Risk Management

How to Better Prevent Costly Cyberattacks and Identity Theft

As technology continues to evolve, the need to protect yourself and your family against threats of identity theft and cyberattacks becomes more critical.
8 May 2026  |  5 min read
Share
article-header

In 2025, credential theft surged 160%, with 1.8 billion logins stolen in the first half of the year alone. AI-driven malware, phishing, and unpatched vulnerabilities are fueling a massive global wave of identity-based attacks (up 800%).1

While anyone can be a victim of identity theft, individuals with significant assets or high-profile positions face unique risks that can have far-reaching consequences. Whether you're a high-net-worth individual, a business owner, or simply someone who values their online security, understanding the threats and taking proactive steps can make all the difference in protecting yourself and your family.

Top Prevention Methods
  • Confirm the identity of individuals contacting you for information—even if it seems to be someone you know.
  • Protect your personal devices and disable unneeded services.
  • Add extra levels of protection on your accounts and data (i.e., multi-factor authentication, two-factor authentication).
  • Use secure methods of communication, especially when sharing personal and/or financial information.
  • Monitor your financial and personal accounts regularly.

Seven Trending Cybersecurity and Identity Theft Threats

Cybersecurity attacks often involve infiltrating an individual’s digital devices and/or accounts to steal information, assets, and money. If personal identity information is stolen, it can be used to impersonate the individual both online and offline.

1. Business email compromise (BEC) and phishing involves attackers manipulating individuals into giving up personal information, sending funds to a fraudulent account, and/or granting access to their accounts.

  • BUSINESS EMAIL COMPROMISE CASE
  • What it is
    BEC is a fraud scheme in which attackers impersonate a known contact to redirect a payment or extract sensitive information.
  • What happened
    Sally received an email with the subject line “Your Email Account May Be Compromised,” and because it all looked legitimate, she followed the prompts to log in and reset her password. This phishing email gave the attacker access to Sally’s email account.
  • How this impacted Sally
    With this access, the attacker noticed Sally was preparing to pay for landscaping, created a fake email address similar to the landscaper’s, and sent payment instructions to Sally. She authorized a transfer using the fraudulent instructions and only discovered the problem days later, when the landscaping company called about payme
  • Key takeaway
    Double check the sender on emails—even when they seem legitimate. Do not click on links in emails or follow instructions before affirming it is legitimate. If you are ever uncertain, call the sender on a known phone number to confirm the validity of the request—never use the provided information in an email to contact the sender.

2. Malware is software that is intentionally designed to cause damage to a digital device and can be unintentionally downloaded via fraudulent email attachments or links, compromised websites, or using an unsecure WiFi connection.
 

3. Data breaches / third party exposures occur when a provider (e.g., email, social media channel, healthcare, etc.) is hacked and the personal information of users is stolen.

  • DATA BREACH CASE
  • What it is
    Individuals’ personal information can be stolen when attackers hack into provider systems, which is known as a data breach.
  • What happened
    A company experienced a data breach, compromising the names and SSNs of their clients.
  • How this impacted Taylor
    Taylor’s information was included in the breach. Unbeknownst to them, the attacker used their name and SSN to file a tax return. Taylor only found out about the fraudulent return when their actual tax return was rejected.
  • Key takeaway
    Be proactive in protecting your personally identifiable information (PII) and identity. Freezing credit, signing up for a my Social Security account, and subscribing to identity theft protection are a few things to consider.

4. ATM and point-of-sale terminal skimming incidents occur when criminals install hidden electronic devices—including pinhole cameras—that record credit/debit card information at ATMs, gas stations, pharmacies, and other locations.
 

5. Mail and document theft can be avoided by using secure mailboxes or the post office, and by securely shredding and disposing of confidential documents.
 

6. With a stolen social security number (SSN), thieves can create new Social Security cards or steal your name and personal information and use the information to open credit cards or utility accounts, take out loans, and more.
 

7. As generative artificial intelligence (AI) evolves, the threats discussed in this section can be heightened by the technology’s ability to learn and adapt, which can make it harder to detect.

