Identity Theft, Cybercrime, and Small Businesses: What Happened to Me and How to Protect Yourself
To my loyal subscribers, thank you so much for your thoughtful emails asking what happened to Aimee’s Babies. I appreciate your inquiries about my lack of blogging, my lost STEM Starts Now Newsletter archive and my paused videos. It is nice to be missed and I really appreciate your concern. It has been three months since the hack and identity theft that brought my entire small business to its knees. I decided to write this blog post to explain what happened to me and my business when I read this fact: “female-owned businesses intended to “do good” with a large online presence are huge targets for hackers.” This. is. Infuriating.
This makes me really mad, but it also makes a lot of sense. Women who own small businesses are busy and less likely to check the workings of our digital content daily. We are efficient, so our digital content tends to be automated so we don’t need to check it daily. We are less likely to carry costly cyber insurance. We tend to be more trusting. And this is the part that really burns me up, because our businesses are often geared toward children or a social mission, we are the perfect front to hide behind.
It turned out that was exactly what happened to me. I had a whole crime ring setting up shop behind Aimee’s Babies because it makes a good “wholesome-looking” front. The bad guys hacked into every one of my platforms and wreaked havoc in every possible way, creating fake websites, e-mails, and campaigns all on my sites (and on my dime), and then just for fun they cleaned out my personal savings account. Every device I owned was violated and every aspect of my life was disrupted. They stole my identity, created new accounts, paralyzed my business, and the fallout even affected my passport, streaming services and personal bank accounts. It has taken months to recover and re-build and I am only halfway there.
The thing that was most surprising to me about identity theft is the shame associated with it. I felt so embarrassed and humiliated and sure that I had done something wrong that brought this on myself. As I always do when faced with something challenging, I threw myself into research. I wanted to understand everything that had anything to do with cyber security and identity theft. I read every article, blog, book, and reddit post on the topic. I listened to podcasts, reached out to experts, and even subscribed to Masterclass so I could watch their docuseries on cyber security. I informed myself as much as I possibly could to empower myself to ensure that this never happens again. A lot of the resources focused on the shame that victims often feel. Because of this shame, we rarely share our stories, but that is so unfortunate, because sharing our stories could protect others. One expert who was interviewed on a podcast said their number one piece of advice after identity theft is to get a therapist! I laughed out loud, but then I thought, yeah, this is the biggest mind-fuck I have ever experienced!
The one fact I read and hear over and over is “it is not a matter of if you get hacked, but when”. Cyberhacking is big business and it is everywhere and it will happen at some point in some capacity to pretty much everyone. I know that is scary as hell, but the good news is there are ways to protect yourself.
So here you go, this is my cyber security 101. I am by no means an expert, but I am going to tell you everything I have learned and what key pieces of advice were repeated in my most trusted sources. This is advice that everyone should do right now, whether you have had theft and compromise or not.
Freeze your credit.
Do this with all three bureaus.
Experian
Website: https://www.experian.com/freeze/center.html
Phone: 1-888-397-3742
Equifax
Website: https://www.equifax.com/personal/credit-report-services/
Phone: 1-800-685-1111
TransUnion
Website: https://www.transunion.com/credit-freeze
Phone: 1-888-909-8872
A freeze prevents anyone from opening accounts in your name, even if the bad guys know your Social Security number. I froze my credit immediately after my hack. It was kind of like closing the barn door after the horse got out. If my credit had been frozen prior to my hack, I could have saved myself a lot of headache. The first thing the local police and the Identity Theft Resource Center asked was if my credit was frozen. It was very easy to do online at each site and literally took a few seconds. If I am applying for a loan or buying a car, I just have to go back to the websites and unlock it temporarily. Some people don’t want the hassle later, but the peace of mind now is totally worth it. I wish I knew about this sooner.
2. Change all your passwords and ensure that you never use the same password in more than one place.
I know, I know, this is a huge pain in the ass. I totally get it, but you will thank me for this one. Passwords are fairly easy to change regularly and this is really your gateway to keeping the bad guys out. Say you use the same password for Snapchat and your bank account. Some day when you hear that Snapchat had a data breach you might think “so what? The hackers probably won’t start snapping my friends.” No, but what they will do is far worse. They do an AI-enabled process called “password spraying” where they find all the accounts that use the same password and suddenly they are in your bank account. Change all your passwords every three months and make them all different. Use a password manager to remember them all. Make your passwords 16 or more characters with upper and lowercase letters, numbers and symbols and always set up multifactor authentication, and if you can use a passkey, (such as your fingerprint) that is even better.
