With Data Privacy Day coming up on January 28, now’s the time to turn over a new leaf when it comes to protecting your personal data.

I consider myself pretty savvy when it comes to protecting my personal data. But last year I nearly fell for a phone scam from someone purporting to be an IRS agent. In my own defense, it was an impressively creative scam. It was also a reminder that there is no limit to the ingenuity thieves will employ in their quest to steal nuggets of personal information.  

Data privacy today is a hot issue—so hot that states from Washington to Florida are rushing to enact new privacy laws. In 2023 alone, seven states signed comprehensive privacy legislation into law. With Data Privacy Day coming up on January 28, now is a good time to spotlight some of the common schemes bad actors will use to get their hands on your data, and to review steps you can take to avoid them. 

A masterclass in social engineering—almost

But back to that oh-so-clever IRS scam. The caller launched into his spiel by sharing with me his name and IRS badge number. Meanwhile, in the background I heard the sounds of a busy office—phones ringing, other agents answering calls and talking to customers. The production values were Netflix-worthy; it was largely these that kept me from hanging up. Surely no scammer would go to the trouble of recording a workplace soundtrack! 

The agent’s acting skills weren’t too shabby either, at least initially. The thrust of his strategy was to get me to give him my current address under the guise of needing to confirm my identity before we could continue the call. He already knew a lot about me, including my name and a previous address. When I balked, he shared some story about my identity having shown up in a drug bust in another state. Even that was vaguely plausible, because I’d lost a wallet with my ID and credit cards a year prior.  

But something didn’t add up. Why would the IRS have this information, and why would they be sharing it with me? It was more likely that my lost wallet had provided a windfall of useful data to criminals, and now they needed a few missing items—such as my current address—to complete the theft of my identity.  

Finally, as I started to hang up, the actor blew it, saying I’d have law enforcement at my door the next day if I didn’t comply. Too bad. He’d been so close to getting my Oscar vote. 

 Think twice before you click, share, or respond

Not all attempts to pilfer the crumbs of your personal information are as elaborate as my IRS call. Some phone phishing scams are as simple as a caller saying, “This is tech support, can you confirm the last four digits of your social security number?”  

And then there are smishing scams—phishing via SMS—where you get a friendly-seeming text from an unknown number such as, “Hi Brenda, are you still coming over?” If you respond, even in jest, you’ve just helped a scammer confirm your name and/or phone number. 

Social media is a fertile playground for cybercrooks looking to relieve you of your personal data. Who amongst us has not come across innocent-seeming quizzes and surveys in our feed like this one: “Your stripper name is your first pet’s name and the street you grew up on”?  Sure, you may get a giggle from some of the responses (“Pancake Ascot,” anyone?), but the reality is bad actors use such social-sharing ploys to mine data on you and your friends—data that could help them guess passwords and/or answers to security questions. Avoid clicking on these schemes and do not share them. 

Other common social media schemes include requests for cash, friend requests from strangers, friend requests from existing friends (these invariably come from a hacked account), and clickbait that takes you to a fake login page in a ploy to capture your credentials, to name a few. 

How to protect your data and privacy

Here are a few basic steps. 

• Don’t overshare on social media. Limit what you post, especially when it comes to quizzes and games. And make sure the only “friends” you share your data with are your real-life friends. That photo of your new car could include your license plate number, which a criminal might find useful. And that scooter or e-bike route you shared could give away your street address. 
• Use strong passwords. You’ve heard it a thousand times, and with good reason. Instead of recycling old, easy-to-guess passwords, opt for passwords that are long, random, and unique. You can use a password manager to help you remember them. 
• Use multi-factor authentication (MFA). It’s like double-locking your front door. In addition to a password, MFA requires you to enter a second identifier to authenticate yourself. This can be an app notification, a text message to your smartphone, or a biometric. If a criminal compromises your password (first lock), your second identifier (second lock) can help keep your data safe. 
• Audit your apps and logins. Delete apps you don’t use anymore or don’t recognize, especially if their data-sharing practices sound offensive. If you want to opt out permanently—for example, if you don’t trust a company—you’ll also want to delete your account. And think twice before using tech giants to automatically log in to your apps and websites. Doing so allows them to harvest even more of your data.  
• Keep software up to date. Operating systems, browsers, apps, streaming devices, routers—you name it. Updates often include patches to fix bugs and security problems. Running older versions of software exposes you to attack. 

• Protect your device from malware. As a final backstop against malware and other threats that may have infiltrated your device, install malware protection such as Avast. 

In 2024, treat your data and privacy as the precious resources they are.