Your name, social security number, address, date of birth, driver’s license number. Vital pieces of information that create your identity. Combined, they make you who you are to others. You need them to identify yourself when you go to work or school, apply for credit cards and bank accounts, or get a passport or ID. They’re essentially your keys to the world.

Without them, who would you be? How would you prove who you are to the world?

Dave Crouse was forced to face that reality.[1]

“I have no identity,” said fifty-six-year-old Crouse in an interview with MarketWatch. “I have no legacy. My identity is public knowledge and even though it’s ruined, they’re still using it.”[2]

In six short months, the criminals had slowly but surely charged over $900,000 to his debit card. He fought tirelessly against the attacks and attempted to salvage his finances, but ultimately those attempts cost him almost $100,000. He drained his savings and retirement accounts in the process. Even his once stellar credit score, formally a 780, has plummeted.[3]

Crouse was a favorable target for a cyber-criminal. He was a frequent online shopper, and he did the majority of his banking online. He would frequently use his debit card during his shopping sprees without using any additional protection measures such as PayPal. One of his favorite pastimes was downloading songs from file sharing websites, which are notoriously riddled with malware.[4]

The first suspicious activity in his account occurred in February of 2009, but Dave dismissed the charges since they were for small amounts of $37 and $17.98.[5]

He was financially secure, and at the time, he had a job in the construction industry making $180,000 a year. The account he did most of his spending out of typically had around $30,000 in it at any given time.[6]

In March, he was laid off from his job. His former $2,300 a week income shrunk to $780 biweekly unemployment checks.[7]

Unfortunately for Crouse things really took a turn for the worse in August. “All of a sudden it really got bad,” he recounts. “In August the charges hit big time—$600, $500, $100, $200—all adding up from $2,800 to $3,200 in one day.”[8]

Once he discovered the fraudulent charges, he immediately contacted his bank and began the long process of filling out affidavits, forms swearing he was not responsible for the charges on his account. He says he filled out about twenty affidavits, and one day he filled one out concerning a charge and the following day the bank accepted similar charges nearing $4,000.[9]

“At that point I was going to the bank every day and looking at everything,” he said.[10]

Even after he closed his debit account, his other accounts were still getting drained daily. Crouse then decided to go to a new bank and open a new account, hopeful his information was safe there. The next day both accounts, the new and old one, were fraudulently charged for $1,100.[11]

Crouse felt defeated.[12]

His new bank explained to him that he was very likely a victim of a cybercrime. His bank advised him it was a malicious program that had been installed on his computer without his knowledge while he was visiting one of the file sharing sites he frequented. They theorized he was a victim of was what is called “keystroke malware.”[13]

If this was the case, the cyberattacker was tracking every key he struck on his computer—from his passwords to his banking information—and that’s how they picked up all his personal information.[14]

Malicious software, or malware, such as keystroke malware is often not a targeted attack. When this type of malware is created, it is created to produce as much impact or financial gain as possible with as little effort as possible. It is sent to as many people as possible so it is given a greater chance of giving the attacker a return on his investment.

It’s also possible that Crouse’s information was being sold on the dark web. He reported that people in multiple locations in Florida; Brooklyn, NY; and North Carolina were using his identity to make purchases.[15]

It’s common for cybercriminals to sell personal information on the dark web for as little one dollar for a social security number. Prospective criminals can also buy what’s known as a ‘“Fullz,” a full package of someone’s personal information (including the victim’s full name, social security number, birthdate, account numbers, and other sensitive information) for about thirty dollars.[16]

“It was nasty,” he said, admitting he even contemplated suicide. “I just couldn’t take it. I didn’t feel like a man anymore. I was violated, and I didn’t know what to do.”[17]

His identity—Social Security number, address, phone numbers, name, even his old information—is still being used in attempts to open new credit cards and bank accounts.[18]

You might believe that Crouse’s case is an outlier, but unfortunately, you would be mistaken. His case is much more common than you may think.

The Internet Crime Control Center (IC3)—the FBI’s department for cybercrime reports and investigations—reported that in 2019 alone there were 68,649 victims of personal data breaches, identity theft, and credit card fraud, and they lost a total of $391,899,453.[19]

Perhaps you believe you have no reason to be concerned about your personal cybersecurity because you believe there is nothing you can do to protect yourself or that it is the responsibility of corporations to worry about cybersecurity. Yet I spoke to some experts who believe we can all become more responsible cyber citizens.

This book explores some techniques that can help you secure your identity as you navigate through the modern world. No one can reduce their risk of being a victim of cybercrime to zero, but you can be one step ahead.

The Power of Connection

Our world is becoming more interconnected by the minute, and this is a good thing in many ways. We use our devices and the applications they host to connect with the people that we care about.

Our phones and computers have become a gateway for connecting with amazing people and learning wonderful, new things. The Internet and the devices we have been able to create and connect to it have improved our lives in many ways.

Today, most of us would not be able to imagine our world without the joys of our smartphones, social media, and the Internet.

In 2020, currently, around fifteen billion Internet of Things (IoT) devices are connected to the Internet. IoT devices are defined as devices “connected to the Internet and so can share data or otherwise communicate with each other and with users.”[20]

In the consumer space, these “things” are most commonly smartphones, laptops, wearable devices like smartwatches and connected medical devices, smart home devices, and connected vehicles.

It is projected that there will be forty-one billion IoT devices connected to the Internet by 2027, and in 2019 there were only eight billion devices connected.[21] As you can see, the Internet of Things is growing at an exponential rate, and it’s showing no signs of slowing down.

As more everyday items in our lives become connected to the Internet from our refrigerators to our watches to our light switches, every device you connect becomes a potential access point for a hacker or malicious actor. This increases your chances of becoming a victim of a cyberattack if you don’t consider the risks of these devices and take steps to minimize them.

