The Federal Trade Commission (FTC) estimates more than 9 million Americans have their identities stolen each year. As workplaces moved into home offices and people spend more time online during the pandemic, the Federal Bureau of Investigation (FBI) says the business of stealing data picked up.

“Criminals can do a lot with someone’s personal information. They can drain bank accounts, take out lines of credit, open new bank accounts, file for your tax refund, even commit healthcare fraud. People have to be aware that these crimes are happening everywhere and know how to protect themselves,” says Special Agent Frank Norris with the FBI Jacksonville Cyber Squad. He explains criminals are constantly seeking opportunities to steal personal and business data - using elaborate phishing schemes to target victims through email, websites and telephone scams. 

Online Scams

FTC data shows a record surge in online scams since the beginning of the coronavirus pandemic. According to the FTC Consumer Data Protection Spotlight from April and May 2020, more than 34,000 users complained about problems related to online shopping and phishing scams.

“These scams are often in the form of phishing and spoof emails linked to bogus websites and accounts,” says Norris. “Every day there are more social media sites out there, people are doing more shopping and business online, and as a result, they are putting more of their information online.”  

In addition to posting less personal information online, Norris recommends users keep separate passwords for all online accounts and think twice before clicking on email offers or social media ads that sound too good to be true. 

“Never put your information into websites that are not secure and might not seem safe,” says Norris. “We are creatures of habit, using the same email or the same password for every account, which puts us more at risk of becoming a victim of identity theft. It may be fun to fill out a survey on social media asking for your pet’s name and favorite color, for example. Those questions give criminals a lot of information about you, hints to what your passwords might be and information that gives them access to your private accounts.”

Business Email Imposters

Just as criminals create bogus ads and accounts to scam online users, the FTC warns business owners that scammers also plan schemes to gather personal information from unknowing employees in order to create spoofing or imposter email accounts.

“We have had reports of social engineering scams where someone calls or sends an email in an office setting asking for information,” says Norris. “They will be looking for information about who works in key positions such as accounting and IT. If they are looking for obvious answers, even information as simple as your colleague’s email address, it can be used to compromise an identity.”

The Business Email Compromise (BEC) scam, Norris explains, is another way criminals work to obtain personal information and bank account numbers from unknowing coworkers.

“If a criminal gets that information, they will ask for more until they have enough to steal an identity or many identities,” says Norris. “Once scammers compromise a business email account, they will even go as far as to email entire departments asking for direct deposit information of employees.”

Teleworking by Wi-Fi

Whether traveling or teleworking from home, the FBI warns to be weary of public Wi-Fi and consider that there could be a Wi-Fi hacker nearby trying to take a peek at a user’s online activity.

“We call this the man in the middle attack. When people log on to public Wi-Fi, they put themselves in front of hackers,” says Norris. “The hackers can put themselves between you and your connection and redirect you to websites – even steal your credentials if you were to go to a site and login.”

According to FBI data, there are 68,000 Wi-Fi hotspots in the United States – at airports, coffee shops, hotels, book stores, hospitals and schools - where hackers wait nearby to access laptops and other electronic devices. When a hacker is able to connect to a computer, they access all of the sensitive information it contains including user IDs, passwords, credit card numbers, etc.

“We recommend that people only use public Wi-Fi for browsing. Don’t log in to anything that puts your information at risk,” says Norris. “Don’t check your email or any of your accounts when you are on public Wi-Fi. Hackers are everywhere.”

According to the Federal Trade Commission (FTC) phone scams, phishing emails and bogus websites may seem legitimate, but often trick users into clicking on a link via text message, an online advertisement, or to open an attachment for payment. The FTC says these scams may:

• Look like they are from a company you trust or someone you know
• Say your account is on hold for issues
• Have a generic greeting
• Invite you to click on an outside link to make a payment

Scammers launch thousands of phishing attacks every day which Norris explains are often successful.
The FBI’s Internet Crime Complaint Center (IC3) reported that people lose approximately $57 million to phishing scams each year.

The FBI offers these tips to keep your personal data protected:

• Use a two factor identification app on your phone or your home computer for maximum security.
• Think twice before you click on email or ad offers.
• Check to be sure the company’s name is spelled correctly.
• Keep passwords unique.
• Never use the same password for every online account.
• Never save passwords electronically.
• Avoid using public Wi-Fi. If possible, use a reputable Virtual Private Network (VPN) while your online activity.

If you believe your personal information has been compromised through a cyber or online phishing scam, file a report with the FBI’s IC3 by visiting www.IC3.gov.

“These reports help us connect cases to see when and where these things are happening. When credit cards, banking information or any personal information is compromised it becomes a major intrusion on people’s lives,” says Norris. “We are urging the public to report these crimes when they happen, or if your information has been compromised.”