by Teresa Murray, Consumer Watchdog
One in 20 people is affected each year by identity theft or some type of fraud. Nearly everyone is at risk, given all of the data breaches in recent years. The Equifax breach of 2017, which hit half of the adult population, was particularly harmful, disclosing Social Security numbers, dates of birth and other information you can’t just change. We will all be feeling the effects of the Equifax breach for decades. Since that time, it’s important to remember the bad guys may already have a bunch of information about us and may use that to lull us into believing that they represent a company we do business with.
Just because some of your information may already be out there doesn’t mean you should sit passively. Here are easy steps you should consider taking to protect yourself:
1. Make sure your contact information is up to date with the banks, credit cards, investment firms and other financial institutions you do business with. You’d be surprised to learn how many people have fraud on their accounts and don’t find out quickly because companies don’t have a customer’s current cell phone number or even a correct email or mailing address.
2. With any company that offers it, opt in for two-step authentication for online access. This requires more than just your username and password. It requires a one-time code that is sent almost immediately by text or email and that you need to actually log in.
3. Sign up for transaction alerts with your financial accounts, so that you get text alerts or email messages about any withdrawals or transactions above a certain dollar amount, new transfers, payees added or any changes in contact information.
4. Watch out for links in emails or text messages that you weren’t expecting that bait you to click on them out of fear or curiosity. Your bank, credit card, the IRS, FedEx, etc. will never send you links asking for your login password or Social Security number or anything like that. If you get an email or text unexpectedly that you think could be legitimate, contact the company or agency at a number you look up independently. Even if you don’t enter information, just clicking on the link could infect your phone or computer with a virus that steals your information.
The same advice applies to messages on social media, such as Facebook. It's common for information-stealing viruses to be sent with a message like, "Is this you in this video?" Your instinct is to click and look at what the sender is talking about. Don't give in to the temptation.
5. Also be on the lookout for phone calls from people posing as your bank, the Social Security Administration, your health insurer, etc. Don’t provide or confirm any personal information to a caller you weren’t expecting. Just hang up politely. If you think the call could be genuine, contact the company or agency at a number you look up independently (using the back of your credit card, your account statement, etc.)
6. Protect your cell phone and primary email account that you use for financial accounts above all else. If someone is trying to breach your account and tries to reset your password, the notifications will generally go to your cell phone or email of record. Make sure the password for your primary email account isn’t used on any other account you have.
7. Keep an eye out for mail addressed to someone else that uses your address, or mail addressed to you that makes no sense: denials for loans you didn't apply for, health insurance statements for medical visits you didn't have, etc. Contact the sender by mail to get to the bottom of it.
8. For financial accounts online, don’t use the same password on more than one account. If there’s a breach or your account gets hacked, the thief can obviously do more damage if they can get into more accounts.
9. Never use a password that you use for a social media account such as Facebook or Twitter or Instagram on any other account, and especially not your email account or any financial account. Social media platforms are hot targets for hackers.
10. Be careful about joining WiFi networks in restaurants, hotels or other public areas. Many identity thieves create look-alike networks. Maybe instead of HILTON HOTEL, the imposter network is called H1LTON HOTEL. On a small screen, it can be difficult to tell the difference.
11. Consider buying a locking mailbox. A lot of important personal information can be stolen if someone raids your mailbox.
12. Consider whether it makes sense to sign up for online statements from entities such as your employer, your bank, your credit card company, etc., so that you don’t have to worry about the items getting in the wrong hands.
13. Whether you get your statements by mail or online, know when to expect them each month and reach out if something is missing. It could be a sign someone has intercepted the item or changed your contact information.
14. It’s old advice but worth repeating: Check your credit reports regularly to make sure there are no accounts or inquiries you don’t recognize. In normal times, you’re entitled to one free credit report per year from each of the three major credit bureaus. Because of COVID-19, you’re entitled to one free report each week from each of the three bureaus through April 2022. For the long term, the best strategy is to order a report from a different bureau every four months.
Go to annualcreditreport.com or call 1-877-322-8228. You’ll be asked to provide your name, address, Social Security number and date of birth. If there’s any inaccurate information on your credit reports, use the dispute process to get the information removed or corrected.
15. If there are actually accounts on the credit reports that aren’t yours, you need to do more. Contact the creditors directly by phone to find out whether these are mistakes or whether you’re the victim of more serious identity theft. If it’s the latter, you should take additional steps to protect yourself, including filing an identity-theft affidavit with the Federal Trade Commission (it will provide you with prewritten letters to send to creditors). The FTC site is great and even has a chat function.
16. Strongly consider putting a freeze on your credit files with the major credit bureaus. You should be able to do it in less than 20 minutes total. Check out our step-by-step guide. To do it by phone: Equifax, 800-685-1111; TransUnion, 888-909-8872; and Experian, 888-397-3742. Freezes prevent someone not only from opening credit accounts in your name, but also block someone from fraudulently creating online accounts with the IRS and Social Security Administration.
17. If you’ve put freezes on your credit files, great. But don’t get complacent. Remember that 88% of identity theft involves existing accounts. Freezing your credit files does nothing to protect your existing credit cards, loans or accounts. And a credit freeze doesn’t protect your deposit accounts.
18. Ask your banks, creditors and investment firms whether you can put additional PINs or verbal passwords on your accounts that don’t involve any public record data, such as your date of birth or mother’s maiden name. You want to make sure someone can’t access your accounts for wire transfers or change your contact information without your secret password.
19. If you’ve chosen to get identity theft monitoring, realize that most of these services don’t prevent identity theft -- they just notify you once a problem has been detected.
20. Buy a shredder and use it to destroy sensitive documents.
21. Try to avoid using payment terminals where you swipe the magnetic strip on your card. It's safer to dip your card's EMV chip, visible as a the little silver square on your card. If a store or restaurant has its payment information hacked, information from a mag stripe can be used to create fraudulent cards. But with EMV chip cards, the microprocessor chips are extremely difficult to duplicate. And each transaction is approved using a unique authentication code, which can't be used again. Without a working EMV chip, an authentication code can’t be generated.
22. Pay attention to your credit scores provided on any of your credit card accounts. While the scores may be different than your actual FICO score, they shouldn’t change dramatically from month-to-month. If they do and you’re not sure why, you need to find out. It could be a sign of fraud.