Topics:Internet Security Identity Theft 101 Data Breach News Business Security Tax Identity Theft Medical Identity Theft Scams
Guest Post by Kayla Matthews In this age of massive data breaches, identity theft is arguably more likely now compared to when people did not share their information so freely online. One of the precautions you can take to protect against identity theft is to activate a credit freeze. Here's a breakdown about what that means, plus what else you can do to keep your identity safe. What is a credit freeze? A credit freeze, also known as a security freeze, closes access to your credit report. Then, it's harder for people to fraudulently open new accounts in your name. Creditors generally want to see your credit report before finalizing any agreements related to new accounts. If they can't, they likely won't let you, or any person who stole your identity, proceed with creating an account. How do you apply a credit freeze? Freezing access to your credit report requires separately contacting each of the three main credit reporting bureaus. Whether you do so by phone or online, the process involves answering some questions to verify your identity, such as giving your name, birth date, and social security number. Some people may remember applying for a credit freeze a while ago and cannot recall if it's still in place. If you're in that situation, the credit reporting bureaus offer various ways to check, including by calling phone numbers and logging into online interfaces. How do you lift a credit freeze? After receiving your request to freeze your credit, a credit reporting bureau may provide you with a PIN. You'll need it to lift the credit freeze at any point in the future. However, if you did not get a PIN, the process of unfreezing your credit typically requires logging into a dedicated portal and providing your username and password, plus answering questions to prove your identity. You can also initiate a lift over the phone or by mail. People who did receive PINs but lost them still have several options to pursue. However, the specific process you go through for regaining the access that lets you lift the freeze varies with each credit reporting agency. Remember that a credit freeze restricts access to your account. That means if you want to apply for a new credit card, for example, you'll need to lift the freeze temporarily. There is no charge to do it and no impact on your credit report. Additionally, a credit thaw is a long-term choice for unfreezing credit. People who may need to open several new accounts in a relatively short period, such as after a move, may find that option is best for them. The steps you take for thawing a credit freeze are the same as for a shorter lift. If you request a credit freeze lift over the phone or online, representatives will do it within an hour of hearing from you. In contrast, when you initiate a request by mail, they'll take care of it within three days of receipt. Options beyond credit freezes Credit freezes can sometimes provide people with a false sense of security. They only make it harder for people to open new accounts and don't impact existing ones. Moreover, pulling information from applicants' credit reports is something most creditors do, but it is not a requirement. Due to those limitations, some people opt to initiate fraud alerts instead. A fraud alert requires potential lenders to take extra identity verification steps, usually by asking the applicant to consent to a phone call or face-to-face meeting. Fraud alerts last from one to seven years, depending on the type you opt to request. Unlike a credit freeze, you only need to contact one of the three credit reporting bureaus to place a fraud alert. Current law in the United States requires the entity you communicate with to reach out to the other two. Moreover, consider whether a credit lock suits your needs. A lock serves the same purpose as a credit freeze, but you can deactivate it with an app. However, whereas state laws govern credit freezes, the credit lock specifics get spelled out within a contract between you and the credit bureau. Most entities that provide credit lock services charge monthly fees, too. A credit freeze is generally better than a lock, but it's still smart to know about both.It's also worthwhile to activate two-factor authentication (2FA) on your bank accounts and any other websites you access that could give people sensitive information they may use to impersonate you. 2FA is an effective identity theft measure because it means that your username and password are not enough to grant access. A person must also have another piece of information — often a temporary code sent to a smartphone — to get into an account. Finally, examine your bank statements, regularly and check your credit report at least once a year for suspicious activity. Federal law in the United States allows residents to get free copies of their credit reports annually. However, many credit card companies offer credit monitoring that shows how your credit activity and overall score differs from month to month. Staying aware of any changes could help you spot identity theft evidence early. Decisive action prevents disastrous consequences Identity theft is a scary prospect. While there is no guaranteed way to safeguard against it, understanding your options and selecting the right precautions for you can give valuable peace of mind. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Kayla Matthews As the 2020 census draws nearer, you may be concerned about identity theft. The U.S. census only happens once every ten years, so you may not be used to what it looks like or how it works. This uncertainty can be stressful, and the presence of scammers doesn't help.The census is a golden opportunity for identity thieves. People across the nation are expecting someone to ask them personal questions, making it easy to get sensitive information just by asking. These scammers may make you wary of participating in the real census.Even with scams aside, the idea of a census can be intimidating. Why is the government asking you questions, and what are they going to do with the answers? Giving away information is uncomfortable, even if it's to an official source.To help settle these fears, here's how the census works, what it won't do and how to avoid a census identity theft scam. How the census works The good news is you have nothing to fear from the real census. The questionnaire won't ask about anything too sensitive, and the government cannot release any of your information by law. The Census Bureau will mail out invitations for the census in March. This survey seeks to determine how many people live in the United States and generate statistics about them, such as homeownership percentage. All of the information you give will relate to this goal.The questionnaire will ask things like how many people live in your home and their ethnicities. It will not ask if you or anyone in your household is a citizen or ask for financial information. To prepare, or to help spot a fake, you can even see the census questions ahead of time.If you haven't responded to the questionnaire by May, census takers will come to your home to make sure you participate. If you're not there when they arrive, they'll leave a notice on your door with a number you can call to set up a visit. Fake census surveys Unfortunately, many people try to take advantage of others by posing as Census Bureau officials. These scams come in many forms, from phone calls to in-person visits. While these fake surveys are potentially dangerous, you can easily spot them.The population count (what most people mean when they refer to the census) occurs just once a decade. But the Census Bureau does send out other surveys regularly. These polls, like the American Community Survey (ACS), may seem suspicious, but there are ways you can be sure of their validity.Census takers do not need to worry about legal implications of revealing their citizenship status or previous criminal penalties to the government, either. The survey doesn’t ask about things like past criminal history or citizenship. A fake survey, however, might have these questions.While official inquiries try only to get a better picture of the population, scams try to access sensitive information for criminal activity. How to spot a scam You can spot if a census or other survey is fake or not in a few ways. The easiest method to figure out if someone is trying to scam you is by looking at the questions they ask. No official government survey will ever ask for the following: Your full social security number Donations or other forms of money Your mother's maiden name Anything on behalf of a political party Your bank account or credit card numbers If you see any questions like these in a poll, it's a fake. If a person comes to your door to conduct the study, you can ask for identification. If their badge does not convince you, you can call your local Census Bureau Regional Office to verify their identity.If you get a questionnaire in the mail, check the return address. Anything from the Census Bureau will come from Jeffersonville, Indiana. What to do if you think you've found a fake If you think you've come across a census scam, the first thing to do is not answer any of the questions. It always helps to be sure, so call a Regional Office or a National Processing Center to verify whether or not it's a real government survey.You can report fraud by calling 800-923-8282 or by going online at FTC.gov/complaint. If you get a suspicious email, you can forward it to [email protected] and then delete it.Lots of scams are out there. Yet if you know what to look for, there's nothing to worry about. With the right knowledge, you have nothing to fear from the 2020 Census. