Skip to main content
Senior Security Analyst, @RAbrams explores the likelihood of cybercriminals already having access to your Social Security Number and offers ways you can protect yourself in the data breach-heavy times we live.



Check it out on the Webroot Blog and let me know what you think in the comments below! Maybe we'll get Randy himself to answer a few of your questions 😉
A lot of good information in the blog post. I'd add that due to the increase of breeches, at least some banking institutions are implementing stronger security and better information for free. I know this because I have a Discover card and they check my credit report for any activity and will send me a warning if anything is found. I also have a mortgage at Chase and they also check my credit report and will send me a warning. I can't remember what the exact schedule of those warnings is. I believe one sends a weekly report and the other sends a monthly report, and they will either text or email if something is found immediately. Discover will also not hold me accountable for any charge I didn't make. Most, if not all banking institutions have some kind alert system for transactions that you should set-up, if you haven't already. You should also check these settings from time to time, because they add new alerts and make changes, but don't always tell you.



A lot of sites still use security questions, and thanks to phishing scams and social media these are useless, but they still require them. My bank still wants me to use my mother's maiden name, which is matter of public record. I never understood how the word security fit into the term security questions, but they are still used. My suggestion is pick a question and use a randomly generated answer instead of the real answer. Then use a password manager (discussed below) to store those answers.



I've also found that using a password manager is a great added layer of security. My preference is LastPass, however there are others out there. They allow options like longer random passwords that are different for every site because you don't have to remember them. I can speak for LastPass, it has a Security Challenge option that will check the sites in your account and see if they've been involved in a breech. It will also tell you if your passwords are duplicated, weak, and have been used at that site for a long time. That last feature requires that the account be in LastPass for that length of time, it can't see before you add it. Other password managers may have the same or similar features. I'm not suggesting that you have to use any one in particular, I'm just most familiar with LastPass.



Apps and sites that have your data should be checked every so often to see if the settings have changed. For example, you should check Facebook's settings to make sure that it's still safeguarding your data. Okay, that's a joke, but safeguarding it by their standards. Make sure that the settings haven't changed and if so, update them to what you want them to be. For something like Facebook, you need to check the settings for the website and for the app on your phone or tablet. You'll find that the settings are different and don't necessarily carryover from one to the other.
@NicCrockett Thank you! You just made my point and gave some excellent advice. Rather than freaking out when a data breach that involves SSNs, you have prepared yourself. Your comments are excellent advice. About a decade ago I wrote and article for the San Diego Business Journal titled "Dishonesty As A Policy." The entire point was lie about your answers to security challenge question. I too use a password manager to store my lies. I also use it to store receipts ad product ID codes for software I buy. There are cases where I don't store my password in LastPass though. I don't store my LastPass password. I don't store my personal computer login, and I don't store my work computer login. I am also going to remove my cloud backup service password. There is always some risk that the password manager will be compromised and so I want my backup data to be secured. There is another case where I don't store my password... https://community.webroot.com/tech-talk-7/the-chimpanzee-s-guide-to-password-creation-328921



Thanks again!
One other piece of advice: Try to file your taxes as early as possible; tax fraud is becoming a problem: https://www.cnbc.com/2017/09/18/your-next-worry-after-the-equifax-breach-fake-tax-returns.html
@RAbrams is correct that there are certain things to store in a password manager and certain things not to store in them. He gives some great suggestions as to what not to store in them.



@sealey's comment on tax fraud is completely fake news. No one would ever do anything to take your money. Okay, obviously I'm joking. After all, we live in a world where the Nigerian Prince email scam exists. As you know, this scam asks for some money up front and you'll receive a lot in return. What you may not know, is this originates to before the internet. It's been traced back to at least the French Revolution where an aristocrat needs money to get out of prison. Once out he'll be able to get to the chest of jewels he threw into a lake and give you a large share. So, as you can see, @sealey's advice is very true. Some humans will do anything for money. They always have and always will.



History of the Nigerian Prince email scam
@NicCrockett I was doing some research for a potential Valentine's day blog about dating site scams. The thing that surprised be the most was that some of these sites actually have some excellent security advice. I'm not sure how many members read it though. And no, I didn't sign up for any of them. It would be a tough sell to tell my wife I signed up on a dozen dating sites "for research purposes."

This is a really, really good read. If you know anyone doing online dating refer them to it. Steve Baker, the author was the former director of international investigations for the Better Business Bureau



Note: This is a link to a PDF.

https://www.bbb.org/globalassets/local-bbbs/council-113/media/scam-studies/bbb-study-online-romance-scams-study.pdf



If you do not want to click on a link to a PDF then you can go to https://www.bbb.org/scamstudies and download it there. It is between the puppy scams report and the tech scams report.
@RAbrams I've read/heard about the dating scams The joys of listening to 40 hours of tech podcasts a week. Unfortunately I can't think of anyone to pass this on to, but if I do I'll pass it on. Thanks for the links.

Reply