In a previous post, we identified the top reasons that put you at risk for becoming a target of savvy identity thieves. In this post, we will examine the first 5 rules in a set of 10 that you can take to make sure you never become a victim of these criminals. To view our previous post in a series on Identity Theft, please see the post titled “The 4 Major Signs that you are At Risk of Identity Theft” on the 760Credit Blog.
Since it is clear that identity theft is only going to grow in scale as more and more of our lives are lived online, it is important to take the same preventative steps that you would take in securing valuables in the physical world. You wouldn’t leave an unlocked car full of valuables in plain view in a crime-ridden section of town, so why leave your good name and credit score open to malicious hackers and ID thieves? The good news is that there are some simple steps that you can take to virtually eliminate your chances of falling victim to an ID theft scheme.
Rule 1: Know the Companies that you Transact Business with
This is one of the easiest ways to prevent identity theft from happening to you, and all it requires is some simple due diligence before entering into a business relationship with a party that you do not know a whole lot about.
For instance, you may be driving down the street and notice a furniture store with a large promotional sign that says, “No credit check! You are already approved!” In this case, the furniture company, in an effort to boost a downtrend in sales, has partnered with a lender that specializes in high-interest lines of retain credit for people with limited or bad credit. While this can work wonders for you in terms of rebuilding your credit, it is always wise to take a step back, sit behind your computer screen, and do a bit of “web detective” to check out the lender before you hand over all of your personal identifying information. In general, these companies that offer this type of lending should only be used in a very limited capacity anyway, because of the high interest rates that are usually a part of any “no credit check” financing. However, when you are building your credit, sometimes it makes sense to get a small line of credit from a lender like this. First, though, make sure that they report to the 3 major consumer reporting agencies and that they furnish you with all of the information required by federal law, including “TILA” forms and payment schedules/amortization forms. If they do not give you everything that is required by federal law, this should be a red flag to you.
All new business relationships should come with the caveat that you will have to research the company before you enter into it. Any time you enter into any transaction that requires you to give your SSN, date of birth, address, and phone number; make sure that the business is legit and that you have a clear understanding of how this information will be used. Spending a few hours researching a business entity could possibly lead to saving you from fraud, and in the event that the company is completely legitimate, this research will still serve to allow you to enter the business relationship as an informed party.
Rule 2: Credit Freezes are your Friend
One of the most important tools available to you as a consumer to protect you from falling victim to an identity theft scheme is the credit freeze. This tool puts a hard stop on any and all credit account openings during the period of time that the freeze is in place. When you want to open a new credit account, you simply call the bureau and request a “thaw” that will allow you to enter a code that only you have in order to apply for an open a new account. Furthermore, while charges used to apply each time you asked for a thaw, recent changes in federal law have eliminated such fees and charges. For a detailed look at the process involved with a credit freeze, there is no better place to go than the Federal Trade Commission, where you can find answers to any questions you may have about how to utilize this powerful tool. While many people wait until they have become the victim of identity theft to put a freeze on their credit, this does nothing for prevention. Instead, being an informed consumer with a credit freeze in place from the start will go a long way to ensure that you never become a victim of ID theft in the first place.
Rule 3: Shred Everything, No Matter How Small
Did you know that your debit/credit card can be used as a valid form of identification at many places, including banks? This means that if an ID thief gain possession of an old debit card that you have thrown away without shredding, he/she can use it in conjunction with another form of ID, like a piece of mail with your name on it that has been forwarded to them via change-of-address in order to open up a bank account or a line of credit with your name. If the thief has come to have a copy of your birth certificate, which is fairly easy to do, then he/she can use the intact debit card in conjunction with the birth certificate to apply for a duplicate Social Security card. Then, once he/she has the SS card, then the combination can be used to obtain a duplicate ID or driver’s license. Then, with not much effort at all, the criminal is now able to fully assume your identity, complete with government-issued photographic identification with their picture on the face. For this reason alone, it is not enough to simply shred your personally identifying mail. Instead, anything that is linked to your financial identity in any form should be shredded before making it to the trash. This goes for your monthly bills, your pay stubs, CDs/DVDs with this information stored in electronic format, and old credit/debit cards should all be mutilated before they are thrown away.
Rule 4: Look into a Professional Identity Protection Service
The prevalence of identity theft has allowed for advances in technology to develop on both sides of the ID theft coin – the criminal side and the prevention side. As such, agencies that offer preventive and curative services for victims of ID theft, such as those offered by Lifelock, have developed methods for searching for breaches of your personal information in the best place to look – the “Dark Web.”
