Thieves work nonstop to hijack our identities
and steal our credit and assets. Massive data breaches at Equifax, Facebook,
First American Financial, Marriott, Twitter, Yahoo!, and many others in the
last few years have affected tens of billions of accounts. At this point,
assume your personal information has been compromised and is available for
cyberthieves to use.
Here’s advice on the best ways to protect your credit, assets, and identity.
Passwords are the keys to our digital lives, yet many people are careless and sloppy with them. They create simple, easy-to-remember passwords that are easy to crack (such as “abc123” or “password1”) and then use them again and again for all their accounts. “Hackers love this because it makes their life so much easier—if they can snag the password from one of your accounts, they can use it to attack all the others,” said digital security expert Adam Levin. “It’s like having the same key to start your car, unlock your house, open your safe deposit box, and lock your desk at work. Doesn’t make a lot of sense.”
Even the best passwords can be compromised—so opt for multi-factor authentication (MFA), when available. MFA requires a password and at least one other identifying factor that only you should have access to—such as a fingerprint, or entering a code from a text, email, or authentication app—to log in. It’s not foolproof, but MFA can stop most hackers from using stolen passwords on accounts that use them. When it comes to protecting your digital life, MFA provides much stronger protection than even the best passwords alone.
It’s especially important to lock down your retirement and investment accounts, which unlike most checking and savings accounts don’t automatically get regulatory protection from fraud losses, leaving your life savings exposed and vulnerable.
You are largely protected from fraudulent transactions on your credit cards, checking, and savings accounts. Typically, if someone hijacks your credit card, or uses your info to create bogus credit card accounts in your name, you are not liable for those losses. Your financial institution should cover any losses from fraudulent checking or savings account transactions. Contact the credit card company or financial institution as soon as you spot something suspicious.
A credit freeze (also called a security freeze) makes it difficult for thieves to open new accounts in your name by locking your credit report. If potential creditors can’t access your credit file, they can’t generate credit scoring for you, which makes it highly unlikely they would approve new credit card or loan applications, or open new bank accounts to bad guys using your stolen identity info. All your current creditors will still be able to check your file, and a freeze will not negatively impact your credit scores.
Identity thieves love children because they don’t have credit histories. It’s estimated that more than a million children have their identities stolen each year. Armed with your child’s Social Security number (which can be purchased on the “dark web,” where criminals often buy and sell stolen information), crooks can create and exploit a fresh credit history with less risk of discovery. Parents are unlikely to stumble across the problem, or even think to check their kids’ credit reports until their children are old enough to apply for credit.
Your credit report is a key pillar of your financial identity, and it’s the official record of your good payment history that identity thieves ruin when they borrow money in your name and don’t pay it back. Credit unions, banks, credit card companies, insurers, and other possible creditors use scores, derived from your credit report, to set terms and interest rates, and decide whether they want to do business with you at all. So, it’s critical for you to check your credit files at the big three credit reporting agencies to look for fraud, as well as any errors that could hurt you.
Watch your credit
scores:
Your credit scores are three-digit numbers that sum up information in your credit file that potential lenders use to quickly determine whether to approve your application, and if so, what interest rate to charge. While keeping track of your credit score is important, it can also be a potential warning system for identity theft. If, for instance, you have good credit and your score suddenly drops for no obvious reason—you didn’t max out your credit cards or make late payments—that could signal that an identity thief has opened credit card accounts in your name and is not paying the bills. Just remember, monitoring your credit score “is not a substitute for monitoring your full credit reports,” cautioned Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center. Many financial institutions have set up access so their customers can check their FICO scores for free.
Don’t waste money
on identity protection services:
ID protection services cost $10 to $30 a month. But you don’t need to spend that money. You can do much of what a monitoring service does yourself for free. The biggest problem Checkbook has with credit monitoring services is the hype and fear tactics often used in their advertising. For example, many services now claim to monitor the dark web. This sounds impressive, but with so many breaches in the last few years, chances are your personal information is already on the dark web. Even if a monitoring service finds it there, there’s nothing it can do to remove it.
Many of these companies also brag about
covering your losses up to a million dollars. Just more hype. Most identity
theft victims do not have any out-of-pocket losses. When fraud occurs,
financial institutions and credit card companies typically make victims whole,
so any million-dollar promise is basically useless. Most of the hassles caused
by identity theft involve the time it takes to document the fraud, canceling
accounts, and opening new ones. None of this is reimbursable by any identity
theft insurance policy.
Beware phishing
scams and follow other smart security precautions:
Thieves prefer to hack the weakest link in a long security chain, and that link is often you. They’ll “phish” for your login credentials by sending you an email, text, instant message, or online pop-up that looks like it comes from your financial institution, credit card company, or other trusted business. These bogus alerts warn you there’s an “urgent problem” with your account, and you need to log on right away by clicking on a link in the message. Do that—and please don’t—and you’ll land on a bogus website that looks just like the legitimate online portal, where you will be asked to log in to your account. When you do that, the crooks capture your username, password, and any login credentials they can use to break into that account.
You can reduce your chances of falling victim
to a phishing scam by using anti-virus, anti-spyware, and other security
software, and keeping it up to date. But even the best security software can’t
counteract you doing the wrong thing and opening a digital door to crooks. The
reality is: You are the main defense against cyberthieves. You can reduce your
chances of a hack attack by following these two simple rules:
Never click on links or attachments in emails,
text messages, instant messages, or windows that pop up on your computer
screen, no matter how legitimate they look or how ominous they sound. Always
access your online accounts, especially financial accounts, by typing the
legitimate URL into the browser’s address bar—or better yet, by using a browser
bookmark, or the official app for that company or financial institution.
Your credit scores are three-digit numbers that sum up information in your credit file that potential lenders use to quickly determine whether to approve your application, and if so, what interest rate to charge. While keeping track of your credit score is important, it can also be a potential warning system for identity theft. If, for instance, you have good credit and your score suddenly drops for no obvious reason—you didn’t max out your credit cards or make late payments—that could signal that an identity thief has opened credit card accounts in your name and is not paying the bills. Just remember, monitoring your credit score “is not a substitute for monitoring your full credit reports,” cautioned Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center. Many financial institutions have set up access so their customers can check their FICO scores for free.
ID protection services cost $10 to $30 a month. But you don’t need to spend that money. You can do much of what a monitoring service does yourself for free. The biggest problem Checkbook has with credit monitoring services is the hype and fear tactics often used in their advertising. For example, many services now claim to monitor the dark web. This sounds impressive, but with so many breaches in the last few years, chances are your personal information is already on the dark web. Even if a monitoring service finds it there, there’s nothing it can do to remove it.
Thieves prefer to hack the weakest link in a long security chain, and that link is often you. They’ll “phish” for your login credentials by sending you an email, text, instant message, or online pop-up that looks like it comes from your financial institution, credit card company, or other trusted business. These bogus alerts warn you there’s an “urgent problem” with your account, and you need to log on right away by clicking on a link in the message. Do that—and please don’t—and you’ll land on a bogus website that looks just like the legitimate online portal, where you will be asked to log in to your account. When you do that, the crooks capture your username, password, and any login credentials they can use to break into that account.
The most important safety precaution you can take is to create and use strong and unique passwords—a different password for each site—and turn on MFA when offered. Never share usernames, passwords, personal identification numbers, account numbers, or answers to security questions with anyone.
Choose e-delivery of statements and correspondence for your credit cards and financial accounts, and promptly open and review them. Shred discarded financial papers using a cross-cut shredder.
File a report with your local police department. Chances are it doesn’t have the resources to investigate but doing so will document you took steps to prevent future criminal activity and possible financial losses.