3. Never use public Wifi
Prior to my hack, I used wifi on an Amtrak Train and I wonder if that is when the breach happened. I have since learned that public wifi is not secure and easy for hackers to get into your info. If it is password-protected by a business, it is more secure, but still not full-proof. I use my iphone as a hotspot now if I have to do work in a remote location. Turn off “ask to join networks” under Wi-fi on the settings on your phone. Always log out of wifi if you use it on your laptop. Ensure that sites you visit in wifi are secure (if they begin with SSL or HTTPS -versus HTTP-they are more secure)- FYI social media sites all start with HTTP.
4. Update the operating system on your computer and iphone as soon as updates are available.
Old operating systems are more susceptible to viruses and malware. Updates improve performance and reduce crashes because every computer and phone has hidden vulnerabilities, little cracks in the system and hackers spend all day searching for them. Apple, Microsoft, and Google release updates because they discover (often from hacker
attacks) that something is broken, and they patch it in the updates. If you don’t update, you leave that security hole wide open.
5. Consider signing up for an identity theft protection program that monitors your personal information such as LifeLock, Aura or IdentityForce
These services monitor your information across the internet, including the dark web, to detect fraudulent use and then they alert you to potential threats like new credit applications or data breaches, offering restoration services and reimbursement if your identity is compromised. These programs detect suspicious activity, alert you of potential fraud, and restore and fix issues if you become a victim. This gives us another level of peace of mind.
6. Update the Wi-Fi router in your home
Your Wi-Fi router is one of the biggest vulnerabilities in our homes. Criminals don’t need to come near your house; they can reach your router through the internet. Outdated routers expose all devices, allow “drive-by” hacking, leak your browsing activity, and potentially allow bad guys to monitor your traffic. Replace your router if it is more than 3 years old, restart your router weekly, update firmware every 3–6 months, use a long Wi-Fi password, not the one printed on the sticker.
7. Do not share your phone number anywhere
Your phone number is one of the MOST dangerous data points to expose
because your phone number can be used to reset almost every password, take over your Apple ID, break into your bank, hijack your Instagram, intercept 2FA codes, do SIM-swapping (frighteningly easy - the hacker calls your cell provider and gets your number transferred to a new SIM card). Never post your number online. I just removed mine from my business cards. I have had to completely re-think how I network and share my information for my business.
8. Turn off your bluetooth when in public
When left on, Bluetooth helps bad guys track your device, exposes your location, and allows silent connections in airports or hotels.
9. Do not use public charging stations
Public charging stations can have malware installed, it’s called “juice jacking”. Airports, hotels, and conference centers often offer these USB charging ports and they can be tampered with. Use your own charging block or a USB “data-blocker” adapter.
If you do get hacked, the first thing you should do is change all your passwords and your bank accounts. The second thing you should do is call the Identity Theft Resource Center at 1-888-400-5530. They are a non-profit that offers free assistance. They were amazing! They spent a long time on the phone with me answering all my questions and advising me. You are also supposed to report it to the Federal Trade Commission (FTC) but they were closed when I was hacked due to the government shut down. Apparently hackers work overtime during government shut-downs.
Honestly, you can make yourself crazy, but these are some tips to hopefully make you more aware and more confident with your security. I did not know any of this stuff prior to my hack, but I really want to prevent this from ever happening again, so now I am learning as much as I can! I hope this helps you in some way. Education is power and we need to educate ourselves for protection against these crooks! I build a small business to support parents; hackers used it as a front. Because of a few key strikes by a bad guy, thousands of parents no longer have access to my child development newsletters, but I am rebuilding my platform and it will be more secure, updated and better than ever, so thank you bad guys. You will not bring Aimee’s Babies down.
Immediately after my hack, I had to cancel work, meetings and obligations for almost a week to deal with all of this, so do yourself a favor, schedule some time in the next few weeks and secure your data. You will feel much better when you know you set up some protections for yourself and your family.