If you’re a freelancer, you’re probably familiar with the painfully annoying feeling when customers or vendors insist on paying/receiving payments through a very specific gateway/payment processing solution you’ve never heard of. Now suddenly, the presence of your bank account information on the internet is getting more significant. And the math here is pretty simple: the more services you use, the higher the odd your personal info will be compromised.
What is account takeover fraud?
In today’s world, data breaches happen every day. These attacks usually target companies with large databases in order to obtain people’s account information, including usernames, passwords, email addresses, phone numbers, and addresses. Later, these credentials will be sold on the dark web.
Sometimes compromised credentials will be used by the attacker to execute an account takeover – where the attacker will try to get access to the compromised account and use the account information (account number, debit card details, billing info…) to obtain products and services using that person’s existing accounts.
Account takeover may also occur by a more engineered approach, where the attacker is tricking people into giving up their confidential information by making them think they’re communicating with trusted sources via email (phishing), phone (call or smishing), stolen physical mail, etc.
How to protect your bank account from takeover fraud
Now here’s the good news: you don’t have to be a cybersecurity expert to protect yourself against Account Takeover Fraud. There are a series of simple common-sense action you can take right now:
- Use a unique password for your main email account and different passwords for all your financial accounts. Don’t use them anywhere else.
- Use multi-factor authentication every time you’re given the option.
- Monitor your financial accounts and credit report at least once a week and report suspicious activity immediately.
- Never write down your password, neither on a physical or virtual note.
- If you feel like you have too many passwords in your head, consider using a password manager. (both Android and iPhone come with one built-in the device)
- If you work “on the go” and use a lot of public wi-fi, consider using a VPN service.
- Avoid sharing important personal information with untrusted sources (Rule of thumb: always ask why they’re asking!)
- Double-check everything online: is the Instagram account verified? Does the sender’s email address contain the exact name of the company or a version of it – [email protected] is legit, [email protected] isn’t, and yet at first glance they look pretty similar.
- Lock your mailbox if possible and collect your mail frequently. If you don’t receive physical mail for three to four days in a row, check with USPS that your mail hasn’t been put on hold without your knowledge – this method is sometimes used by attackers to make you miss account changes notifications sent via regular mail.
- Shred documents containing sensitive information is before discarding them.