Locked & Loaded

Identity Theft Revisited

In the wake of the recent Equifax data breach, I thought I’d update and republish my article on identity theft from earlier this year. Identity theft is becoming a greater concern as our personal information becomes easier for thieves to access. While you can’t stop someone from hacking your employer’s or your favorite retailer’s data centers, there are things that you can do to reduce the likelihood of having your information stolen and minimize the potential losses if a theft occurs.

 

If you haven’t heard, Equifax had their database hacked in July. This breach may have impacted 143 million US customers. For more information and to determine if you might be impacted by this breach visit Equifaxsecurity2017.com.

Credit agencies – Take advantage of your free annual credit report by visiting www.annualcreditreport.com. This will let you see if anyone has been adding accounts under your identity.

You may also want to contact the major credit bureaus to freeze or restrict your credit. That could help prevent someone from being able to take out a new credit line in your name. As I recently learned with some of my clients, credit freezes can also restrict someone’s ability to open a new bank or investment account under your name.

Each agency may charge a fee for freezing and unfreezing your credit unless you are already the victim of an identity theft. However, some credit agencies provide a free service that is similar to freezing your credit. Keep in mind that the time and cost for setting these up are minimal compared to the time and cost of resolving identity theft.

Also, if you have minor children, you may want to look into freezing their credit. Someone using your child’s credit could go undetected for years or decades before the theft is discovered. This would be a horrible way for a child to start their independent, financial lives. Each state has its own laws and permitted fees regarding credit freezes for minors. Check with each credit bureau for their policies.

Visit these sites to learn more about freezing your credit:

Transunion.com/credit-freeze/place-credit-freeze2

Equifax.com/CreditReportAssistance/?/CreditReportAssistance

Experian.com/freeze/center.html

Innovis.com/securityFreeze/index

Online Data – Be smart when you’re online. Social media is a great way for thieves to learn more about you. Take steps to limit the amount of personal information you share (employer, where you’ve lived, family members, etc) and make sure that your privacy settings limit what others can see about you. It might be okay for your friends to see what you’ve been up to, but you don’t want just anyone being able to see your social-media feeds. You don’t want to give potential thieves a heads up, so consider posting those family vacation pictures after you return.

When you make online purchases, resist the temptation to store your credit card online with that company. While it will make repeat purchases easier, it leaves your information with their data center and we have all seen in the news how vulnerable that can be.

You may want to do an online search of your name from time to time. By doing so, you’ll be able to see what others can see and if someone has created other online profiles with your name.

I recently read an article online (Time.com/money/4634434/family-tree-now-opt-out-protect-yourself)) about a website that provides anyone with the ability to pull up your name, age, past residences, past phone numbers, and others with whom you may have been associated (family and friends). If you see a site such as this, you may want to take a few minutes to go through their opt-out process to help keep your information private.

Passwords – There are so many places that require passwords that people often create one that is easy to remember and use it for every site they can. The problem is that easily remembered passwords are also easily hacked, and passwords used on multiple sites create more opportunity for thieves. Take the time to create complex passwords and update them every few months. Also, don’t use the same password for all websites. If you’d like to have all of your passwords in one, easily-accessible place, consider doing some research for a password manager.

Keep in mind, that Equifax allegedly used the user name “Admin” and password “Admin” for access to their database. I highly suggest using passwords that are more creative and complex.

Also, consider using two-factor authentication for all of your accounts (financial, email, Apple products, social media, etc.). With two-factor authentication, you typically get a text or email with a code after you enter your password online. This helps to verify that you’re the one trying to access your account. If someone else tries to access your account, you should be immediately aware as you’ll receive a text or email with the code and you’ll know that you weren’t attempting to log into that service.

You may want to contact your credit card and service companies to ask that they put a password on your account. Ideally, they should require this password to provide information over the phone about your account. This limits someone from getting your credit card number and having a new card issued to their address. If someone can easily find your family members online, they’ll be able to find the answers to traditional authentication questions such as your mother’s maiden name. When possible, choose to create your own authentication question.

Email – First, don’t open an email from someone you don’t know. Nobody is giving you $1,000,000. Second, don’t click a link or open an attachment, even from people you know, if it seems suspicious. Your friends don’t normally send a web link to you with “hey check this out.” We’re all busy, but don’t be too busy to carefully read and consider what you’re doing with an email.

Also, take the time to periodically look at the folders you have in your email account to make sure nothing new has been added. I’ve had several clients who had their email accounts hacked. The hackers set up a separate folder in their email account and started emailing companies in an attempt to get the client’s personal information or money. Fortunately for my clients, nothing was stolen, but you can’t be too careful.

At home – A couple of easy steps to take at home are forwarding or freezing your mail delivery when you’re away from home and shredding your personal documents. When you’re out of town, thieves can get your statements out of your mailbox and use those statements to forward phones, add on services to utilities, and have credit cards issued to a different address. Taking a few minutes to go to USPS online could save you countless hours of fixing problems down the road.

Make sure to shred your personal documents. Personal documents aren’t just those with your account number, birthdate, or Social Security number listed. Nearly all the offers you receive in the mail for things such as credit cards, personal loans, or home loans have tracking information on them that a thief can use. Those firms already have most of your personal information on file and the tracking numbers can help a thief skip a few steps while getting credit under your name.

Monitor your accounts – While it’s important to take steps to help prevent data theft, you also need to monitor your accounts for unauthorized activity. Yes, this means reading your statements. It can also mean using a service that allows you to review your account activity weekly.

Go online and log into your financial accounts (bank, credit card, mortgage, investment, retirement, auto, etc) to determine if they have an option for sending you alerts. These alerts might be able to notify you via text or email when there’s activity in your accounts or someone accessing your account online. For example, I have alerts in place with my bank to notify me when online or ATM transitions are made with my debit card.

Often someone will test your credit cards by charging a small amount a few times to verify that your account is active. You won’t notice charges less than $10 as they test your account if you’re not regularly watching your activity or if the financial institution isn’t sending you alerts. By the time a thief starts charging large amounts, it will be too late. While charges are often credited back by your credit card company, not all charges will be. Plus, it could take you hours of your time to file a claim and follow up with them to ensure the charges are taken off your account.

The Benjamin Franklin axiom that “an ounce of prevention is worth a pound of cure” certainly applies to identity theft. Only you can take the precautions necessary to reduce the likelihood of identity theft, and a little time upfront could save you a significant amount of time, stress, and money in the long run.