 

How Can I Better Protect Myself Against Identity Theft and Cyberattacks?

Confirm the Identities of Individuals Contacting You

Confirming the sender on a communication involving sensitive information is critical for privacy and data protection. Some attempts may be recognizable as scams right away, but AI tools make it harder to detect fraudulent messages, voiceovers, and videos.

Double check:

  • Ask the individual a question only they would know the answer to (e.g., Where did we first meet?).
  • Consider the method of contact. If it’s someone you know, is this the account they typically use? Is this the way they usually contact you? 
  • Check the email address. Is the email address spelled correctly? Is it coming from the correct domain (e.g., .com, .gov)?
  • Look for spelling and grammatical errors. 
  • Watch for overly urgent messaging. An attacker will often demand the information immediately, fabricating a reason for the urgency. 
  • Confirm via another contact method, if possible. For example, if they request sensitive information over email, call them at a trusted number to confirm. 
  • Avoid clicking links or downloading attachments from any messages that seem suspicious.  

 

Protect Your Personal Devices

Protect not only your and your family’s phones, but all your personal devices.

  • Keep computing devices patched or up to date with security and software updates from your device and cellular service providers.
  • Disable unneeded services. 
  • Enable Find My Device capabilities.

 

Safeguard Your Accounts and Data

Password management and multi-factor authentication (MFA) best practices include:

  • Use long, non-alphabet type passwords that are hard for a computer system to guess. For example, you could take a line/quote from a book or speech and use the second character from each word and add a numeric and special character (e.g., “Four score and seven years ago our fathers brought forth, on this continent, a new nation...” password: ‘ocneeguar0,nho,Aea’).
  • Avoid reusing passwords and change them periodically.
  • Never use email to store usernames, passwords, or PINs.
  • Set up MFA—an extra prompt like entering a one-time password (OTP) or using a biometric unlock—in addition to your password on any accounts that offer it and also on your devices.
  • Work with your email or phone provider to explore more protection options regularly as they frequently evolve based on the threat landscape.

Protect your government accounts. For individuals with a US SSN, set up a six-digit Identity Protection Pin through the IRS to protect against fraudulent tax returns. Create a my Social Security account to monitor any action on your SSN. 

 

Use Secure Methods of Communication 

Use your personal cellular service (‘personal hot spot’) or virtual private network (VPN) instead of public WiFi in airports, hotels, and coffee shops—especially if you are accessing financial or sensitive information. Ensure automatic WiFi connectivity is turned off.

 

Monitor Your Financial and Personal Accounts Regularly

  • Monitor credit cards and bank statements for any unauthorized charges or transfers. 
  • Consider protection and monitoring solutions. While it is important to regularly monitor your accounts, it can be a time-consuming task. Professional solutions are available to protect your accounts and alert you to suspicious activity. This can be an added layer of protection that provides time savings and peace of mind.

 

Connect with your Goldman Sachs team for more information on protecting yourself from cybersecurity and identity theft threats.

Related Tags
More Insights
View All

1 Security Daily Review. Credential Theft Up 160% in 2025: 1.8 Billion Logins Stolen in First Half of Year. August 14, 2025.

This material is intended for educational purposes only and is provided solely on the basis that it will not constitute investment advice and will not form a primary basis for any personal or plan’s investment decisions. While it is based on information believed to be reliable, no warranty is given as to its accuracy or completeness and it should not be relied upon as such. Information and opinions provided herein are as of the date of this material only and are subject to change without notice. Goldman Sachs is not a fiduciary with respect to any person or plan by reason of providing the material herein. Information and opinions expressed by individuals other than Goldman Sachs employees do not necessarily reflect the view of Goldman Sachs. Information and opinions are as of the date of the event and are subject to change without notice.

© 2026 Goldman Sachs. All rights reserved.

 

Goldman Sachs & Co. LLC is registered with the Securities and Exchange Commission (“SEC”) as both a broker-dealer and an investment adviser and is a member of the Financial Industry Regulatory Authority (“FINRA”) and the Securities Investor Protection Corporation (“SIPC”).