OverSixty January 2023 Issue

4 NEWS ISSUE 3 | JANUARY 2023 | OVERSIXTY.COM.AU Protect your credentials Unfortunately, once a data breach has oc- curred there is no guarantee the organisation will “get back” the data. Even if the breached organisation were to pay a ransom, they are trusting a criminal or group of criminals to follow through on their promise that they have not copied, exploited or sold on the in- formation already. To stay safe: • Ask organisations that want your infor- mation why they need it, what they are go- ing to do with it, if they are going to share it with others, how they will keep it and for how long, etc. Under privacy laws you have rights and they include being given answers to these questions. • If organisations ask for scanned copies of your licence, passport or Medicare card, ID CARE NEWS So your personal information has been ex- posed in a data breach? IDCare offers these insights on how to manage the situation. Don’t let an organisation’s data breach become your scam With just a little bit of information, such as your full name or claiming to be contact- ing you from the breached organisation, an email, phone call or text message from a criminal can sound much more legitimate. When you consider how many people have been affected by data breaches in the last few months alone, scammers know that if they send enough emails or textmessages, ormake enough phone calls, they will have a pretty good chance of contacting someone whose information was breached. To stay safe: • Never click on links in emails or text mes- sages unless 100% certain of their origin. • Never feel pressured to respond to a com- munication. Scammers love pressure and getting people to act “now”. If this is happen- ing in a conversation, it’s likely to be a scam. End the call or delete the email. • Never give a person remote access to your devices. Scammers love remote access and there is very, very rarely a legitimate need to give a person control of your device. How to stay safe after a data breach ask whether they will accept an encrypted file or redacted copies of your credentials. It’s pretty easy for organisations to work out that it’s still you from redacted information, but it’s really hard for criminals to exploit this information if it got into their hands. Start at home and encrypt/password protect any images you have of your credentials and do some house-keeping on your email account by removing sent or received emails that contain this information or attached images or scanned copies. • Check your credit reports regularly – this is another thing that’s free under privacy laws. Credit reports will help determine whether there are applications for credit or to access your credit report in your name without your permission – both are signs of identity theft. • Don’t fall for the “I’m calling you from your bank/telco/local police station” spoofing scam. Phone spoofing – where a scammer disguises the number they are calling or texting from by changing their caller ID – is common. The telephone number can even appear to be that of the real organisation. • Do your own investigating about a caller, an email or message and see what the Inter- net has to say. There is no shortage of people who are experiencing the same thing. The only reason why scammers succeed is be- cause you don’t know what the scam is – so do your own research. • If it’s the breached organisation, ask them to provide you with unique details about the notification received or event. Breached organisations will typically engage a person in a manner they normally would engage when conducting their business. And if you are still unsure, call the organisation using the number you know is correct. It’s never a problem to be a little more curious and cau- tious about the legitimacy of those reaching out to you. Scammers only succeed if you don’t know what the scam is – do your research