Safeguarding Your Information from Identity Theft
Where Is Your Information Kept, and How Can You Keep It Safe?
People often do not realize how much information about them is publicly available on the Internet or from public records. Be careful what you post on Facebook and other social media. In particular, be careful about posting such information as your birthday, age, and names of relatives that you may use to answer security questions.
School directories often contain information about children that can be of value to an identity thief, such as dates of birth. The federal Family Educational Rights and Privacy Act (FERPA) gives parents the right to opt out of such publications. This should be done in writing. You may have additional rights under state law.
As noted in the previous chapter, approximately 75 percent of identity theft involves nonelectronic means of obtaining your information.
Lock financial documents and records in a safe place at home.
When discarding mail that contains account numbers and “preapproved” credit offers, shred it instead of just putting it in the trash. Also shred any other financial information you no longer need.
Use a locking mailbox, and collect incoming mail promptly. If you have mail pickup from home, don’t use it for financial mail; put such mail in an actual postal mailbox.
TIP
Protect your Social Security number. Do not carry your number, and do not write it on a check. Commit it to memory. Do not give it out unless absolutely necessary.
If no one will be home for several days, have the post office put a hold on your mail deliveries.
Try to use a limited number of passwords for financial accounts or computers that contain personal information that you can commit to memory and cannot be guessed by someone who has information about you or your family.
CAUTION
Never write passwords or personal identification numbers (PINs) on access devices.
Keep a list of financial institutions and account numbers in a safe place that can be readily accessed by you and you alone.
Remove and shred labels on prescription bottles before discarding them.
Being Safe Online and on the Telephone
Unless you know whom you are dealing with (i.e., you clearly recognize the caller by voice), never, ever, provide information in response to unsolicited calls or e-mails. “Phishing” scams (inquiries by scammers purporting to be banks, government agencies, or others for the purpose of stealing your personal information) and “pharming” scams (diverting someone seeking a website to one with a similar address operated by the fraudsters) are common and fool a remarkable number of even sophisticated persons.
If you receive an e-mail or telephone inquiry purporting to be from a financial institution or medical provider you deal with, do not respond directly. Instead, contact the institution at the number/address on the company’s statements or its website or that you know belongs to the institution, and ask if the inquiry is in fact from the company.
CAUTION
Do not click on links in e-mails purporting to have pictures or information. This is a common trick used to install malware, viruses, and spyware on computers.
Beware of communications from persons purporting to offer “free” goods or services but requesting financial or insurance information. This is indicative of either phishing or a telemarketing scam. After all, if something is really free, they don’t need such information.
Refrain from using obvious passwords (i.e., date of birth, family names, or the last four digits of your Social Security number). Do not have so many passwords that you need to write them down. Pick one or several totally arbitrary combinations of numbers and letters that you can reliably commit to memory.
Although some have advised that passwords should be changed frequently, this tends to encourage writing down passwords and the use of “weak” passwords that can be remembered easily. A better idea is to have a very “strong” (completely arbitrary) password, memorize it, and don’t change it very often.
CAUTION
Do not send personal information on a public Wi-Fi network in a store, library, airport, or other public place. It can be readily intercepted.
Be careful what information about yourself you post online. An identity thief can use the information to answer “challenge” questions on accounts. If you can select challenge questions, don’t use any for which the answer can be found online.
Use antivirus and antispyware software and a firewall, and update them frequently. Hackers use malware to obtain passwords and personal information from computers.
If you receive inquiries or offers or business opportunities that appear “too good to be true,” often by e-mail or fax, they probably are. People are still fooled by the “Nigerian 433” scam (named after a section of that country’s penal code), in which they are asked to provide banking information so that they can receive a commission for laundering money for a person located outside the United States.
NOTE
Banks are required by law to make funds available within a relatively short period of time. If the check is returned afterward, and the proceeds have been withdrawn, the person depositing the check is liable to the bank.
Do not engage in transactions that involve depositing checks or other instruments for others and giving them part of the proceeds. The transactions are often scams, and the checks are counterfeit or altered. It is difficult to conceive of a legitimate reason why you would be asked to do this. We nevertheless see repeated complaints from persons fooled into doing this, often by persons whom they do not know well enough.
