breach is rather unusual.  Geico did not do anything wrong.  It did not have weak security.  Its computers weren’t hacked.  It did not fall prey to spear phishing delivered malware.  Instead the accounts that were hacked by criminals using the Geico passwords of their victims which were most likely purchased on the Dark Web where criminals who have committed large scale data breaches sell the information they have stolen which often includes passwords.  The problem, as Shakespeare would say,  is not in the stars, it is in ourselves.  Too many of us, for convenience sake use the same password for all of our online accounts which puts all of our accounts in jeopardy if any one account suffers a data breach.  It is critical that you have a unique password for each of your online accounts.  You also should, wherever possible, use dual factor authentication.

TIPS

You should have a unique, strong password for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked.  Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Most websites will allow someone to change their password by answering a security question, which often does not pose a significant deterrence to cybercriminals who are readily able to get the answers to common security questions, such as what is your mother’s maiden name.   An easy solution to the problem of the answers to knowledge based authentication security questions being too readily available on the Internet is to make the answer to your security question nonsensical. For instance, if your security question is what is your mother’s maiden name, you can pick something ridiculous, such as “firetruck” as the answer. No hacker will ever be able to find the answer to this security question online and it is so silly that you will remember it.

Finally, whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/