Frequently Asked Questions
Doesn’t ransomware primarily affect big companies? Do I really need to be worried?
There is a common misperception that individuals and small businesses are not at risk from ransomware. During the past 18 months, it’s true that ransomware gangs have mostly focused on attacking larger companies — but that trend may be shifting because of two technological advances:
- The increased use of automation by cybercriminals, which makes targeting small businesses and individuals as easy as targeting large companies.
- The evolution of ransomware as a service (RaaS), which enables people to make a quick buck by distributing ransomware. As they look for targets, small to mid-size businesses and individuals will increasingly find themselves in the crosshairs.
What is ransomware?
Ransomware is a form of malware, or malicious software, used to encrypt sensitive files held in business and personal devices, essentially locking users out of their own data or networks. Once deployed, the ransomware encryption restricts access to files and the victim receives a notice that a “ransom” must be paid to unlock the data or device. The ransom request often requires payment by Bitcoin or other types of anonymous cryptocurrency. Access to data is supposed to be restored once the ransom is paid and the attackers provide a decryption key. In a trend that is increasing in frequency, though, that data is often also stolen — either to demand additional payments from the victim or to sell it on the dark web.
Phishing seems like an issue that can affect everyone involved with schools, from teachers to students. What can we do to avoid getting conned?
With cyberattacks, phishing is one of the oldest but still one of the most prolific means of attack. The best advice is don’t click on a link or give any information to someone who you haven’t contacted directly through a verified phone number or email. No matter how authentic a communication sounds and looks, you should disconnect from the communication and instead use the contact information and links on the organization’s legitimate website. If you get a UPS non-delivery notice email or a PayPal account closed warning, for example, find the real company contact information online, call their customer service, and confirm if the notification was legitimate.
What should I do if I’ve already responded to a phishing email or smishing text?
First, give yourself a break. Cybercriminals have become extremely good at tricking people, so don’t beat yourself up. You will need to take steps to protect yourself, however. Immediate actions should include changing your account passwords, reporting the incident to your company’s IT team if it happened at work, updating your browser, and monitoring your identity and credit.
How can I tell if an email is real or if it is a phishing email?
Differentiating between phishing attempts and genuine emails is not nearly as easy as it used to be — but there are clues to look for.
- Be wary when there’s a sense of urgency. Does the email state your bank account has been hacked, a package is going to be sent back, or your account is going to be canceled unless you give information? That should raise a red flag.
- Look at the sender’s email address. Often, phishing emails come from a non-corporate email address or the spelling is just slightly off, with lookalike letters such as an “I” used instead of an “l.”
- Are there multiple typos or bad grammar? If you get an email claiming to be from a major corporation but it includes several typos and bad sentence structure, it’s likely a fake.
- Know where links are taking you. Hover over any links to see if the URL for that link is as it’s supposed to be.
- Take a zero-trust approach. To verify offers or confirm action is needed on your account, go to the company’s official website and contact their customer support using the phone number there. Never use links or phone numbers sent in the suspect message.
My entire family — kids to grandparents — use social media. What are some good guidelines to keep our identities safe?
Here are some guidelines:
- Click with caution. Be wary of links that come across your timelines in social media; they could be part of a phishing attack that redirects you to a fraudulent website.
- Create a “strong” password. Make sure you create strong passwords for your social media accounts and make them unique. If a hacker cracks one of your passwords, they can easily hack into other accounts, including your financial accounts if you are using the same password everywhere, which is a big no-no.
- Post with caution. What you post online is permanent, even after a social media account is deleted, so be cautious about what you share, especially information or pictures/videos of your kids.
- Don’t over-share. Identity thieves can learn a lot about you, like your pet’s name, your child’s school, and more, by simply viewing your social media profiles. They can then use that information to hack into your financial and other accounts.
- Don’t be too friendly. Only accept invitations to “connect” from people you know or who have a legitimate reason to contact you.
- Too much, too soon. Children under the age of 13 should not be using social media sites, nor should they be allowed to surf the web unsupervised. Make sure they know the ground rules for social media usage in your family and monitor them continuously.
- Filter out the “not safe for kids” content. Research software or online services that filter out offensive materials and sites. Cable services can block inappropriate TV channels and you can set up your digital devices to keep kids from viewing offensive content. The best filter at home is to set up your family devices in the living room, family room, or any room where you spend a lot of time together.
- Don’t share your contact list. Often, upon logging in to social sites like Facebook and LinkedIn, you will see a prompt to share or import your contacts. Don’t do this — it’s not safe! Your friends will thank you for keeping their information secure.
If my child is exhibiting many of the signs of cyberbullying, what should I do first?
