Things You Need To Do To Prevent Identity Theft But Didn’t Already Know

It’s the 21st century and everything is now digital including your legal identity. We all so tired of hearing that we should change our passwords and the like that we have now tuned out much of the conversation about security but periodically we really need to tune back in and think about what our risks factors are. Now is one of those times.

In this short article we expose 10 of the most important ways to protect yourself from identity theft:

Transaction Notification – Many credit and debit cards now provide a no cost option to send you an email or text after every transaction. Normally you just have to log into your account and turn that setting on. If you see a transaction that is not yours you can act within hours rather than in weeks after your monthly statements have arrived.
.
Don’t Take Surveys at Home or Work – One way ID theft practitioners get your information is simply to ask you for it. Many people just volunteer personal information to complete strangers. Things like the age of your kids, the type of car you drive, your title, religion, age, bracket… can all be added into a larger pool of data that an Identity Thief has on you already. This will make getting a credit card or loan in your name much easier. This article from the Australian Government explains a common twist on the survey scam.
.
Use “Near Dates” on Social Media – A ‘Near Date’ is a date that is close to correct, but isn’t. So if your birthday is Sept 10, 1967 enter it in your Facebook, Snapchat and Twitter profile as Sept 1, 1976. You can tell your long term real friends about it but strangers that ‘friend’ or ‘like’ you to get access to your profile, won’t get very far trying to drain your bank account with wrong information. Another thing is to be consistent with your near dates. Use the same fake dates on all your public systems.
.
Know Your Mail – Most people get their credit card statements and other bills by mail. This includes both old school snail mail and email. If you find that mail you used to get is no longer arriving, maybe someone has redirected it to a new address so that you don’t find out until it is too late that they have taken your money. One of our staffers had their neighbors take their American Express replacement card and then all of their subsequent Amex bills so the neighbor could use the card to buy electronics.
.
Proactive Fraud Alert – If you had any of your identity documents (like your passport, drivers license…) go missing, you can have the major credit rating agencies like Equifax and TransUnion put a “Proactive Fraud Alert” on your file. This will tell anyone checking your credit (like a credit card company after a ID thief tries to increase your credit limit or if someone is trying to remortgage your home, or if someone is trying to put a lien on you car) that they need to carefully validate the person using claiming to be you. In Canada this service costs just $5 and lasts for 6 years. Equifax in the US offers a free 90 day Fraud Alert.
.
Mobile is Risky – Every year smartphones become more widespread and much like the PC industry of the 1990’s, their applications are built for functionality first and security second. You iOS or Android device is 5 times more likely to be infected than your PC or Mac is. If your iPhone is infected with a keylogger (a hidden program that transmits all of your keystrokes to a hacker) you will be giving up your usernames and passwords. Take a look at this article from late 2014 talking about the new iOS 8 app that flat out tells you it is going to send everything you type into your iPhone to the apps developer. Only use mobile apps for banking and other secure transactions when you really need to but generally use your home PC.
.
Save Your Usernames – This sounds counterintuitive but it is a good idea. If you have keylogger malware on your computer or mobile device and you manually enter both your username and password, the identity thief now has all they need to take your money. You can cut your risk of loss by only typing in part of your credentials each time. Specifically, if your username / bank card number / email address… is already cached in the program you are using, a keylogger will only get your password. While this is a big deal, it is so much better than giving away both your username and password!
.
Get A Copy of Your Credit History – In most countries getting your actual credit history (and not some fictitious ‘score’ from a service like Credit Karma) is free. You simply need to contact TransUnion or Equifax and they will send you a copy in the mail without cost to you. You can then review it and look for anomaly’s. HERE is the link to the form for Equifax Canada’s free report
.
Use a PIN or Other Login Method on Your Computer – Because most people use the same password for many web sites and systems, a hacker can safely assume that your computer password will be the same or very similar to your banking password. But hold on, how could a four digit PIN number be waaaay more secure than a long complex password, you ask? Good question. Windows 10 and other operating systems now offer what is effectively a ‘local password’. I say local because if someone tries to use that passcode on a different computer, it will fail. That means if some Russian hacker tries to enter the code on any of your accounts, it will not work. They need to be physically on that device and if that is the case, you have a very serious problem. Even better is eliminating your computer passwords altogether by using biometrics. Today facial recognition (in Windows 10 called Windows Hello) or a finger print swipe are common and in the very near future logging in with a retina scan or by using a watch that tracks your unique heart rhythm will be widely available.
.
Don’t Underestimate an Identity Thief’s Effort – It used to be correct to think that hackers and thieves will only go after the rich and powerful but that is no longer the case. Even if you are poor, you likely have easy access to between $5,000 and $50,000 in credit. How much effort would you put in for say $15K? Today thieves and hackers can pay someone in China or India $250 to ‘dox’ you. That means spending a few days or a few weeks collecting private information on you. They will call your kids at home to find out your schedule. They will call your office and pretend they want to lodge a complaint when all they really want is to find out your title, who you report to, your private cell number… . They will troll your social media sites and ‘friend’ you to get details on your private life, critical dates, possible passwords and even when you are out of your house on vacation… what a great time to break in. There have been TWO incidents in 2016 we are personally aware of in which identity thieves hired people to physically attend the University of executives kids so they could befriend them and steal personal information. In both cases that information was used to steal millions of dollars from their fathers companies.
.

Take a look at this amazing hack in which and Identity Thief sweet talks her way into getting access to a near complete strangers account in less than a minute. If you had turned on email notifications of any changes or purchases, you could have blocked it. This video demonstrates what we in the industry call ‘Social Engineering’ and it is happening thousands of times every day:

Beyond all the hacking and malware that Identity Thieves go through are the professional data collectors that know… well… EVERYTHING about you. From your ‘time of the month’, to your exact income, to your first born childs credit score. If you think we are exaggerating watch this short 60 minutes video from 2014 and think about how we collected more data exponentially every year.