- Be certain your PC's operating system is up-to-date with the latest security patches as well as your Anti Virus and Firewall software.
- No matter how official it looks never click on an embedded URL contained in any email even when it appears to come from your own organization. Manually enter the URL in your browser address bar for your banking and credit card websites.
- Do not fill in forms contained within email including those that may appear to come from within your own organization. Your personal financial information should never be sent by email. Only send your personal financial information via a secure website - verify that the URL contains https:// and that the closed lock appears on the lower right hand side of the browser for a secure website connection.
- Never click on an email attachment unless you know the sender and you were, in fact, expecting to receive the attachment.
- Monitor your banking and credit card accounts online and check for illegitimate transactions regularly.
- Use an online credit monitoring service that offers alerts when there are any changes to your credit report (i.e. new accounts and purchases).
- Register with a credit card security system that requires a password to authorize transactions, such as Verified by Visa or MasterCard SecureCode.
- Do not use the auto- fill facility on websites for credit card and other personal details.
- Use alternative secure online payment systems such as PayPal.
- Finally, common sense is your best defense-- if it looks too good to be true then it probably is.
For the organizations that are the subject of these attacks, beyond the typical best practices for network security, consider the following additional suggestions as additional risk mitigation for targeted ID theft:
- Review and if necessary revise your security policies and procedures and be sure they address the many issues of ID Theft for both the organization, your clients and your employees
- Take a multi level security approach to ID theft
- Evaluate internal controls and procedures;
- Don't limit authentication to the user - authenticate both the user and the individual transaction separately and independently;
- Use two factor authentication - but not simply as a replacement for single factor authentication;
- If you are not using fraud detection methodologies they should absolutely be considered in light of the explosive growth of ID Theft.
- Communicate with your customers and employees
- Let them know you would never include a clickable URL within and email;
- Let them know in any email you would address them by their first and last name;
- Let them know you would not send them an email attachment that they would not have been already expecting;
- Always remember that your biggest bang for your buck typically comes from user awareness training for both your employees and your customers.
- Continuously monitor current threats and make the necessary adjustments in a timely manner – time is not on your side when confronting today’s menaces, either internal or external, on your enterprise network.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.