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Kayla Matthews Don't let the funny name fool you. The identity theft tactic known as "smishing" is anything but cute. In fact, it's one of the most personal, invasive and, unfortunately, effective ways to separate somebody from their important information. What is smishing and how does it happen? “Smishing” sounds a little like “phishing.” So what makes them different?Phishing is where an unscrupulous individual attempts to trick somebody else into giving up their account credentials, financial information, or another piece of sensitive personal information. Hackers make these attempts using spam emails, fake (but convincing-looking) websites, social media messaging, instant messages and other communication tools.In phishing and smishing alike, the targeted information typically includes credit card numbers, bank account numbers, Social Security numbers, home addresses, and usernames and passwords for online accounts.Smishing is considered distinct from phishing because it specifically uses SMS and text messages to get in touch with the targeted individual. It earned a name of its own, not to mention increasing media and industry attention, because people tend to take these types of messages more seriously and are more likely to trust and respond to them. What forms does smishing take? Smishing is a textbook case of social engineering, which itself is a consequence of unsecured technologies like email and regulators’ sluggish response to epidemic levels of spam and robocalls. Social engineering is about capturing somebody else’s information for personal gain or conditioning that person to take a desired action later on.The Facebook-Cambridge Analytica scandal uncovered a social engineering campaign designed to identify peoples’ political leanings and then serve them personalized ads designed to either reinforce their biases or compromise their convictions.Most phishing and smishing attempts have a more obvious financial incentive for the party carrying out the deception. Once the fraudsters have the desired information, they can apply for new credit cards in the victim’s name or commit other types of fraud — including mail identity theft, driver’s license identity theft, account takeovers, tax identity theft, child identity theft, health insurance fraud, and many others.Smishing preys on the politically motivated as well, plus individuals in other social circles: People who have supported legitimate fundraisers and causes in the past People participating in online forums and communities People supporting or donating to presidential candidates Ultimately, the best victims for smishing and identity theft are people who are technologically illiterate and potentially lonely or disillusioned. In 2016, 37 percent of seniors in the U.S. reported experiencing some form of fraud. One-fifth of these cases concerned identity theft.Once the fraudster has made contact, they’ll use all the persuasive language they can muster to convince the other party to give up the desired information. How big is the problem of smishing and identity theft? Cases of identity theft declined slightly in 2018 after peaking in 2017. Even so, a 2019 identity theft study found that 14.4 million Americans fell victim to some form of identity fraud in 2018.According to the Federal Trade Commission, one-quarter of identity theft and fraud cases in 2018 involved the loss of money. In total, U.S. consumers lost around $1.48 billion due to fraud and the cost of recovering from fraud.As far as smishing goes, the FTC received complaints of more than 93,300 unwanted text messages in 2018, indicating a 30 percent increase since 2017. As many are fond of saying, the text message is “the new phone call” — and according to tech and cybersecurity experts, criminals are changing their tactics accordingly. How can people protect themselves against smishing? The seductive nature of smishing campaigns, and how best to protect oneself, is best understood with examples. Here’s what to look for: Messages with hyperlinks, claiming the victim has “unused funds” to add to their “digital wallet.” Messages claiming to be from the Social Security Administration or the IRS asking for personal financial information. Messages claiming to be from “tech support” that request account names and passwords in order to “unlock” the account on the victim’s behalf. Messages claiming to be from financial institutions, offering new services in exchange for personal banking information. Fifth Third Bank had to warn customers in three states in 2018 after smishing campaigns made off with around $68,000 from 125 of their customers. In this case, the combination of successful smishing attempts and new “cardless ATMS” — a convenient but perhaps ill-advised feature for legitimate customers — was a recipe for disaster.There are a few steps to take if you believe you’re being targeted by a professional “smisher”:Never respond to requests for personal information received over digital communication channels. Never click on any hyperlinks in a message if it’s from a sender you don’t know or don’t trust. Never install an application through a hyperlink you received in a suspicious message.If somebody contacts you claiming to represent a bank or another company you have a relationship with, hang up immediately. Find the official phone number for the company and call them yourself. Tell them what happened and why you’re concerned. They’ll either confirm it was them or help you get to the bottom of the fraud attempt.Be suspicious of messages that claim a sense of urgency or that use overly friendly language. Many smishing attempts may also have telltale spelling and grammar errors that give them away. If you do receive a suspicious text from a number you don’t recognize, delete it immediately and block the number.Finally, remember to report the incident to the FTC and to the FCC. Common sense can get you out of even the ugliest smishing attempts but bringing justice to those responsible requires collective action. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Kayla Matthews Identity theft happens when someone gets ahold of your private and personal information, such as your Social Security number or bank account information. With access to this data, criminals can make purchases and commit fraud. The elderly are often targets for such scams. They have more money, are less suspicious, and are not always entirely aware of new technology. While this is a concerning topic, here are six ways that seniors can keep themselves safe: 1. Adopt safe online behaviors Identity thieves do most of their work on the internet, so it's important to operate securely online. Always log out of bank and government websites that hold sensitive details. Never post your birthday or location on social media if you can help it. Criminals often grab this information and forge birth certificates and passports with it. Avoid fishy websites — look for a lock symbol in the address bar. Never work on anything confidential on public Wi-Fi. 2. Don't fall for email tricks If you receive an email telling you that you've won a trip to the Bahamas, or that a foreign prince wants to send you $1 million, report it as spam and delete it. Criminals love to send fake rewards or deals, called phishing scams, to victims in hopes that they'll click on it. A good rule of thumb is to never respond to a sender that's offering you money or asking for personal information. Any legitimate organization or company will never ask you do divulge your data like this. 3. Beware of phone calls Have you ever gotten a call from someone claiming to be the IRS? This is a common scam that many Americans fall for. The IRS, along with most government institutions, will probably never contact you by phone. If they need to get in touch, they'll send a letter in the mail. The same goes for calls exclaiming that you've won the lottery. If you answer a call like this, hang up and block the number from your phone. 4. Limit access to your money There are plenty of older adults who allow their family members to help manage their funds. As you age and begin to plan your retirement more thoroughly, you'll want to make sure your money is secure.Consider hiring a designated financial advisor to help you navigate your earnings and use them accordingly. If you prefer to have someone you know to assist you with this, make sure they're trustworthy. 5. Keep physical copies locked away Private documents, like your Social Security card and passport, should remain in a secure place at all times. Choose a designated area that only you and a handful of trusted individuals know. If you ever move, you'll be able to grab your files and ensure no one else has access to them. Caregivers can help protect seniors by overseeing who has access to this information. 6. Consult someone you trust Should you ever be in doubt about how to protect your identity, talk to a family member or friend that you trust. They can help you conduct further research on how to keep your data safe. If you answer an odd phone call or come across suspicious activity in your bank account, contact one of these people. Having trusted confidants in your arsenal is always a great idea. Become informed and prepared today By taking these steps, you can keep yourself safe from criminals. Make sure to operate securely on the internet, be on the lookout for suspicious phone calls, and keep your physical documents guarded. If you're concerned that you've been a victim of identity theft, a host of resources are available to help you. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Kayla Matthews Now that biometric technology has found a place in many people’s lives through their phones and devices, could it help solve the issue of identity theft? If so, how would we get it done? If it’s implemented well, biometric technology is superior to previous security standards. It may not be enough on its own, however, and it introduces several new headaches. Let’s look at some of the potential benefits and some of the problems that could arise out of our using this technology. Why biometrics? The U.S. Federal Trade Commission finds that identity theft victims pay a total of $5 billion out of their own pockets each year to resolve identity theft incidents. The FTC puts the cost for the business community at around $50 billion every year. One of the reasons why this problem is so stubborn is because our technology hasn’t caught up yet. Pew Research polling finds that as many as 39 percent of adults in the United States use similar or identical passwords across accounts and 25 percent knowingly use less-secure passwords than they should. Overall, our password hygiene is poor. Plus, two-factor authentication via email isn’t that safe because email itself isn’t that safe. Biometrics leverage features that are unique to each of us. This includes fingerprints, scans of our retinas, irises or faces, recordings of our voices, prints of our hand geometry and even behavioral characteristics. Many of us are already accustomed to pressing our finger to our phones or holding still for a quick scan with the front-facing camera, but this is a broader category than that. However, each type of biometrics technology generally relies on three components to work: a sensor to collect data, software to interpret the results, and a device to interact with and house the other components. Biometrics are fundamentally safer than passwords and other types of security for several specific reasons. That’s not to say they’re without potential pitfalls, though. Why biometrics work against identity theft Biometrics may soon become an even more common bulwark against identity theft and other types of digital fraud. They are already helping to phase out encryption keys, one-time codes, and traditional passwords in some places. Here are some of the reasons: Biometrics make people the password. Ordinary passwords can be stolen or forgotten. Passwords are more secure with a secondary PIN number, but this doubles the amount of information a user must retain, or that they can misplace or have stolen. Biometrics are more difficult to fake compared to other types of security. For example, two-factor authentication relies on secondary devices which may, themselves, be compromised. Biometrics are becoming more ubiquitous. This is thanks in large part to consumer technology. Research says around a billion fingerprint-reader-equipped phones are sold per year. As a result, 93 percent of top banks in the United States have added biometrics to their mobile apps. For those who’ve experienced identity theft, it is every bit as unpleasant as the name makes it sound. Somebody has compromised and leveraged your very identity to satisfy their own ends. To protect something so personal to you, it just makes good sense to use a type of security that’s equally personal. So far, nothing beats biometrics. The points above cover three things that are vital to the successful rollout of any new security paradigm: it’s more secure than what came before, it’s more convenient, and it has the means to achieve quick adoption. But what is it about identity theft, specifically, that makes biometrics a good fit here?Identity crimes most frequently take the form of social engineering (coercion or deception over the phone or online), mail theft, and credit or debit card theft. The addition of biometrics into the equation would seem to raise the security bar significantly: It’s not enough that a dumpster-diver can spoof your phone number and your address to apply for a personal loan. Your bank can tell it’s not them based on the sound of their voice. It’s not enough that a cyber-criminal has your Social Security number and the login credentials for your health insurance app. In order to order a prescription refill, the app needs a fingerprint scan. It isn’t enough that somebody bought your credit card information on the black market. You’ve locked down your card controls using your fingerprint or face scan. The card is useless to them. Biometrics represent an important addition to the existing cyber-security and identity crime tapestry. At the end of the day, however, even face and fingerprint data is zeroes and ones. Storing our zeroes and ones anyplace still requires a certain leap of faith. What are the problems with biometrics? There may come a day when we use this tech to secure each of our internet accounts, pick up our train tickets and boarding passes, pay for morning coffees, and navigate every interaction with every public institution, from the local library to the IRS. Nevertheless, there are already some stumbling blocks when it comes to using biometrics as the new de-facto security standard: Biometrics aren’t foolproof. Many people became familiar with biometrics technology thanks to smartphones from Apple and Samsung. Neither of these technologies has a perfect track record, meaning dedicated criminals may still find a way in if they want to. High-resolution photos and photorealistic masks can unravel a digital identity built on facial identification. Biometrics have inconsistent appeal. Facial recognition had a 34 percent approval rating among adults in the United States in a recent Morning Consult poll. A similar poll in the U.K. said 54 percent of adults found facial recognition technology creepy. Biometrics are politically divisive. In 2019, San Francisco became the first U.S. city whose board of supervisors voted to ban the use of facial recognition technology within city limits. Police departments already claim to depend on the technology, but civil liberties groups have long opposed its use. Lawmaking on the subject will be inconsistent for many years, and possibly longer. Biometrics require expensive infrastructure. Social Security numbers and other identifiers require infrastructure to use, but not as much as facial recognition cameras or retina scanners. Biometrics may not be cost-effective everywhere. Biometrics cannot be changed. This may be the most critical potential downside to the widespread use of biometrics technology. A password is something the user can change. They can even get a new phone number, email address, PIN or other identifier. But fingerprints, iris scans, and face scans are unique to you and cannot be changed once they’ve become compromised. Like any other packet of data, the digital “key” that is your iris or face scan must be stored securely on a device or transmitted elsewhere for storage and/or processing. Whether in transit or at rest, this intimate data is only as secure as the companies entrusted with it. It’s smart to stay aware of biometrics and other developments in digital security. But like everything that came before, it’s wise not to put all of our faith in any one protective measure, and to take every vendor, developer, and manufacturer’s security claims with a grain of salt. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Kayla MatthewsIdentity theft is a concept we're all familiar with. Commercials on every channel advertise services that can protect you from this type of theft and help you recover if someone steals your identity. What these services don't focus on is medical identity theft, which is becoming more common because it's easier and more lucrative than stealing social security numbers or credit cards. Why is medical identity theft so popular? First, it has to do with the information itself. You can't just cancel your medical history like you can with a stolen credit card. Even if you detect theft, the thief can continue to utilize the data for a longer period. The switch to digital medical data storage has actually made it easier for hackers to steal privileged information, especially if the source isn't familiar with the kind of security measures that could help to keep that data safe. Finally, it's all about the numbers. Not everyone has a credit card or the kind of credit that's worthwhile for identity thieves. Everyone, from the youngest infant to the oldest retiree, has a medical history, which means the potential theft pool is much wider. With this in mind, what are the most common kinds of medical ID theft? 1. Free treatment scams Thieves might use your medical information to receive treatment because they don't have or can't afford their own insurance policies. While this may seem innocent enough, it's still a type of insurance fraud and could cause you to lose your health coverage, increase your premiums, or even ruin your credit history. Warning signs of free treatment scams may include the following: Inaccuracies in your medical records Denied coverage because of preexisting conditions you don't have Sudden changes or increases in insurance premiums False records that could become dangerous if doctors are basing your treatments on them Negative impacts on your credit history as the thieves run up huge hospital bills on your credit Loss of healthcare coverage You might also encounter individuals attempting to steal your medical information by offering you free treatment opportunities. Do not provide your personal information over the phone to anyone, especially things like your social security number or other identifying data that could help the criminal steal your medical records. 2. Prescription drug theft Medical ID thieves might not need medical treatment, but that won't stop them from making off with your protected information. Sometimes, they'll use your medical history to obtain prescription drugs they'll either take themselves or sell on the black market to make even more money. Many of the warning signs for this specific type of theft are similar to the free treatment scams. One thing that is different is that you may find it harder to obtain any controlled substances you take if your medical records indicate that you've already received them — especially with new laws restricting opioid use in the face of the epidemic that's gripping the country. 