WARNING
Avoid scams involving the deposit of checks and payment of proceeds to another. You warrant to the bank in which you deposit a check that it is good. The bank does not warrant anything about the check to you.
We receive many inquiries from persons who are victims of such scams and complain that the bank did not alert them to the fact that the check they were presenting was counterfeit. Unfortunately, there is generally no obligation on the part of the bank to do this. A person depositing a check warrants to the financial institution that the check is valid and will be paid. The bank accepting the deposit does not warrant anything. The law places the burden on the person receiving and depositing the check to know why he or she is receiving it and whether it is good.
Watch What You Put in the Trash
Shred receipts, credit offers, credit applications, insurance forms, medical statements, checks, bank statements, credit card statements, expired credit and debit cards, and similar documents containing financial information before you throw them away.
TIP
Consider opting out of prescreened offers for credit and insurance. You can opt out for five years or permanently. Call 888-567-8688, or go to http://www.optoutprescreen.com.
Before disposing of a computer or mobile device, remove or overwrite the memory device so as to delete your personal information permanently. Many discarded electronic devices are shipped overseas for parts, creating a significant risk that a crook will try to extract usable information from memory devices.
Destroy labels on prescription containers before you throw them out. Medical identity theft is an increasing problem, and the information on prescription labels (names of medical providers and drugs you take, which often indicates your medical conditions) can facilitate it.
Use Discretion in Private Places
Keep information such as your Social Security number, date of birth, personal identifying numbers, passwords, banking information, and account information secure from outside employees such as housekeepers or cleaning persons working in your home. If possible, keep it under lock and key, or don’t write it down at all. Again, 75 percent of identity theft involves physical misappropriation of financial information, often by persons you trust.
Monitor Your Bank and Credit Card Statements and Credit Reports
Review your bank statements, credit card statements, and other financial statements carefully, periodically, and routinely. Look for unexpected activities or items that are not yours or that you don’t recognize. Monitor when statements arrive. If you do not get a statement when you expect it to arrive, check—diversion of statements is one sign of identity theft.
If you notice items on your statement that you didn’t make or cannot recognize, contact your financial institution immediately, following up in writing. In the case of a credit card or debit card account, label the letter a “billing error notice.” Make sure you put your name, address, and account number on the correspondence. If it appears that the transaction is the result of identity theft, as opposed to an accounting error by the financial institution (these do happen), file a formal complaint with your local police department, and provide any necessary information they request.
CAUTION
Review bank statements promptly, and notify the bank of unauthorized or erroneous transactions immediately. If you do not get a bank statement when you expect one, contact the bank immediately as well. Otherwise, you may be liable for the transactions.
Often, banks are entitled by contract or statute to prompt notice—thirty or sixty days after a statement is sent—of any unauthorized or erroneous transactions. Courts generally enforce such requirements. We receive many complaints from people about unauthorized debits that occurred over a period of a year or more, and there is often nothing that can be done.
If you fail to provide notice to the institution of an unauthorized transaction, not only the particular transaction but subsequent transactions of the same nature may be considered authorized or to be the result of your negligence—and thus your responsibility. It is therefore critical that you look at financial statements immediately upon receipt and notify the financial institution of anything you do not recognize. If you give oral notice, follow it up in writing.
If you do not get a statement when you should, contact the institution and arrange to get one. In fact, redirection of statements is one means of carrying out identity-theft crimes.
Note that you do not have to be certain that a transaction is unauthorized to question it—if you do not recognize a transaction, it is perfectly proper to write and state that you cannot identify the transaction and request a copy of the documentation for it so that you can see if it was proper. Doing so protects your rights as long as you inform the bank whether or not the transaction is yours upon receipt of any documentation. If the bank is not able to provide documentation, it has to reverse the transaction.
People who do not review statements and are victimized by identity theft incur an average loss of nearly $20,000. When people who promptly review their statements are victimized, the average loss is less than $6,000. Furthermore, because limitations on liability are conditioned on prompt notice, the people with the $20,000 losses may bear some or all of it themselves.
Summary
In order to minimize the risk that you will become a victim of identity theft, it is important that you safeguard your information and avoid questionable transactions.