In 2013, 13.1 million consumers were victims of identity fraud or theft. Your identity can be stolen in a variety of ways: by cyber thieves; by unscrupulous vendors; or by those who are pilfering identification cards, bank statements, and other items from your mail box or online. Criminals may also glean personal details in forums like Facebook or LinkedIn and collect useful background data that aids in identify theft. Changes in financial accounts, apparent mistakes in billing, calls from collection agencies, denial of loan applications, and even notices about accounts or jobs in your minor child’s name are a few of the indicators you might be a victim of identity theft.This document addresses some common identity theft scenarios, methods of prevention and ways to recover if such theft occurs.
What is Identity Theft?
As indicated above, identity theft is a serious crime that may have serious consequences to your financial, credit history, and reputation. Identity theft happens when someone steals your personal information and uses it without our permission, often to commit other crimes, such as bank, immigration and employment fraud. It can disrupt your finances, credit history, and reputation, and it takes time, money, and patience to resolve.
Identity thieves might:
- Steal your wallet, purse, mail, or other areas to remove your credit cards, driver’s license, passport, health insurance card, and other items that reveal personal information.
- Go through trash cans and dumpsters, stealing bills and documents that have sensitive information.
- Steal personal information on the job (industry, government, medical, etc.).
- Pretend to offer a job, a loan, or an apartment, and ask you to send personal information to "qualify".
- Misrepresent a legitimate business and trick you into revealing personal information.
- Install "skimmer" devices and pinhole cameras at gas pumps or Automatic Teller Machines (ATMs) to acquire your account information and Personal Identification Number (PIN) on credit cards.
- Exploit computer systems of businesses or financial institutions to steal personal identifying data or credit card information.
- Collect publicly available information from social media sites to use in social engineering.
Identity thieves often use scams involving tactics of "social engineering" (in person, via phone, mail, or email) to trick you into providing personal information. Others use information you place in the public domain that provide opportunities or pathways to acquire your identity. While other criminals exploit vulnerabilities in operating systems or remote access systems such as Automatic Teller Machines (ATMs) and pay at the pump systems to steal credit and debit card information.
How to Protect Your Information
Persistent vigilance on your part can help detect and limit damages caused by an identity thief.
The following are recommended:
- Safeguard your Social Security Number. It is the key to your personal and financial information.
- Protect your paper and physical valuables.
- Don't let incoming mail linger.
- Resist the urge to use your mailbox for outgoing mail (bills and checks are easy to spot).
- Don’t leave your purse in the grocery cart while shopping (it’s an easy target).
- Invest in a shredder and destroy sensitive documents. (Note: Moving to electronic statements and documents further reduces your exposure to physical threats.)
- Cancel credit cards you don’t need.
- Keep your credit card in sight when allowing a merchant to process it.
- Remember to lock your car even if "empty" of valuables (a portable garage door opener and car registration offer quick thieves an easy payday).
- Read your credit reports. You have a right to a free credit report every 12 months from each of the three nationwide credit reporting companies. Order all three reports at once, or order one report every four months. To order, go to https://www.annualcreditreport.com or call 1-877-322-8228.
- Read your bank, credit card, account statements and the explanation of medical benefits from your health plan. If a statement has errors or doesn’t come on time, contact the business.
- Shred all documents that show personal, financial, and medical information before you throw them away.
- Don’t respond to email, text, and phone messages that ask for personal information. Legitimate companies don’t ask for information this way. Delete the messages. At a minimum, ask for a callback number and verify it is associated with the company they claim to represent.
- Create strong passwords that mix letters, numbers, and special characters. Don’t use the same password for more than one account.
- Turn on two factor authentication (2FA) features on every online account that makes that security feature available (visit http://twofactorauth.org for a list of websites which offer 2FA security).
- Similar to 2FA, turn on text message and/or email alerts on your online banking, email, social media, and any other accounts you value so you can quickly address security and fraud issues.
- Regularly review privacy settings on your social media accounts to ensure Personally Identifiable Information is not available to criminals.
- Use encrypted connections when shopping or banking online. An encrypted site has "https" at the beginning of the web address; "s" is for secure. The Electronic Frontier Foundation (eff.org) offers a plugin for Firefox and Chrome called, "HTTPS Everywhere" that will help ensure your are using secure versions of websites that offer it.
- If you use a public wireless network, use a Virtual Private Network (VPN) service if possible on your device and do not send information to any website that isn’t fully encrypted.
- Use anti-virus and anti-spyware software, and a firewall on your computer.
- Set your computer’s operating system, web browser, and security system to update automatically.
- Using credit cards instead of debit cards, if you have the discipline, can also help limit damages from theft. Credit cards typically feature more robust anti-fraud protection and zero liability policies if your credit card is stolen.
- Enable the privacy settings on social media sites to limit your information to those you know.
The Do’s and Don’ts of Social Networking
- Only establish and maintain connections with people you know and trust. Review your connections often.
- Assume that ANYONE can see any information about your activities, personal life, or professional life that you post and share.
- Ensure your family and friends takes similar precautions with their accounts, their privacy and sharing settings can expose your personal data.