3. Fraudulent treatment invoicing The third most common medical identity theft is becoming more common every year, so it's important to recognize the warning signs of each type of theft and know how to protect yourself. This type of medical ID theft is invoicing for fraudulent treatments. This one is even more nefarious than other methods because medical professionals may be involved in the theft in exchange for a portion of the profits. This type of medical ID theft is often difficult to detect until it comes back to bite you. You may find yourself paying for treatments you never received, or maxing out your healthcare coverage for the year when you need it most. How can you avoid medical ID theft? What steps can you take to avoid a threat like medical ID theft? To start, pay close attention to the Explanation of Benefits that you receive from your insurance company. Don't just glance over it — examine it closely to make sure that everything on your EoB is something you've received. If you see something that looks wrong, call your insurance provider immediately. At the end of the year, you can request a list of benefits paid throughout the previous calendar year from your insurer. Go over this, as well as your credit report to ensure that there isn't anything amiss. Medical bills will show up on your annual credit report, even if you're not the one who received the treatment. The bottom line If you suspect that someone has stolen your medical information, the first thing you should do is contact a healthcare lawyer to find out what your options are. They'll have the experience and the knowledge to walk you through every step of the process, from putting a freeze on your credit to reclaiming your medical history. If you are a victim of medical identity theft, file a report with both the police and the Federal Trade Commission. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Erin Ellis While identity theft can happen to anyone, you can take steps to reduce your risk. Identity theft is the fraudulent use of an individual’s personal information for financial gain. Identity thieves can use a person’s Social Security Number, mother’s maiden name, date of birth, or account number to open fraudulent new credit card accounts, charge existing credit card accounts, or obtain new loans. The following tips will help you protect yourself from identity theft: Avoid sharing your personal information Don’t give out your personal information or leave it exposed for anyone to see. This includes your home address, phone number, driver’s license, and your Social Security Number. Track your monthly statements Set time aside to track your monthly statements provided by your credit union or bank. Review the overall summary of the activity associated with your account. If you recognize something that’s incorrect, whether it’s an account you didn’t open, transactions you didn’t make, or any other suspicious activity, report it immediately. Your credit union or bank can then work quickly to identify the fraudulent activity and cancel your debit or credit card. Monitor your credit reports on a regular basis Frequently monitor your credit by accessing your reports. This will reveal signs of identity theft, and you may be able to catch it early on. You can check your credit reports for free from three major credit bureaus at annualcreditreport.com. Freeze your credit A credit freeze, also known as a security freeze, is a free tool that allows you to restrict access to your credit report. To fully protect your credit by freezing it, you’re required to initiate a freeze with each of the three major credit bureaus: Equifax, Experian, and TransUnion. After they receive your freeze request, each credit bureau will provide you with a unique PIN or password in case you choose to lift the freeze in the future. This feature makes it more difficult for identity thieves to open new accounts in your name, due to the fact that most creditors need to see your credit report before they approve a new account. If they can’t view your report, they may not extend the credit. Opt out of pre-approved credit card offers An additional way that an ID thief can obtain your personal information is by stealing your mail. Typically, many pre-approved credit card applications arrive in your mailbox. Identity thieves can use your address and send it in. By calling 888-5-OPTOUT, you can opt out of receiving these offers for two years. However, for permanent opt-out status, you can submit your request in writing and send it to the three main credit reporting agencies. Learn more from professional resources By visiting MyCreditUnion.gov, which is hosted by the National Credit Union Association and serves as a financial literacy resource library, you can obtain a wide range of informative articles on finance and fraud prevention. Visit your local credit union or bank to learn more about how you can reduce your risk. PFCU also offers resources and additional information to its members and will work with them to quickly identify suspicious activity and resolve any fraudulent charges. It’s important to anticipate potential risks of identity theft before you fall victim. Once you lose your identity, it can be very difficult to restore it before any major damage is done. Reference these tips, and you’ll be prepared for financial success.Erin Ellis is an Accredited Financial Counselor at Philadelphia Federal Credit Union (PFCU) where she develops PFCU’s financial education curriculum, provides one-one-one counseling with members, and presents financial seminars to PFCU members and a wide network of social services organizations throughout the Philadelphia region. Erin is passionate about helping individuals and families better manage their money and achieve their financial goals.
Identity theft may not be your main concern this tax season, but it definitely should be on your radar. What is tax identity theft or tax-related identity theft? The official IRS website states that “tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.” Although this type of identity theft may sound like a rare occurrence, it actually affects more people than you might think. In fact, according to Fraud.org, “tax identity theft was the single biggest type of identity theft complaints to the Federal Trade Commission in 2014. Conservative estimates put the cost of this fraud to the nation’s taxpayers at $5.2 billion annually.”Clearly, there are reasons why you should be worried about tax identity theft. We asked several identity theft, cybersecurity, and finance experts to explain what they think you need to know about tax identity theft, what you should do if you do fall victim to tax identity theft, and what you can do to reduce your risk of becoming a victim this tax season. Arthur Rosatti, Attorney with Ashley F. Morgan Law, PC What you should know: “It is a big problem that the IRS has been fighting a lot over the past decade. Most people find out they are a victim when they attempt to file their own return and the IRS sends a notice rejecting their return. Not only are taxpayers experiencing ID theft, many scammers are stealing the identity of their children.” What victims should do: “If this happens to an individual, that person will have to submit additional paperwork to the IRS to prove who they are. Specifically, Form 14039 has to be submitted to the IRS. I also include the tax return that was rejected, proof of ID, and proof of residence. If the return is rejected because of a child credit issue, it is often necessary to provide proof of the child and that you are the parent/guardian responsible for the child's care.”What you should do: “File as soon as possible, check your credit report regularly, and get a PIN from the IRS. Also, just guard your social security number as much as possible.” Steve Weiseman, Lawyer, College Professor, Author, and Identity Theft/Scam Expert at Scamicide What you should know: “Income tax identity theft, by which identity thieves file phony income tax returns with counterfeit W-2s using the Social Security number and name of their victims is still a major problem for the IRS and taxpayers, costing us all billions of dollars each year. Although the IRS has gotten a bit better about detecting income tax identity theft, it is still a multi-billion dollar problem each year and if it happens to you, it can create great problems and delays in getting your legitimate income tax refund. You find out that you have been a victim when you are contacted by the IRS informing you that an income tax return has already been filed using your Social Security number, and they cannot process your return and provide your refund until they have finished an investigation.In 2015, a report of the Treasury Inspector General for Tax Administration (TIGTA) disclosed that despite IRS assurances to the contrary, it took the IRS an average of 278 days to resolve individual income tax identity theft cases and return the rightfully owed tax refund to the victimized taxpayer. In a heartening example of some good news, TIGTA now says that the IRS has lowered the time to resolve the income tax identity theft cases of individual taxpayers to 166 days, which, although to my mind, is still too long, is a significant improvement. Recently, however, through the joint efforts of the Federal Trade Commission (FTC) and the IRS, you can now file electronically an IRS Form 14039 which is the form necessary to report if you have become a victim of income tax identity theft to the IRS. Being able to file this form now electronically should speed up the process of the IRS investigation of instances of income tax identity theft and reduce the time before you can get your income tax refund if one is due.”What you should do: “Along with protecting the privacy of your Social Security number as much as possible, the best thing you can do to protect yourself from income tax identity theft is to file your income tax return as soon as possible in order to make sure your return is filed prior to that of an identity thief. Income tax identity theft only works if the identity thief files a tax return before you do.In order to file a Form 14039 electronically, you should go to the FTC's www.Identitytheft.gov website where you will be asked questions necessary to automatically complete the form. Once the form is completed, you will be able to review it and, if it meets with your approval, submit the form directly to the IRS through the www.Identitytheft.gov website. You should also download and print out a copy of the form for your own records as well. You should receive a confirmation from the IRS of receipt of the form within thirty days.”What victims should do: “If you do find yourself a victim of income tax identity theft, you should file a police report immediately and then file a paper tax return with an attached Form 14039 Identity Theft Affidavit along with a copy of the police report to the IRS to hasten the process of recovering