It is already a reality, the pandemic and the transition to the digital world have changed the way of doing things. Thus, the adoption of remote work and the use of cloud services are becoming more important. However, they are not the only ones we give importance to, so are our different types of accounts such as email, social networks and more. Therefore, we must protect them and use them carefully, because if we do not do it well they can be stolen and used to impersonate our identity. In this article we are going to talk about cybersecurity mistakes that can lead to identity theft.
All the mistakes you shouldn’t make
To be safe on the Internet and that our money and digital identities are not exposed, it is very important to take into account a series of quite common mistakes that are usually made, with the aim of not committing them.
Identity theft, a growing threat
Criminals are no longer just found on the streets. We also find them on the Internet and they carry out their attacks to obtain benefits. We commonly know them as cybercriminals, and one of the practices they engage in is identity theft.
In this regard, Spain is the country within the European continent in which more identity theft occurs on the Internet. Also, according to a recent report, customer identity fraud, in which fraudsters use a customer’s legitimate data to impersonate their identity, is the most common in companies, according to 58% of those interviewed. Undoubtedly, these types of scams are very recurrent and are of great concern to companies. Now we go with the most common mistakes that can lead to identity theft.
Misconfiguration of the profile in social networks
A very common mistake usually leave our social media profiles public. The first thing we have to do to prevent identity theft from happening is set our social media profiles to private. Thus, only a small number of people have access to your personal information.
The reason is that public profiles on Facebook, Instagram or Twitter offer a lot of sensitive information to cybercriminals. Thanks to them, they can get answers to account recovery questions and take control. For example, some typical ones ask us to put the name of a pet, the name of your school and the like.
In addition, having knowledge of our social contacts gives them the possibility to carry out a Phishing or other type of attack. One of them more specifically may be Spear Phishing.
Weak passwords and not using 2FA
A competent cybercriminal, and maybe even a hobbyist with a bit of free time, can crack any weak password in no time. Therefore, we will touch create a strong password with these characteristics:
- Contain at least 8 characters in length.
- As for the format, it must include uppercase, lowercase, numbers and special symbols.
also another very common mistake is not activating the authentication in two factors or 2FA if it is available in the service. Thus, if we have it activated, even if they find out the password, they will not be able to do anything, because they will need to enter a code to log in. In short, since they cannot complete that second step, they will not be able to enter that account. This code to protect our accounts can be obtained, for example, with an SMS or a mobile app like Google Authenticator.
Not monitoring accounts, a serious mistake
We must also worry about checking that our passwords have not been leaked. In that aspect, in addition to having a secure password, you should not use it for more than one platform or website. If we did it like this in case of a leak instead of one compromised account, we would have several.
For example, if we have our passwords saved in our Google account, we could check it by clicking on the following link. All you have to do after that is click on Go to Password check.
After doing so, it will show you if you have a leaked password and if you have a weak one, it will recommend you change it.
Finally, we must be attentive to the emails that tell us that the credentials of our accounts have been leaked. Although some may think that it is Spam or a Phishing attack or another type, on many occasions they are real. In those cases it is convenient to change the password for security but we will do it without clicking any link in the email. We will do this password change directly from the website or platform.