Consumer First Alert: Cybercriminals changing tactics in data breaches

Although criminals are now targeting businesses, individuals shouldn’t let their guard down
Published: Feb. 7, 2021 at 11:28 AM CST|Updated: Feb. 8, 2021 at 5:20 PM CST
Email This Link
Share on Pinterest
Share on LinkedIn

GREEN BAY, Wis. (WBAY) - We’re now getting a closer look at how cybercriminals are stealing your information.

A new report shows a drop in the number of people impacted by data branches - but businesses are losing millions - as criminals change tactics to steal information, and go after big money targets.

Consumer experts say the criminals are doing it through phishing attacks on employees and going after businesses.

Action 2 News spoke with Eva Velasquez, the President and CEO of the non-profit Identity Theft Resource Center (IDTRC) to break down its annual report on trends in data breaches.

“One of the troubling trends that’s this increase in phishing and ransomware,” said Velasquez.

Cybercriminals went hunting for vulnerability in 2020. Last year alone, 51% of employees in the United States worked remotely, and 33% still are.

Business e-mail scams cost $1.8 billion in 2019, and the average loss grew 48% in 2020.

Thieves are targeting companies - both big and small ones.

“There are ways to thwart their efforts, there really are - and that’s having redundancy and backups, so that if your system is infiltrated, that you already have a backup system you can work off of,” said Velasquez. “The conventional wisdom is don’t pay the ransom and that is a really difficult decision for a business to make so they can continue to move forward in their operations.”

The IDTRC says the average ransomware payout has grown from less than $10,000 two years ago to more than $223,000 in 2020.

“Do your back-ups. Patch known vulnerabilities in your system. That’s another great tip for individual consumers: when updates come out, go ahead and do them right away,” said Velasquez. “That’s a race. When those patches come out, those are known vulnerabilities - the thieves know it, too.”

Article continues below the video

Velasquez added that employers should train employees as well.

“They would rather get a legitimate login credential and access the system rather than brute force into it. We are the weakest link when it comes to those things. If we don’t understand legitimate requests and e-mails look like, we’re apt to click on that link and compromise the whole system,” said Velasquez.

Cybercriminals use phishing e-mails and spoofed websites to steal your personal information.

There are more than 15 billion stolen credentials, such as logins and passwords for sale in underground identity markets.

“The best way to reduce your risk is to use a strong and unique password,” said Velasquez. “And it doesn’t necessarily have to be crazy long, it can be a pass phrase. 12 characters long and make it unique. Don’t use your same password over all of your accounts.”

The IDTRC says it’s encouraging to see a 66% drop in the number of individuals hit in data breaches last year- but it doesn’t mean the problem is going away.

“We really don’t want this headline to create complacency for people to think ‘Okay, I don’t have to worry about this anymore.’ Unfortunately, you do really need to pay attention. But all of the best practices we’ve had in place... add a couple more things to your routine - good password, and not clicking on links in unsolicited e-mails. Go to the source and verify that it’s legitimate,” said Velasquez.

Anyone wishing to learn more about the IDTRC can do so by CLICKING HERE. The IDTRC is a resource for anyone who has questions about cyber security, or is a victim of identity theft.

Copyright 2021 WBAY. All rights reserved.