your tax refund.” Vincenzo Villamena, CEO of Global Expat Advisors What you should know: “If one tries to e-file their tax return and it is not accepted due to a duplicate copy already being filed, then they are likely subject to tax identity theft. In most cases, the perpetrators file these fraudulent returns early, so they are ahead of the victim in order to get their return accepted by the IRS first and before the IRS begins to catch on to the theft. Generally speaking, the person’s refund will be deposited in a bank account or more often taken in the form of a prepaid debit card which can be used for purchases or resold on the open market.”What victims should do: “They should contact the IRS immediately to inform them of the theft. They will have to paper file with a special pin for a number of years ago. The most important thing is to let the IRS know so the real tax return will be accepted properly and without penalty.”What you should do: “Be careful where you upload tax documents and send documents with your Social Security number. These documents should always be stored on secure servers with 256-bit encryption. Furthermore, do not send tax documents over email unless password-protected; however it would be better if uploaded on a secure server. The IRS will never call you, so do not believe any robo-dialed phone calls. I have seen an increased number of phone scams this year where people are asked to pay off IRS debt or confirm their Social Security number over the phone. They are threatened with large fines or jail time, but this is completely fake as the IRS will never call or email anyone; all correspondence is via snail mail. Please be sure that the IRS has an updated mailing address on file so that valid correspondence will reach you.” Steven Hausman, President of Hausman Technology Presentations What you should know: “One of the best things to do to determine if you have been a victim of identity theft is to check regularly your credit reports at the three major credit reporting bureaus. Since you are allowed one free report each year, you should request one report from one of these bureaus every four months. There are also certain services which state that they are continually trolling the internet for fraudulent uses of your social security number and other personal information.There are also some telltale signs that your personal information has been compromised: You get a copy of your tax return from the Internal Revenue Service when you had not requested it. You have filed your annual federal tax return and find that it has been rejected because someone else had filed it previously. Similarly, you get a tax refund from a return that you have not yet filed. You do not receive bills or mail that you have been used to receiving in the past. This could be an indication that thieves may have used your personal information to change your address. If you should apply for credit and find that you are rejected or when you check your FICO score, and you find that it has gotten much lower. This may be because criminals are trying to open credit card accounts in your name. You note that you are getting bills for purchases you did not make and that your credit card account(s) may have unauthorized transactions on the monthly bill. In accounts where you have implemented two-factor authentication (which you should do), you find that you are getting alerts from the bank. This could mean that someone is attempting to access your account because they may have some of your personal information. You may find a number of very small charges on your credit card. This could be because someone has stolen this information and is checking to make sure the card is still active before making a number of very large purchases. You might be rejected for credit. You might receive mail from the Internal Revenue Service because someone requested documentation online from the IRS but was unable to get it because of their security protocols. In that case, the IRS might send it to your address of record by mail. In addition, it is possible that your electronically-filed tax return is rejected. The latter circumstance might be due to the fact that a criminal has already filed a fraudulent tax return in your name in the hopes of obtaining a refund. When you check your credit card bill at the end of the month (and you must check your bill in detail each month) some charges might show up that you did not make. You do not receive bills that you would ordinarily expect to receive. This might mean that a thief has taken over your billing address. If you have an employer and someone has stolen your Social Security number they may attempt to file for unemployment benefits in your name. In such a case, your current employer may notify you that this has occurred. There may be a number of small charges on your credit card statement for a few dollars each. This may be because criminals are testing to see if the credit card number they have stolen from you is still valid and active.” What victims should do: “There are some very specific things to do. These include the following: File a crime report with your local police department File a report with the Federal Trade Commission Place a fraud alert on all your credit reports (also see where I have indicated applying a credit freeze below) Make sure that your rigorously review your credit card statements every month for erroneous charges Consider opening new credit card accounts and bank accounts Make certain that you utilize strong passwords on all of your online accounts Purchase a micro-cut shredder and use it regularly to destroy all financial records File an identity theft affidavit (Form IRS 14039) with the Internal Revenue Service Do not carry your Social Security card with you Do not place any personal information on social media sites or use inaccurate information (Do you really need to list your birthday for everyone to see?) Should you get a PIN number for your tax returns?Absolutely yes. One of the main concerns with any cyber breach where your social security number may have been obtained is that someone can file a tax return in your stead earlier in the year than you may file. Any return that the crook has filed will be sure to be eligible for a refund (why else would they file?) which they will then cash. If, however, you have the six-digit PIN from the IRS, they would need to know that before filing. If you complete the identity theft affidavit (Form IRS 14039) for the IRS, they can supply this PIN. You can also obtain a PIN online from the IRS.” What you should do: “. . . place a freeze on all of your credit accounts. This means that no one will be able to apply for a credit card or any sort of credit in your name without removing the freeze. I understand that some people might find this inconvenient, but the freeze can be easily removed temporarily for a short period of time if you should have the need to apply for a loan or a new credit card. A small amount of inconvenience, in my opinion, is minor when compared to resolving the consequences of identity theft and having large credit card bills or a fraudulent tax return being submitted in your name.” Bob Harkson, CFP, Chief Financial Planner at Phase 2 Wealth Advisors What you should know: “This occurs when a tax scammer obtains (steals) your personal information. A tax return is then filed in your name, typically claiming a large, but bogus, tax refund. That tax refund is then routed to an address that is not yours. The fraudsters will receive the money whether you were actually owed a refund. A person typically finds out they were a victim of this scam when they go to file a return and it is rejected by the IRS because ‘you have already filed a return’.The IRS doesn't initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information. You will be initially contacted by mail. Another scam is to receive a call with a caller ID that says IRS, don’t be fooled.”What you should do: “File early — Less time for scammers to get to you, be diligent with passwords — change them frequently and make them complex, (and) guard your personal information. Shred documents with personal information. Save it to secure online storage or be sure your computer is encrypted.” Jamie Cambell, Cybersecurity Expert and Founder of GoBestVPN What you should know: “You should look for tax-related issues that come up when you're not expecting it. (For instance) you have issues when filing a tax return because more than one tax return was filed using your identity (or) you have pending actions or receive notices for a tax return you didn't file.What victims should do: Immediately contact the authorities. File a report with the FTC; they have a dedicated website for this because it happens so frequently: https://www.identitytheft.gov/Assistant Contact your financial institutions (banks) and find out if there are any cards or accounts opened without your permission, and close them immediately. Change all your credentials and make sure to add additional security layers for logging in and opening new cards and accounts. What you should do: Keep your devices clean. Make sure you don't have viruses installed on your devices and don't visit random websites. Don't open emails from strangers. Have a secure password. There are plenty of articles online about generating a secure password and securely managing them. Have 2FA for logging into important services like your financial products. Have additional security layers for opening new cards or accounts. Banks allow this; you can ask them to make sure you say a special phrase or a string of numbers before taking any actions on your account. Justin Lavelle, Chief Communications Director of BeenVerified.com What you should know: “Tax identity theft was the number one type of identity theft according to the Federal Trade Commission in past years.There is no foolproof way of avoiding tax identity fraud. Since Social Security numbers and other personal information are so widely available on cyber black markets, chances are that scammers already have the information they need to commit tax identity fraud against you. It’s your job to stay on top of your financial