Two things are happening right now that make people especially vulnerable to cyber threats.
1. Cybercriminals are taking advantage of new vulnerabilities created by remote work and other COVID-19-created circumstances to target and extract valuable personal data.
2. The pandemic, coupled with unrest over racism and societal injustice, has created uncertainly and fear. When emotions are high, humans act less rationally, or carefully, making them extra susceptible to scams.
COVID-19 scams take many shapes. The IRS, for instance, has urged Americans to be extra careful with emails, texts and calls that mention “stimulus check.” The FTC issued a warning to consumers not to fall for offers of vaccinations or home test kits.
It’s important to understand that not every data breach opens victims up to COVID-19-related scams, or at least not to the same degree. That’s because every data breach exposes different types of information. Here are three types of data breaches that pose the greatest COVID-19 scam risks to their victims.
This type of breach is exemplified by the Relation Insurance Services breach, reported in February 2020. Scoring a Breach Clarity Score of 10 – the highest risk level on the scale – this breach exposed victims’ Social Security numbers, payment card numbers, contact information, health records and a host of other data types.
While many of these data types are associated with conventional identity crimes, like fraudulently opened financial accounts, they also are extremely valuable to scammers impersonating a trusted organization, like a bank or government agency.
Breaches that expose mass quantities of “soft” data, such as information on a victim’s habits or behavior, pose their own unique risks.
One recent example is the Tetrad breach, also reported in February 2020. This breach exposed a database containing records on 120 million American households. Although the breach only ranks a 1 on Breach Clarity’s scale – reflective of the difficulty required for criminals to misuse the compromised data – highly targeted scams, like spearphishing or whaling, are likely the greatest risk arising from this kind of incident.
With data on victims’ personal habits and interests, such as where they live, what they buy and their personal preferences, scammers can seek out the most vulnerable segment of victims and tailor their message to make it as effective as possible.
Breaches directly tied to COVID-19 assistance programs pose particularly concentrated risk to victims.
Those breaches include the U.S. Small Business Administration, which exposed data on nearly 8,000 small business owners applying for the Economic Injury Disaster Loan program. A second example is the Arkansas Division of Workforce Services, which exposed the Social Security and bank account numbers of approximately 30,000 applicants applying for Pandemic Unemployment Assistance.
In today’s reality, data breaches are a commonplace occurrence. The odds are most individuals in the U.S. will be personally impacted by two each year. The good news is there are steps you can take to stay safe from scammers pointed in your direction thanks to stolen personal data.
Any time you are notified your personal information has been compromised in a data breach, use Breach Clarity to protect yourself. There’s no cost to access our proprietary algorithm, which will analyze more than 1,000 elements of the breach to determine the specific risks you face and the top actions you should take. And watch for our upcoming Breach Clarity Premium–which provides 10-20 times as much information and features–exclusively available through service-focused US banks and credit unions.
Breach Clarity’s proprietary, machine learning algorithm instantly analyzes more than 1,000 elements to score the risk level of a data breach. Each publicly reported data breach in the U.S. receives a Breach Clarity Score on a simple numerical scale, typically from 1 to 10. Breach Clarity’s dynamic algorithm and easy-to-use interface runs on the most comprehensive source of data breaches in the U.S., maintained and updated continuously by the Identity Theft Resource Center. To learn more, or to check the score of a recent data breach, visit breachclarity.com.
Kelly Moore (for Breach Clarity)
515-720-9670 (texts welcome)