As you may have heard, Russian hackers stole more than a billion user names and passwords for email and other types of online accounts.
I want to share a bit of information about this reported cybercrime and I want to tell you about the single most important step you can take to make sure you never lose a dime as a result of someone hacking your personal information.
After all, at some point in your life your financial accounts will be hacked. You will have credit card and/or other personal and private financial information stolen and someone will use that valuable information to steal your money or make purchases with your credit.
It’s a fact of life. It’s going to happen. For many of us it’s already happened.
Why? Because you can do everything in your power to protect yourself – you can follow every tip and suggestion I give you – and you’ll still be victimized because you don’t control all of your personal and private financial information.
Think about it. Unless you keep your money under your mattress or buried in the backyard – and I’m not suggesting you do that – you have to rely on the security of the financial institutions you entrust with your savings and investments.
And, invariably, that trust will be broken.
Cybercriminals are going to continually attack and defeat the electronic fences financial institutions attempt to erect around your financial accounts.
Whether working alone, as part of organized crime, or on behalf of nation-states intent on penetrating the financial infrastructure of the United States, hackers are constantly probing and thwarting the cybersecurity of banks and investment companies.
It’s a fact of life that there is no truly secure computer system. There is always a way to penetrate cybersecurity.
But, there is a way to be sure that any financial loss is born by the financial institutions you entrust and not by you. And this technique is so obvious – so commonsense – that when I tell you, you’re going to get mad at me.
First, some resources to check about the reported Russian hack.
The always excellent Brian Krebs has some good info about the incident in his piece, “O&A on the Reported Theft of 1.2B Email Accounts.” As it turns out, Krebs knows the individual, Alex Holden, who broke the story and Krebs discusses whether or not the incident is real (some think not) and as large as reported.
The Federal Trade Commission (FTC), who I assisted with a sting operation against rogue “information brokers” back at the turn of the century (sounds so long ago when I put it like that!), has some good information in “Russian Hackers Might Have Your Info – Now What?”
I know many folks are not very trusting of the federal government – for good reason! But, having been a consultant to the FTC, I can attest to the fact that it does have some very dedicated professionals when it comes to information security. The suggestions in the piece are solid, if somewhat rudimentary.
Over at Wired magazine, “Follow These 4 Easy Steps to Toughen Up Your Passwords” is a straightforward piece with good suggestions about password security.
Additionally, while not specifically about the Russian hack, “Was Your Brokerage Account Hacked? Here’s How to Know” has some solid information about password security when it comes to investment accounts.
OK. Let me share with you the most important security advice I give all my audiences when I’m paid to speak at conferences about identity theft, cybercrime and information security.
And please remember I already warned you that you’re going to get mad at me when I tell you this because it’s so simple.
Read your financial statements every month.
Yet, every study shows – and every audience I’ve asked during the more than 15 years I’ve been speaking at information security conferences confirms – people don’t review their financial accounts on a monthly basis.
That means they’re not checking their credit card, checking, savings, and investment accounts on a regular basis to be sure there are no fraudulent transactions.
So, in many cases, once they do discover fraud, the fraud has been going on so long, or is so far in the past, they have a hard time recovering the funds. In short, they may never recover their money.
Yes, as you might know, credit card companies have to refund you for all but $50 lost due to fraudulent transactions on your account. But the more time that has elapsed between the fraud and you reporting the fraud, the harder time you will have convincing the card company that you were a victim and should be reimbursed.
Further, and very important, depending on the amount of time that has lapsed between the fraud and you reporting the fraud, other types of financial accounts – including debit cards – may not have to reimburse you even if you can show that the transactions are fraudulent.
Still, even with financial accounts where the financial institution is not legally required to reimburse your account if you are the victim of fraud, they are more likely to make you whole if you report the fraud within 30 days of it taking place.
In other words, if you come in a year after the date you claim your account was hacked and demand that the bank or investment house make good on the lost funds, you’re going to have a very difficult row to hoe. But, if you alert the institution within a month, they will almost always refund your account.
Because they don’t want the reputational harm that comes with the publicity that they’ve been hacked and didn’t refund the accounts of innocent victims who make timely notice of losses.
It really is that simple. They don’t want reputational harm.
Trust me. I’ve been doing this for quite some time. At the end of the day, no matter what other security steps you take, the best way to be sure that you don’t actually lose money when your financial account is hacked is to review your account at least every month so that you can immediately report the loss and get refunded.
Do you have a personal story of dealing with a financial institution after your account was hacked? Email me at [email protected]
Be safe and secure,
Rob Douglas – Former Washington DC Private Detective, Information Security Consultant and Certified Identity Theft Risk Management Specialist