information to catch anything that looks suspicious.”What you should do: “File your taxes as early as possible during tax season. Scammers depend on the fact that many taxpayers wait until late in tax-filing season to file. Filing early reduces the risk that a tax identity thief will be able to use your personal information to file fraudulently ahead of you. Scammers will also try and file your tax return as early as possible.Thieves don’t need your credit card number or bank account information to steal your identity. A thief just needs one piece of information about you and they can easily gain access to the rest. It’s a common mistake thinking that a thief needs your actual credit card or credit card number to create an identity theft situation, but that’s no longer the case. Make sure to secure birth certificates, Social Security cards, credit cards that aren’t in use and passports in a safe deposit box or in a safe hidden at home.Pay extra attention to snail mail. Snail mail identity theft is still very much a thing. Watch for your monthly billing statements from creditors and banks. Take note and check on statements that have not arrived, as it could be a sign your mail has been intercepted. If you order new checks, choose to pick them up at the bank vs. having them mailed. Also, never put mail in your private post box to be picked up by the mailman. Always put mail in a U.S. Postal Service mailbox.Carefully review any financial statements monthly. Always watch your statements for suspicious activity and charges that appear that aren’t known. This is one of the best ways to catch fraud before it goes very far.”How to know if you are a victim: You do not receive one or more of your monthly bank and financial statements in the mail. You find withdrawals from your bank account that you didn’t make. You find unfamiliar accounts or charges on your credit report. Your medical providers bill you for services you didn’t use or reject claims because you’ve maxed out your benefits. You’ve been notified your information was compromised by a data breach at a company where you do business or have an account. You’ve received notice from the IRS that more than one tax return was filed in your name. What victims should do: Contact the IRS asap. Alert them to what’s going on and how you found out. Place a credit freeze, fraud alert, and/or credit lock on your credit file. Report the identity theft to the FTC and they’ll provide you with a step-by-step recovery plan. Get copies of your credit report from each of the credit bureaus. File a police report. Additional ways you can prevent tax identity theft: Limit the amount of credit cards and personal information (such as passport, social security card, etc.) you carry with you. Take only the cards and information you need. Secure your personal records at home in a lockbox or safe. Keep them hidden in a safe place in your home. Safeguard your personal information online. Don't put personal information such as your birth date on a personal computer profile or social media website. Never provide personal or financial information unless a website site is secure (look for the security padlock in the web browser). Use passwords and change them regularly. Use a combination of letters, numbers, and symbols. Create different passwords for different social media sites, shopping sites, email, etc. Protect your home computer by using a firewall and secure browser, always maintaining current virus protection and avoiding an automatic log-in process. Always sign the back of your credit cards with ‘Ask for photo ID.’ This makes people check your ID before a purchase is made. Use a credit card, not a debit card, when shopping online. Only shop with companies you trust or have done business with in the past. Keep your SSN private. Never give out personal information on the phone to someone claiming to be from the IRS. The IRS will only contact through the mail. Jon Murphy, Cybersecurity Vice President for alliantgroup & Dhaval Jadav, CEO of alliantgroup What you should know: “Tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund. You may be unaware that this has happened until you efile your return and discover that a return already has been filed using your SSN. Here’s how to know if you’ve been a victim of tax identity theft: More than one tax return was filed and your return was rejected. You owe additional tax, have a balance due, refund offset, or have had collection actions taken against them. IRS records indicate you received more wages than you actually earned. If someone uses your SSN to get a job, the employer may report that person’s income to the IRS using your SSN. IRS records will show you failed to report all your income. The agency will send you a notice or letter saying you have wages you didn’t report. State or federal benefits were reduced or canceled because the agency involved received information reporting an income change. An unexpected letter arrives from the IRS or Missouri Department of Revenue which does not appear to apply to you.” What victims should do: File a report with the local police. File a complaint with the Federal Trade Commission atwww.consumer.ftc.gov or the FTC Identity Theft hotline at 877-438-4338 or TTY 866-653-4261. Contact one of the three major credit bureaus to place a “fraud alert’ on your account: Equifax – www.equifax.com, 800-525-6285 Experian – www.experian.com, 888-397-3742 TransUnion – www.transunion.com, 800-680-7289 Close any accounts that have been tampered with or opened fraudulently. If your SSN has been compromised and you know or suspect you may be a victim of tax-related identity theft, take these additional steps: Respond immediately to any IRS notice; call the number provided. Complete IRS Form 14039, Identity Theft Affidavit. Use a fillable form at IRS.gov, print, then mail or fax according to instructions. Continue to pay your taxes and file your tax return, even if you must do so by paper. If you previously contacted the IRS and did not have a resolution, contact the Identity Protection Specialized Unit at 800-908-4490. The IRS has teams available to assist. What you should do: File your tax return as early as possible. Protect your taxpayer PIN. Use unique, complex passwords or a password manager program religiously. Use multi-factor authorization everywhere you can (bank, email, social media, etc.). Beware of phishing by phone, SMS/text, and email. Use a shredder. Collect your mail regularly and use a lock on the box if you can. Don’t carry your Social Security card or any documents that include your Social Security number (SSN) or Individual Taxpayer Identification Number (ITIN). Don’t give a business your SSN or ITIN just because they ask. Give it only when required. Protect your financial information. Check your credit report every 12 months. Review your Social Security Administration earnings statement annually. Secure personal information in your home. Protect your personal computers by using firewalls and anti-spam/virus software, updating security patches. Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with. The bottom line As this tax season approaches, it’s important that you keep tax identity theft in mind. As the experts have explained, there are plenty of ways to lessen your risk of becoming a tax identity theft victim. Simply increasing your knowledge of tax identity theft can help. If you can follow the advice in this article, do your own research, and make sure you stay up-to-date on the latest identity theft trends, you will increase your chances of successfully avoiding this type of identity theft.
This is Part 2 of a two-part article. Read Part 1 here. It’s impossible to be 100 percent accurate when it comes to predicting future identity theft, scam, and data breach trends. In our previous article, a variety of experts provided their predictions for 2019 identity theft, scam, and data breach trends. Simply knowing what potential trends may take place in 2019 can help you prepare for what lies ahead. Although you won’t be able to completely protect yourself against these threats, you can at least learn how to lessen your risk of becoming a victim. We asked the experts to provide some helpful preventative steps you can follow if you are unsure of what you can do to avoid the potential 2019 identity theft and scam crimes. Here’s what they said. Be cautious with your email “When checking your email, stay suspicious and on alert. Often times a fraudulent email will try to scare you by saying something was stolen or that you’ve won a prize. Rather than clicking on links from your email, just go directly to the actual website and sign in how you normally would. You should also have some form of internet security installed. Norton AntiVirus or McAfee SiteAdvisor are two helpful tools that can prevent disaster in the event you do open a malicious email.” — Brian Gill, CEO of Gillware Data Recovery“The key defense is to remember my motto: trust me, you can't trust anyone. Never click on any link or download any attachment unless you have independently confirmed that the communication was legitimate.” — Steve Wiseman, Professor at Bentley University, Author and Blog Writer for Scamicide Monitor your bank accounts and use strong passwords “In order to protect your personal information you should consistently monitor your bank/email accounts and financial reports. Make sure to report any suspicious incident to the right authority. Don’t hesitate to call the companies involved and to file an identity theft complaint with the FTC. Also, in order to prevent online identity theft, you should use a secure mailbox, strong and unique passwords, set up two-factor authentication for as many online services as possible, a VPN (there are several free solutions you could use) and don’t forget to connect through https over http, especially when you use an online payment service.” — Mihai Corbuleac, Senior IT Consultant at ComputerSupport“Don’t ever share banking information or passwords online. Most companies won’t require this information from you. If you’re unsure about transmitting your information online, do the transaction over the phone with a real