- Avoid posting or tagging images of you or your family that clearly show your face. Select pictures taken at a distance, at an angle, or otherwise concealed. Never post smartphone photos and don’t use your face as a profile photo, instead, use cartoons or avatars.
- Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points.
Facebook – Securing Your Profile
Identity thieves use Facebook to retrieve data that can be used to steal your identity or trick a family member or friend into providing their personal identifying information.
It is recommended you secure your profile by using the following settings:
- Log in to Facebook, the "Click Account" located on the top right next to profile. Click "Privacy Settings."
- Decide how private you want to be. Click on each tab and look at the dots for each one – the dots show who can see that aspect. We recommend you choose "Friends Only". Then Click "Apply These Settings" in the bottom right corner.
- Uncheck the "Let friends of people tagged in my photos and posts see them" box. This ensures that only your friends are able to see posts and photos that you tag.
- Click the "Customize Settings" link under the box you just unchecked. This will allow you to further edit your Facebook settings.
- Decide how private you want certain things to be by selecting from the drop-down menu.
- Hide certain people or networks from seeing your information. Click "Customize" from the drop-down menu. Choose "Friends Only", uncheck any networks you don’t want to see your photos (remember that when this is checked it means that ANYONE in the network can see that piece of information, not just your friends in the network). Type the names of any person on your fiends list you don’t want to see your info.
- To make a certain piece of information visible to only a couple of people, click "Customize" from the drop-down menu. From the next drop-down menu, choose "Specific People". Then, type the name of the people you want to be able to see the info. As long as your networks are unchecked, only those to whom you grant permission will be able to see that piece of information.
- Change your photo privacy settings. Click on "Edit Privacy Setting" for existing photo albums and videos at the bottom of the "Things I Share" section. Choose the appropriate settings for each album. Use the drop-down menu as you did for the previous steps. Click the "Back to Settings" button in the upper left corner when you are done.
- Preview you profile. This feature allows you to view your own profile as if were someone else. Click "Preview My Profile" in the upper right corner. Type the name of the person’s view you want to check and press enter.
- Click "Back to Privacy Settings" to make any necessary changes. Now you are more secure.
LinkedIn – Securing Your Profile
Identity thieves will also LinkedIn profiles in the same way they use Facebook to target you and your family and friends.
Below are some things we recommend to protect your password security and privacy:
- Change your password every few months. Don’t use the same password on multiple accounts or works from the dictionary. Passwords should be more than 10 characters and be comprised of upper and lower case letters, numbers and special characters. Never give your password to others or write it down.
- Limit the contact information you share in your profile. LinkedIn is designed to share your professional life and make contacts that can help your career; however, you might not want some of your information shared. Click "Edit Profile" link from the "Profile" menu at the top of your LinkedIn home page. Scroll down to the "Personal Information" area and click the "Edit" button. Select and remove any information you don’t want open to the public.
- Turn on LinkedIn’s secure browsing mode. Click on the triangle next to your name in the top-right corner. Click "Settings" link from the drop- down menu. Click "Account" tab in the bottom-left corner of the screen. Click on "Manage Security Settings" and check the box that says "When possible, use a secure connection (HTTPS) to browse LinkedIn in the pop-up box that opens". Click "Save Changes".
- Consider limiting the information in you public profile. Click on the triangle next to your name in the top-right corner. Click the "Settings" link in the drop-down menu. From the "Profile" tab at the bottom of the screen, choose the "Edit Public Profile" link. In the "Customize Your Public Profile" box on the right side of the page, uncheck the boxes of the sections you wish to remove from public visibility.
- Review your Privacy Control Settings and make changes as needed. If you aren’t comfortable with people seeing your activity feed or knowing that you’ve viewed their profile, consider limiting access to your feed and/or setting the "Anonymous" profile viewing mode. These settings are available in the "Privacy Controls" section of your "Profile" tab.
Other Things to Consider…
- Where possible use two factor authentications on services where it is offered. Many financial websites and Google offer two-factor authentication.
- Go paperless with your bills and financial statement. It lowers your profile and chances someone will steal this information from your mail box or trash (if it is not shredded).
- If possible, use credit cards instead of debit cards. Credit cards frequently provide better protection as fraudulent charges will likely be removed from the account, while debit cards provide less protection. With debit cards they will disable the use of the card, but funds stolen before the reported as fraudulent are not likely to be reimbursed.
- Where offered, enable text or email notification of suspicious activity on you accounts.
- If you suspect you are a victim of identity theft, your CISO Team can offer advice and assistance in filing an Identity Theft Report.
An Identity Theft Report can help you get fraudulent information removed from your credit report, stop a company from collecting debts caused by identity theft, and get information about accounts a theft opened in your name.
To create an Identity Theft Report:
- File a complaint with the FTC at ftc.gov/complaint or 1-877-438- 4338; TTY: 1-866-653-4261. Your completed complaint is called an FTC Affidavit.
- Take your FTC Affidavit to your local police, or to the police where the theft occurred, and file a police report. Get a copy of the police report.
College students who are the victims of identity theft should visit http://www.ed.gov/about/offices/list/oi g/misused/index.html to ensure no rogue college loans were opened using their information.