The Dark Web is a fully encrypted network that operates the same way as the internet we all know and love, but focuses on anonymity and privacy of those who use it, being as the majority of what occurs on Dark Web sites is illegal. For instance, when large business data breaches occur, if you know where to look, you can find people selling thousands of credit card numbers, expiration dates, and security codes for literal pennies on the dollar. These wholesalers of stolen identification information also make it a point to sell batches upon batches of complete personal identifications, including name, date of birth, SSN, driver’s license number, and even physical features. Companies like Lifelock have dedicated technology and personal agents that know the Dark Web very well and are able to scour these illicit sites to look for your information in particular. If it is detected, you are given an alert and can opt to immediately freeze your credit if something like this ever occurs. The other services that these companies offer, such as 24/7 monitoring of your credit file for changes can be part of credit monitoring services, but when it comes to the Dark Web, where most cyber identity theft occurs, services such as LifeLock and their competitors, such as Identity Force.
Rule 5: Change Passwords Frequently and Regularly with a Hint of Complexity
It goes pretty much without saying that you should keep your online passwords to yourself and stored in your brain or in a very safe location that no one but you can access. However, how you choose your password is just as important as how you protect it. The best advice that a cybersecurity expert will give you regarding your passwords would be:
a. Keep it complex and random.
b. Change it frequently, between weekly and monthly, depending on your usage and interaction with others online.
Malicious hackers can gain access to your password by using several different software packages, one of which is known as “brute force.” This will test all possible combinations until one is accepted and thus, the password will be revealed. The main drawback for using a brute force tool is that it is can take a very long time if the password is random and complex enough – even years, in some instances. However, it is precisely the lack of randomness and complexity that most users engage in when choosing their password that makes such an attack viable.
By nature, people want to choose things that they are familiar with when selecting their password. A new father may choose his baby daughter’s name followed by a series of number, most likely the year she was born in. Someone familiar with this person would likely be able to crack the password in less than 10 minutes, but even some online ID thief who has never met the man could easily ascertain such a password by simply navigating to the proud new dad’s Facebook page. Once the thief identifies something important to the target of the hack, the software can use this as a starting point for including/excluding possible combinations. This eliminates the time required for the brute force attack to run, which makes it a viable option “just like that”!
However, if the proud father understands good rules of password protection, perhaps he sets his password to something like 23F3#$@K%Dr%76(9(), it would literally take thousands of years to crack it, which effectively means that it is cannot be broken. Then, by changing it at random intervals, you only increase the security.
It is important to note that we spent so much time discussing the importance of your password habits because stolen passwords are one of the top reasons that people lose their identity. As an example, let’s assume that you are a Google Gmail user and that all of your personal identifying emails comes to your Gmail address. Then, an ID thief gets your Gmail password, which not only opens up Gmail but all Google services. Next, after looking through your e-mail, he heads over to your credit card company’s website and clicks on “forgot my password.” At this point, some identifying questions may be asked, but the thief would already know this information before attempting the change in the first place. After doing this with all of your financial accounts, the thief would now be able to forward all of your mail to the destination of his choice, ask for a duplicate credit card to be sent there as well, and literally change anything and everything that you have passing through this email address. While he’s at it, he can linger around in your inbox a tad bit longer until verification emails are sent and verify that the change was made as a result of your actions. At this point, the person has basically become you, and all of this has occurred as a result of being less than prudent with your password habits. As a result, one simple mistake can put you into years of ID theft purgatory.
As crimes related to identity theft become more and more common, the more likely you are to become a victim of this terrible crime. Even worse, as the crime spreads, the finite resources of law enforcement mean that prosecutions of the offenders will become less likely to be successful. Because of this, it is up to you to make sure that you build walls up around your good name and identity to make it as close to impenetrable as you possibly can. By utilizing the preventative measures outlined above, you can accomplish this, making it much more difficult for a would-be thief to steal the information required to steal your identity. The more difficult it is to steal your information, the more effort must be exerted by the criminal; and since criminals look for the easiest approach to their crime by their very nature, stealing your identity becomes less likely. While there will always be factors out of your control, such as massive data breaches, incorporating these prevention methods into your financial dealings will make you a harder target to crack.
1. Federal Trade Commission. Credit Freeze FAQs. Retrieved from https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
2. Lifelock. Product page link. https://www.lifelock.com/.
3. IdentityForce. Product page link. https://www.identityforce.com/.
4. 760Credit Blog. The Top 4 Signs That You Are at Risk for Identity Theft. Retrieved from https://760credit.biz/top-4-major-signs-you-are-at-risk-for-identity-theft/