The scary truth about account security and tips for not getting hacked on Friday the 13th… or any day.

Friday the 13th CalendarAccording to Accenture’s global survey, security breaches have increased by 67% over the past five years. And the latest Verizon Data Breach report found that over 70% of employees reuse passwords at work and that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

It’s easy to believe that identity theft won’t happen to us. But the statistics indicate it very well might. A 2018 survey by The Harris Poll found that nearly 60 million Americans have been affected by identity theft.

So on Friday the 13th, a day associated with horror films and superstition, we’ve outlined some very real everyday threats to be aware of and a few tips on what you can do to protect yourself and your business.

Reusing passwords. We get it. Strong passwords are hard to remember and getting locked out of an account is a huge headache. But until more businesses adopt better ways to authenticate, consumers need to be vigilant about their password hygiene. Don’t reuse or share passwords and be sure to change your passwords when they have been compromised. One way to check is to install Google’s Password Checkup extension for Chrome which will alert you if you enter a username and password that has appeared in a data breach known to Google. If your job involves securing access to online, mobile or traditional channels, look at how biometric authentication can not only strengthen security, but give users the convenient, effortless user experience they want.

Social Engineering. In his book, The Art of Deception, famous ex-hacker Kevin Mitnick focuses on the “human element” of security. Fast forward almost 20 years since the book was first published and social engineering is still, if not more so, a threat to our accounts and data. With just a little personal information, hackers are able to gain trust to get more information and ultimately put the pieces together to successfully hack an account. Beware of increasingly sophisticated phishing attacks, as well as publicly posting personally identifiable information on social media that can be used to answer security challenge questions, or even uncover your password.

Deepfakes. Advances in AI, synthesized speech and other technologies are enabling some frightening cases of audio and video deepfakes. You have likely seen these attacks on political figures and celebrities, but an audio deepfake was also recently used to trick a UK CEO into making a $243k fraudulent wire transfer. And this threat doesn’t just target high profile users. As we see increased use of voice and facial recognition for authentication, the ability to detect spoofing attacks that use recordings, computer generated speech, high resolution photos, masks and more, is critical for all of us. As consumers, we should be aware of how “real” these deepfakes look and sound. Businesses deploying biometrics for authentication need to consider the importance of liveness detection technologies. 

SIM swapping. Last week, hackers used an increasingly common scam called SIM swapping to take over Jack Dorsey’s Twitter account. The scam enables fraudsters to steal a user’s phone number and subsequently gain access to social media, financial accounts and more. It’s important for consumers to know the signs of a compromised mobile number. This Aspect blog post outlines 5 warning signs to look for. Mobile operators should seriously consider Voice Biometrics and Voice Anti-Spoofing technology to help stop hackers from using social engineering and deep fakes for SIM swap fraud.

If you’re one of the people responsible for building authentication systems and you are not already evaluating how biometrics protects against security threats, now is probably a good time to get started.  Reach out to us today.

Menu