When Leonardo DiCaprio played famed conman Frank Abagnale, it awakened many to the glamour of the con. In the movie Catch Me If You Can, DiCaprio (as Abagnale) cons flight attendants by pretending to be a pilot, his future father-in-law by pretending to be a lawyer, and even his own father using a credit card scheme. In essence, the movie showed that identity theft (opens in new tab) work best when it is believable.
Hackers are after you because you are a believable identity. You exist. You are real.
Without the internet, Abagnale relied on traditional methods, but in today’s digital age protecting our identities takes on a whole new meaning. We are in need of a whole new layer of protection and even of reworking our idea of what comprises identity management (opens in new tab). More than just our customer ID and home address, it is also our passwords (opens in new tab), face shape, location data and app usage. It requires an active effort to guard these aspects of identity, which are so much more intimately connected with our behavior and daily lives. In this age of intense sharing – our names, birthdays, addresses, weekend plans, shopping lists – identity as a proxy for scams has never been more tangible.
Don’t let a hacker become you
Our transparency has become our biggest weakness, as the ability to take the form of another person – real or fake – permeates our lives. All it takes is the click of a link in a phishing email, the oversharing of one critical piece of information, or the leak of one reused password (opens in new tab) that allows a scammer to fly under the radar using someone else's persona.
How do we both embrace our digital identities and protect them?
Take a zero trust approach
Zero trust is a concept that has taken hold in the cybersecurity (opens in new tab) community. It may be the buzzword of the decade, and you've probably heard it a million times. The fact of the matter is this: you can’t really trust anyone.
In your business, that should be the baseline at this point, but it's high time we all start adopting this as our personal baselines for protecting our identities. Before giving anyone access to your information, verify that they are who they say they are. Please confirm that your information won't be shared with people you didn't intend to share it with. Your data is currency, quite literally if it ends up being sold on the Dark Web, and in the wrong hands can cost you in more ways than one.
Think before you click
Worldwide, email scams are costing businesses and consumers well over $12 billion annually, according to the FBI. This number is a testament to how a simple link click can have a tidal wave effect. Because so many parts of our digital lives are connected, access to one small part of an identity can allow malicious actors to access your other logins or accounts, that allow hackers to slowly build up a full identity profile that helps them impersonate you very convincingly.
The best course of action to foil phishing attempts is to scrutinize every email you get to hover over links before clicking and don't enter information into forms without being sure that you're not handing over the keys to your digital identity in the process. Phishing emails are not slowing down either. A few months ago, a phishing simulation conducted by a Verizon DBIR contributor found that out of ~16,000 people, almost three times as many people not only clicked through a phishing link, but also provided their credentials to the simulated login page. The fake emails contained information about the coronavirus. Tapping into fear about any world events is a common trojan horse scammers use, but it can happen to anyone at any time.
A top phishing expert once fell for a phish because he is a champion Amazon shopper and was tired when the email came in and legitimately thought this credit card was declined. Long story short, it wasn’t, and he had to do A LOT of damage control in a short amount of time. Even if you are tired, even if you think it is secure, repeat this mantra after me: think before you click.
Much like we protect ourselves from the risks of the physical world elements with layers, protecting yourself from being a target in the first place is vital. Making things harder for scammers means you are less likely to feel the shockwave of consequences if you do somehow fall victim to a scam. Those layers include keeping your software up to date, using two-factor authentication (opens in new tab), and merely slowing down and thinking before acting. The other key to this is to think like a snake: shed your old skin. What we mean by this is take a shredder (opens in new tab), or if you don't have one use scissors, and tear your old sensitive documents to pieces.
These days, it takes little effort to believably shape-shift into another person, as the costume and theatrics are mostly no longer necessary. And so, it has never been more critical than right now to see identity as the agent of our futures, the future of our businesses, and then, protecting it fiercely. Make Frank Abagnale proud. He now works for the FBI—he traded his black hat for a white one.
- Charles Poff, CISO, SailPoint (opens in new tab).
- Connect securely online with the best VPN (opens in new tab).