person. Make sure you always have an active virus and malware scanner running.” — Ian McClarty, President and CEO of PhoenixNAP Global IT Services“Be sure to change your passwords every six months and use strong password combos with numbers and symbols when possible and at least 12 characters in length so they are difficult to hack. These are some of the most hackable passwords and password combinations: 123456 Password Letmein Qwerty — or mnbvcx (or any keys in sequence on your keyboard) Your initials followed by your age Telephone numbers Pet or kid names Repeating dictionary words, like appleapple or dogdog Passwords that have remained the same since you established an email account. Also, be sure to enable two-factor authentication, or multi-factor authentication on your accounts and devices when it’s available. MFA makes it extremely difficult for hackers to compromise the security of computer networks, because they must infiltrate multiple layers of defense, instead of just decoding one password. If hackers do succeed in guessing a password, they must still breach additional authentication types before they can reach their target. One of the best benefits of using an MFA process is the long-term security it provides due to ensuring only individual account owners can access their login credentials.Consider using a password manager app. Look for a password manager that is cloud-based and stores passwords in a vault in an encrypted form. That way, even when a breach occurs and data is stolen, criminals must break the encryption to see a user’s passwords. This can be nearly impossible with industry-standard encryption like the Advanced Encryption Standard, or AES.Make sure the password manager offers two-factor authentication. 2FA does a good job of allowing only individual account owners access to their login credentials. If hackers do succeed in guessing a password, they must still breach additional authentication steps before they can reach important data. Use a strong master password, but change it every 60 to 90 days.” — Mark Foust, Chief Product Evangelist for Optimal IdMUse encrypted passwords, change your passwords every few months, remove private information about you from the web (when possible), secure your home network, ask your company how they store your private information, and never send private financial information by email. — Johnny Santiago, Brand Partnerships Manager at Social Catfish“Promptly changing the default password on any new Internet of Things devices is important to help protect yourself and making sure your router is up to date with the latest security and privacy settings.” — Wiseman Secure your cell phone account “Specifically for protecting against SIM hijacking or number porting scams, some of the major U.S. cell phone providers have introduced new security features to harden your account. For example, AT&T allows customers to add a passcode to their accounts. This is separate from the password customers use to log into their accounts online and is required to make significant changes to the account. It doesn't prevent bribery working on individual employees, but it does make it much harder to pull off the scam purely via social engineering. You should enable this if the option is available.Finally, having control of number means that hackers can bypass two-factor authentication. So if possible, you should remove your phone number from any account that could interest hackers and use a different form of 2FA such as Google Authenticator or a U2F device like a Google Titan Security Key. Of course, you can still link a type of phone number to those accounts, but I suggest a VoIP number, like a Google Voice number, that is SIM hijack-proof. You must protect this number as well, using a strong password, two-factor authentication on the account, and making sure it doesn’t expire if it's not in use that often.” — Brandon Ackroyd, Mobile Security Expert and Founder of Tiger Mobiles Be careful with your medical information “Any paperwork with sensitive information should be shredded and disposed of properly. If possible, try to maintain record keeping in a digital format, rather than physical. Be wary of any phishing emails who may try to exploit you to gain access to your accounts. Avoid giving out your medical information over email or on the phone, unless you have already signed an authorization to do so. If available, always sign up for multi-factor authentication for online portals, which sends a pin code to your phone as a secondary security measure anytime you are trying to login to your account.” — Adnan Raja, Vice President of Marketing for Atlantic Net Freeze your credit “The tips for protecting our personal information and identities in 2019 are the same as 2018 and earlier. Don’t open email attachments, use common sense, and if it’s too good to be true, it probably isn’t true. A new personal defense over the past couple years might be to contact the major credit reporting agencies and freeze our credit. With our credit frozen, credit reporting agencies can’t report on our credit histories, so nobody can impersonate us to take out credit in our names.” — Greg Scott, Author and Cybersecurity Professional “We also should put a credit freeze on our credit reports at each of the three major credit reporting agencies. Under recent federal law, this can be done now at no cost and is easy to do. In addition, the new federal law also permits credit freezes for children. All parents should do this because child identity theft is now a huge problem. Credit monitoring is also important to do." — Wiseman Pay with cash and don’t let your guard down “Keep yourself safe from skimming by paying with cash whenever possible. If you prefer to use a card, opt for a credit card rather than a debit card, as they come with reliable fraud-protection measures. Review your transactions routinely to identify fraudulent charges as quickly as possible.Be suspicious of phone calls that involve you handing over personal information. If you’re even a little uncertain, hang up, and then call the official number yourself to determine whether the caller was legitimate. If you believe you’ve already fallen victim to identity theft, be sure to freeze your credit reports. This prevents new credit accounts from being opened in your name without your permission.” — Sean Messier, Credit Industry Analyst at Credit Card Insider Be wary of scam phone calls “There are a number of services that can help protect against robocalls, such as Nomorobo which I use personally. In addition, you should never give personal information including credit card information to anyone over the phone whom you have not called. If a call appears to be an emergency requiring personal information from you, you should hang up and call the real institution, such as your bank at a telephone number that you know is legitimate to confirm that the call is a scam.” — Wiseman Invest in your personal and business security “For people/business who want to protect their identity and data in 2019, they should strengthen their passwords with two-step authentication like security questions or pin numbers, secure their network with a VPN, which will encrypt their data in transfer, start saving to the cloud instead of to removable storage like USB drives (which can be easily lost or stolen), update their software when prompted to install ‘patches’ or fixes to detected issues, (and) invest in cyber liability insurance to cover the costs of a hack.” — Keri Lindenmuth, Marketing Manager at The Kyle David Group, LLC The bottom line Key Takeaways: Take these steps to avoid various identity theft and scam crimes • Be cautious with your email • Monitor your bank accounts and use strong passwords • Secure your cell phone account • Be careful with your medical information • Freeze your credit • Pay with cash and don’t let your guard down • Be wary of scam phone calls • Invest in your personal and business security By following the steps mentioned above and making sure you stay on top of the latest identity theft, scam, and data breach news, you will have a better chance of protecting yourself against these types of crimes in 2019. Additionally, you can look into getting professional identity theft protection services if you want extra help protecting yourself and your loved ones from the many types of identity theft.
This is Part 1 of a two-part article. Read Part 2 here. From 2017 to 2018, the U.S. population experienced an abundance of serious data breaches which traumatized millions of people. Here is a look at a couple of major data breaches that occurred between 2017 and 2018: Although the data breaches listed above affected a large portion of the U.S. population, they are not the only data breaches that took place in 2017 and 2018. According to the Identity Theft Resource Center, there were 1,632 data breaches that occurred in the United States in 2017 and 1,244 data breaches in 2018. Although the number of data breaches recorded in 2018 was less than 2017, the Identity Theft Resource Center’s report provided that “the reported number of consumer records containing sensitive personally identifiable information (PII) jumped significantly” in 2018. In addition to data breaches, millions of people were affected by identity theft and scam crimes that took place in 2017 and 2018. Although there is no absolute way to avoid identity theft, scams, and data breaches, you can lessen your risks if you know what to prepare for. We asked a few experts to predict 2019 scam and identity theft trends. Here’s what they said: Data breaches “In regard to data breaches, things aren't as bad as you think. They are far worse. Personal information stolen through data breaches continues to be a major problem and one that puts people in danger of identity theft for the rest of their lives when the information stolen includes Social Security numbers. Too many entities with insufficient security hold too much personal information and these entities whether they are companies or government agencies have been and continue to be vulnerable targets for hackers. Therefore people must do whatever they can to limit the places that have