Identity Theft 101
You can’t miss the stories, and you probably know at least one person with an identity theft nightmare tale. So what are you doing to protect yourself from this kind of fraud when using the internet? While there are a few different ways for hackers and scammers to try to steal your information, identity theft protection doesn’t have to be difficult.
Some easy ways to reduce the risk of identity fraud include keeping a close watch for phishing emails and scam calls and texts, keeping security software installed and up to date on your devices, only providing sensitive information to people and organizations you trust and keeping an eye out for any fraud if you know you’ve been caught up in a data breach.
What is identity theft?
An identity theft scam refers to someone falsely using your identity to commit fraud. This could include someone using your name and credit card or banking information to make purchases or send money, someone impersonating you to your coworkers or loved ones to request money or sensitive information, or someone using your information to get government documents in your name.
To impersonate you for financial fraud, a criminal often needs some information besides your name, such as a credit card number, account number or Social Security number. That’s why it’s a good idea to be cautious when sharing this kind of account information, both online and in person. Carefully storing paper documents with this information, and shredding them before you throw them out, is also a good idea.
Identity theft and phishing
Phishing is a spam email or other online message that attempts to trick you into sharing sensitive information. A phishing email might impersonate a website where you do business and ask you to log in to a fake version of the site in order to steal your username and password. Other phishing emails might impersonate your employer or bank in order to get you to share account information or sensitive company documents.
To protect yourself online, check your email program and use online security software. Talk to your internet service provider if you have any questions. Some email programs have protection built in, and many providers offer security software to automatically detect phishing and other spam emails. You also can take steps yourself to watch for phishing emails, which often can be detected by signs like misspelled addresses and domain names. If you’re in doubt about whether an email is legitimate, try to contact the supposed sender another way, such as by sending an email directly, calling them on the phone or visiting what you know to be their website. If you suspect an email is a phishing message, avoid clicking links on it because they could lead to malware that will infect your computer.
Phishing can also come through phone calls you receive and suspicious SMS texts sent to you. If someone calls you claiming to be a creditor or even a government agency like the Internal Revenue Service, call the company or agency back directly rather than giving any sensitive information. Be especially wary of any calls claiming that you must pay a debt immediately or that you should pay it in an unusual way, such as using gift cards.
Securing your devices
Part of sensitive data protection involves keeping devices you use to access the internet secure, so that identity thieves can’t access them or put malware on them to siphon off your information.
Try to keep your computer or smartphone current with the latest updates from your operating system maker, especially security updates. Old versions of software can contain known flaws that hackers can use in a cyberattack. Run antivirus and firewall software if it’s available for your device, and keep that up to date, too. If you see that your device is behaving unusually, displaying programs you don’t recognize or ad popups are randomly appearing, be careful about accessing anything sensitive like your bank account until you are able to get it checked out. To make sure your device is secure, you can talk to your internet provider about device security protection or find online security protection for both Android and iOS devices.
Passwords are key
Having good password hygiene is one of the easiest steps you can take to keep your personal data and devices secure. Make sure you create strong passwords, never use them more than once and store them somewhere secure.
A strong password should be 12+ characters, capital and lowercase letters, special characters and numbers. Passwords should never be reused or be similar to other passwords. The easiest way to manage this complexity is through a password manager. Many have the capability not only to store your passwords, but also to generate strong ones and to notify you if you have any weak or repeated passwords. Talk to your internet service provider about password management tools they might provide.
Handling data breaches
Data breaches are frequently in the news. If you haven’t been already, you may at some point be contacted by a company or government agency you do business with notifying you of an information security incident that led to your data being exposed.
If this happens, try to determine what information was disclosed. While some data, such as your name, address, age or Social Security number, can’t be changed, if a bank account or credit card number is compromised, you may want to contact your financial institution about changing the number so identity thieves can’t use it to access your bank account or run up credit card charges.
You will likely also want to change any password connected to the data breach in case it was compromised. It’s critical to use different passwords with different institutions, so that hackers can’t take your password from one site and use it on another if a password is stolen. You can also see if the company that was the victim of the breach will provide credit monitoring, which will notify you if someone attempts to open a new account in your name.
Whether you know you’ve been exposed in a data breach or not, it’s generally a good idea to keep an eye on your financial statements, like bank statements and credit card bills, to make sure there are no charges you don’t recognize. If there are, contact the financial institution in question as soon as possible to tell them about the unauthorized transaction and hopefully get your money back—and definitely change your account information.
Join the conversation