Realize that it may depend on the age of the child. A teenager, for example, may be extremely closed off. You’ll need to put them at ease so they can open up. You might get them to join you for a walk by saying, “Come on, I need to get some exercise,” as the pretext. Don’t ask them boring questions like “How is school/how are your friends?” Instead, ask them about things in which they are interested. Get them talking and they’ll become more open if they don’t feel like you’re going to lecture them. Then, as they start opening up, you can start asking some probing questions to determine if there is a problem. Enabling that conversation is the important first step.
Do you recommend interacting with our children’s posts, even just “liking” them so that they know we have their back on social media?
This decision is unique to each parent. Consider whether you want to be a passive observer rather than an engaged parent online. Let them know that you’re following them. You may not have to engage with them at all online.
Do schools typically get involved when it comes to cyberbullying?
Yes, absolutely. Schools take cyberbullying very seriously, especially if it’s happening between two students within a school. They’ll also escalate a response quickly if it’s happening during school hours or on school property. School personnel undergo training for how to recognize cyberbullying, how to handle it, how to escalate, and knowing when it’s appropriate to engage law enforcement.
Child ID Theft
How can I protect my child’s personal information from identity thieves?
Child identity theft is a serious concern, with the Federal Trade Commission reporting a 50% increase in identity theft victims under the age of 19 in 2020. Some of the steps you can take to reduce the risk to your child include:
- Lock down your family’s personal information. Don’t feel pressured to provide sensitive information when completing forms at school or for extracurricular activities. Ask how the information provided about your child is used and store important documents in a safe place and shred any that are outdated and unnecessary.
- Check your child’s credit. The FTC recommends checking to see if your child has a credit report as they reach age 16, giving you time to resolve any found issues before they apply for credit cards and loans, a job, or an apartment at age 18.
- Freeze their credit. The law allows parents to freeze their children’s credit for free. Each credit bureau has a process for legal guardians to follow, so check for details.
- Safeguard your family with identity theft protection and have an extra set of eyes monitoring your family’s personal information.
A family plan to Sontiq’s IdentityForce includes the option to select ChildWatch, our child identity theft protection and restoration services that recently earned the Parent Tested Parent Approved (PTPA) Seal of Approval for an unprecedented eight years in a row. ChildWatch includes:
- Thorough and ongoing identity monitoring
- Smart SSN Tracker, which alerts you if there is an unfamiliar name, alias, or address associated with your child’s Social Security number
- Award-winning Social Media Identity Monitoring Suite
- $1 million in identity theft insurance and fully managed recovery services
To learn more about the harmful effects of child identity theft and the simple steps you can take to protect your children’s personal information, visit our Member Support area under Identity Theft 101.
Where is my child’s personal information at risk?
Any place that stores your child’s personally identifiable information (PII) is a possible risk. Schools and health providers in particular are under increased threat from cybercriminals with ransomware attacks having increased dramatically in the last few years. Don’t readily give a child’s personal information, such as a Social Security number, when asked. Find out if that information must be used or if there are other options, and inquire about the security measures being employed to keep that information safe.
Family ID Theft
What can I do when I feel totally overwhelmed by everything I need to do to protect my identity?
Don’t be scared into inaction. You don’t have to do everything at once. Practicing cyber and identity hygiene is all about doing little things that add up. Think of it as adding layers, where every little thing you do adds up so that you’re not the cybercriminal’s low-hanging fruit for attack. Download tip sheets like this one and check off the items as you complete them. You’ll be surprised how much impactful progress you can make in a short time!
I’d like to learn more about how to protect my family. What do you recommend?
Our Resources page features educational blogs, tip sheets and webinars that highlight the latest threats to your identity and how you can best protect all the identities for which you’re responsible.
What should I do if a family member’s personal information or identification documents have been stolen?
If you suspect that someone has stolen your identity, there are several things you need to do.
- Report the theft to the local police, the Federal Trade Commission (FTC), and your State Consumer Protection Office or Attorney General. You should also contact the company or financial institution where the fraud occurred to inform them that a false account has been opened in your name. For tax fraud, contact the IRS.
- Freeze your accounts by contacting the three credit reporting agencies—TransUnion, Experian and Equifax.
- Call your bank to report the situation to the fraud departments of all of your financial institutions (any and all banks with which you do business or have current accounts).
If you are an IdentityForce member, call our Member Services team at 1-877-694-3367. Many of our experts have been doing this for 20+ years and we offer comprehensive identity restoration through our certified experts. There are additional resources on the FTC website that are helpful and instructive for victims of identity theft.
Are identity crimes increasing, decreasing, or staying flat?
Identity crimes continue to increase. In 2021, the Federal Trade Commission’s Consumer Sentinel Network reported a 73% increase in identity theft – growing from 650,000 reports in 2019 to nearly 1.4 in 2020.
The FTC also noted the number of identity theft cases in which victims’ information was used to apply for government benefits like unemployment compensation skyrocketed 2,920% last year – driven in part by the availability of federal funds for financial relief during the COVID-19 pandemic.