According to a study done by Pew Research in 2019, 81 percent of Americans admit to going online daily. This includes the 28 percent of people who reported that they are online “almost constantly” and the 45 percent that claim to log on several times a day. Eight percent of the population only gets connected a few times per week or less. Only 10 percent of American adults reported they did not use the Internet at all.[22]

Looking at these statistics, you’re likely someone who goes online every day, just like I am. I would actually put myself into the “almost constantly” online category.

However, that level of connection and near-constant use of the Internet and Internet-connected devices comes at a cost.

“Cyberattacks are occurring every single day, targeting anybody from somebody who has five dollars in their bank account to up to fifty million,” said Dr. Eric Cole, former chief technology officer at McAfee, former chief scientist at Lockheed Martin, and member of the commission on cybersecurity under President Obama, in an interview with me.

Regardless of who you are, what your income level is, or what type of job you have, you could be the target of a cyberattack. This is why it is important for every individual who uses the Internet to learn how to use it responsibly and take personal control of their cybersecurity.

Many people think and believe cyberattacks only affect companies, and therefore individuals don’t really need to think about cybersecurity.

It’s also a common belief that everyday people don’t need to have any knowledge of technology or cybersecurity. Many individuals have developed an indifference toward the security of their private information, and they believe they don’t care what happens with their cybersecurity.

When I became aware that my online activity increases my risk of being a victim of a cyberattack, I changed my online behavior and adopted healthier cyber habits. I realized that increased exposure is equivalent to increased risk.

However, I have come to believe something else.

Cyberattacks can, and very likely will, affect you. Anyone can be a victim of a cyberattack, it’s just a matter of the impact and the timing, which is why everyone can benefit from having knowledge of technology and cybersecurity in their daily lives. I learned this lesson first-hand during my junior year of college.

In 2019, IC3 reported that cybercrimes accounted for $3.5 billion in victim losses. The IC3 received over 1,200 complaints concerning cybercrimes or a suspected cybercrime per day.[23] Not all victims of cyberattacks report their situation to the IC3, so the figures are an underestimation of the true impact of these crimes.

Fortunately, I also learned you don’t have to trade the enjoyment of being connected for enhanced cybersecurity.

Discover Your Curiosity

Living in the modern world is hard enough without having to worry about the safety of your personal information, but you can no longer make the choice to opt-out of understanding the fundamentals of technology and cybersecurity. This is why everyone needs to develop a sense of cyber curiosity.

If you use the devices, you have to know how to operate them safely for your own protection. This book will teach you how to better secure your personal data from attackers, how to assess the risks and benefits before you buy or install a new smart device or application, and straight-forward tips to tighten your cybersecurity.

In preparation for writing this book, I have curated research from scholarly sources, first-hand accounts of cybercrime victims, insider knowledge from my peers in the cybersecurity community, and primary interviews and exclusive insights from some of the brightest minds in the industry. Many of the people who I’ve chosen to interview for this book have been working in cybersecurity since before it was a considered a “real” thing. They’ve previously lent their skillsets to organizations like Pinterest, IBM, McAfee, and the White House.

My hope is that you will have a better understanding of cybersecurity as a multidisciplinary subject and understand why considering it a problem for the IT department is an off-base assumption.

Don’t wait until you’ve become a victim of a cyberattack to make a change to your habits, as it may be too late. Anticipate risks and take the measures needed to protect yourself and your family.

Topics this Book will Explore include:

How to Define Cybersecurity

Cybersecurity in Business

How and Why the Internet Was Created

Why Personal Cybersecurity is Important

Cybercrime and the Dark Web

Personal vs. Identifiable Information

Malware and the Booming Spyware Industry

How to Avoid Being Scammed Online

The Privacy Paradox

Big Data and Ethics in Technology

My intention is for this to be a guidebook for those wanting to protect themselves and their families as they navigate cyberspace in their daily lives. This is why Part 3 is dedicated to tips and Chapter 13 is dedicated to protecting vulnerable populations like children and the elderly. I will also explore and explain how psychology, human behavior, ethics, and privacy play a large role in the study of cybersecurity.

Footnotes

[1] Jennifer Waters and MarketWatch, “Identity Fraud Nightmare: One Man’s Story,” MarketWatch, February 10, 2010.

[2] Ibid.

[3] Ibid.

[4] Ibid.

[5] Ibid.

[6] Ibid.

[7] Ibid.

[8] Ibid.

[9] Ibid.

[10] Ibid.

[11] Ibid.

[12] Ibid.

[13] Ibid.

[14] Ibid.

[15] Ibid.

[16] Brian Stack, “Here’s How Much Your Personal Information Is Selling for on the Dark Web,” Experian (blog), Experian, December 6, 2017.

[17] Jennifer Waters and MarketWatch, “Identity Fraud Nightmare.”

[18] Ibid.

[19] US Federal Bureau of Investigation, Internet Crime Complaint Center, 2019 Internet Crime Report (Washington, DC, 2019).

[20] Bethany Groff Dorau, “Internet of Things: Overview,” Points of View: Internet of Things 1, no. 1 (October 2019): 1–3.

[21] Peter Newman, “The Internet of Things 2020: Here’s What over 400 Iot Decision-Makers Say about the Future of Enterprise Connectivity and How Iot Companies Can Use It to Grow Revenue,” Insider Inc., March 6, 2020.

[22] Andrew Perrin and Madhu Kumar, “About Three-in-Ten US Adults Say They Are ‘Almost Constantly’ Online,” Pew Research Center, July 25, 2019.

[23] US Federal Bureau of Investigation, Internet Crime Complaint Center, 2019 Internet Crime Report (Washington, DC, 2019).