their personal information. For instance, your doctor may ask for your Social Security number, but he or she does not need it.” — Steve Wiseman, Professor at Bentley University, Author and Blog Writer for Scamicide“We’ll probably see a few more sensational data breach headlines this year, but the truth is, data breaches happen every day, all over the world. Dozens make the news every month, and many more go unreported. I don’t see any difference between 2019 and 2018, other than 2019 will have more than 2018. Ransomware attacks might become even more commonplace because they’re easy to setup and maddening to trace.” — Greg Scott, Author and Cybersecurity Professional “When it comes to identity theft, by far the biggest threat in 2019 comes from large scale data breaches. In what’s become a shocking trend, the occurrence of these massive data breaches has dramatically increased over the past few years. And that trend shows no signs of slowing down, even with the increased awareness surrounding the issue.” — Doug Brennan, Cybersecurity Expert and Digital Addicts Blog Manager Business threats “In 2019, businesses should be on the lookout for threats that are coming from the inside/from their own employees, compared to remote threats from overseas. A majority of data threats are posed by employees who do not have education on cybersecurity. For example, phishing emails are gaining prominence. Some of the biggest hacks have occurred because someone opened an email from a malicious sender.Expect to see businesses investing in more internal security training to teach employees the proper way to create passwords, how to identify phishing emails, how to properly store and delete data, etc.” — Keri Lindenmuth, Marketing Manager at The Kyle David Group, LLC“Even if you keep your home network safe, if your company is hacked (even when you’re only an employee), you are subject to personal identity theft from the information that is stolen. According to the FBI’s IC3’s 2017 Crime Report, out of all types of victim loss reported, the most money lost was through Business Email Compromise and Email Account Compromise. This means that a hacker can break into your company’s data and garnish your social security number, home address, full name, driver’s license number, and more. While this might have been easy to trace in the past, skilled hackers no longer leave a web trail that an expert can easily catch. They take the stolen data to the dark web and sell it to the highest bidder.” — Johnny Santiago, Brand Partnerships Manager at Social Catfish“Organizations need to be prepared for malicious breaches and cyber attacks, many of which are delivered by way of email. Fraudulent emails come in all shapes and sizes, but I’ll share some tips to help anyone easily identify them. If you receive an email where the ‘To’ field is left blank, it’s a clear signal that it didn’t come from the perceived sender. When an email from a company has spelling errors or bad grammar, it should be another warning sign. Large companies have copywriters and editors who make sure email communications are grammatically correct. Also, if the email begins with ‘Hello’ but doesn’t actually state your name, that’s another red flag.” — Brian Gill, CEO of Gillware Data Recovery Identity theft types “Synthetic identity theft is also increasing as a problem. This is where some of your information is joined with information about others or made up information to form a totally synthetic identity.” — Wiseman “Sophisticated identity theft is on the rise. This is a type of fingerless identity theft where hackers can be overseas and steal your information and then sell it remotely from the dark web. They are protected by the privacy veil of the dark internet, where they can sell your information to another hacker who will use it fraudulently and steal from your accounts, max out your credit cards, sell your information to someone who might impersonate you, and put you at risk in your financial world. Victims of identity theft subsequently don’t get hired for jobs that run background or credit checks or even miss out on the ability to purchase a home or rent a property.” — Santiago“Medical identity theft is a rapidly growing problem that will likely get worse before it gets better. This can lead to long-term financial difficulties due to issues with debt collectors and credit issues. Patients can experience problems with their insurance copays and maximums because of fraudulent use. The list of problems goes on and on.” — Adnan Raja, Vice President of Marketing for Atlantic Net“In 2019, cyber-attacks will be more versatile than ever before. People should be aware of the most common types of identity theft as for instance account takeover, mail identity theft, child/senior identity theft etc. However, according to the Federal Trade Commission (FTC), the most popular type of ID theft in 2018, which will probably remain a real threat in 2019 is synthetic identity theft. This type of ID theft combines real and fake personal information to create a new identity using sensitive data such as names, SSNs, and addresses that can be obtained on the dark web. So, if you start to receive phone calls or mail asking about new credit accounts or if you receive mail addressed to a different name, those are signs of synthetic ID theft.” — Mihai Corbuleac, Senior IT Consultant at ComputerSupport Additional scams “Credit card skimming and shimming will likely continue to make local headlines as technology improves. While card skimming is a renowned scam, shimming takes the crime to the next level with specific tech designed to record information from chip-enabled credit cards, which had previously been considered the more secure alternative to cards with magnetic strips.Simplistic phone scams have remained popular, because modern technology enables effortless spoofing of legitimate phone numbers that belong to government agencies and other reputable organizations. Phone scams often use a combination of trust and urgency to convince victims to fork over social security numbers or credit card account information.” — Sean Messier, Credit Industry Analyst at Credit Card Insider“I see sim hijacking causing problems in 2019 if the providers don't clamp down on it. This scam works when criminals call a cell phone carrier’s tech support number pretending to be their target. They inform the call center employee that they have ‘lost’ their SIM card, and need their phone number to be transferred, or ported, to a new SIM card that the hackers themselves already own. This works via social engineering — and maybe with other info they have sourced, be it on the dark web, such as a Social Security Number or home address (this info can be readily available due to the many data breaches that have happened in the last few years)—the criminals convince the employee that they really are whom they claim to be, and the employee ports the phone number to the new SIM card.In some cases, bribery is involved with rogue employees porting numbers against company policy for a fee from the hackers.Once the hacker controls your phone number, they can impersonate you with other service providers, such as with your Instagram or an email provider, by using your phone number to change your password and then also taking control of your email. For example, they can go to gmail.com, type in your email, click on ‘Forgot Password’. Then Google sends a text message verification code to your phone number – which the hacker receives instead of you.” — Brandon Ackroyd, Mobile Security Expert and Founder of Tiger Mobiles“For every correction that companies and the government try to make, a skilled hacker spends his or her time, energy, and expertise undoing those safeguards and working around them. As home networks begin to rely on smart devices like Google Home, Echo by Amazon, or Portal by Facebook, there have been documented errors and hacks. In one situation, Google Home recorded and sent data without consent. In 2018, devices like Google Home, Echo Dot, and Portal became popular. However, 2019 is the year that (next to) everyone will have a home smart device or smart home and hackers are waiting. These devices are revolutionizing the way we live and how much we allow electronics to conform our relationships and security. As more people make their household digital, home security devices will become the most popular items to hack.” — Santiago“Scams originating with phone calls whether robocalls or scammers calling personally are growing as a problem. This problem is magnified by the use of a technique called ‘spoofing’ by which scammers are able to manipulate their victim's Caller ID to make the call appear to be from a legitimate source, such as the IRS. The increasing presence of the Internet of Things in our lives with smart televisions, toys and other devices connected to the Internet provides an opportunity for hackers to get at our computers and our data through these devices for purposes of identity theft or install malware such as ransomware. Spear phishing is getting increasingly sophisticated. Spear phishing is specifically targeted emails and text messages that uses information about us to tailor these messages in a manner that we will trust these communications and click on links or attachments which result in malware being downloaded.” — Wiseman“A despicable tactic that’s gaining popularity with hackers is digital blackmailing. A hacker steals an email list and sends messages that threaten to expose a person engaging in an illegal or unethical act. Some instances of digital blackmail don’t involve lies about web surfing. A hacker can gain access to a webcam and capture intimate pictures and videos. He or she uses the files to extort money from people.” — Ian McClarty, President and CEO of PhoenixNAP Global IT Services The bottom line Overall, you should be on the lookout for several potential identity theft, scam, and data breach trends. Although you may not be able to prevent any of them from taking place in 2019, you can take certain actions to protect yourself. Make sure to see part two of this article series to learn about preventative steps you can take.