23030.png
Chapter 4 – Prevention — 99 Tips for Protection From Identity Thieves

Imagine that your identity is stolen. Let us assume that the criminal was smart and really took you for all you are worth. You lose thousands of dollars out of your savings account. Ten credit cards were opened in your name, with purchases totaling over $50,000. Your credit score may well have been flushed down the drain. In fact, the FBI has a warrant out for your arrest and armed officers show up on your doorstep to arrest you. How could this have happened?

You may never know. Somehow, your social security number and other crucial information, like your address and birth date, became common knowledge. The really upsetting issue here is that, no matter how your identity was stolen, by taking a few extra precautions it could have been avoided. In most cases, criminals are not that smart. Victims are just naïve about their identity and how to protect it.

The fact that you are even reading this guide is a good sign. It means that you are ready to be on the offense about your identity, which is the smartest thing you can do. As a victim, your options are really limited. It can take years — decades even — to clear your name after your identity is stolen. Even then, you may find it impossible to obtain certain clearances. An identity theft is a black spot on your name for life.

The following is a comprehensive list of tips for protecting your identity online —prevention before it is even stolen in the first place. Keep in mind that the face of the Internet is changing every day. Criminals are coming up with new ways to steal your identity. So, although this is a list of the very best prevention tips, you should always keep up with consumer credit news. That is tip number one:

1. Stay up-to-date with all the new ways people are trying to scam you —and learn what you can do to stop them.

The following tips are separated into categories to help you remember them. However, do not make the mistake of thinking that certain categories do not apply to you, because they do. Use all these tips to protect your private information.

Passwords and Pins

2. If you have the option to use a PIN or password, take it. Check with your different accounts — some allow you to set an extra password or use another PIN for an extra level of security.

3. Choose a password that you do not have to write down. Some people like to keep a file hidden on their computer, listing passwords for various sites. This is super dangerous. No matter how well you think you have that file hidden, a hacker can find it. Writing it down on a piece of paper somewhere is just as dangerous. Make sure that the only place you have the passwords to your accounts is in your memory. After all, if you forget them, you can always go through an identification procedure to recover your password. That process is much easier than dealing with identity theft.

4. Do not use a password that can be easily associated with you. Yes, it is hard to remember a random password, but your address, your middle name, your birthday, and your phone number are the first things people will guess. Pick something totally random. Here are some ideas for good passwords and some examples of bad passwords — keep in mind that each should also include special characters and numbers:

Examples of Passwords

Good

Bad

Your pet’s name

Your screen name

Your favorite movie

Your mother’s maiden name

Your favorite number

The last four digits of your phone number

A town where you grew up

Your social security number

An activity you enjoy

Your spouse’s name

The time you were born

Your birthday

Your boss’s last name

Your own last name

Your favorite color or song

Anything generic (like “admin” or “test”)

A day of the week

Your address

The more random the better when it comes to passwords. Choose something you can remember, but focus on security as well.

5. Choose a different PIN or password for everything. Again, this is more difficult to remember, but it will be harder for identity thieves to crack into your life if you use lots of different passwords.

6. Resist the urge to use a variation of the same password as well. For example, if your PIN is 4297, do not make your e-mail password “44229977” and an online account password “amy4297.” Once an identity theft cracks the first password, this is the password he or she will try for every account you have. When that does not work, he or she will try variations next.

7. Remember, when you sign up for an account online, such as registering for a forum, the owner may be able to see your password, so it is especially crucial to use something different in these cases. Try to think of your information in terms of “sensitive” and “non-sensitive.” Yes, it would be annoying if someone logged into a message board to post under your name — but it is not as big of a threat to you when compared to someone figuring out the password for your online banking account. Here is a list of what is sensitive and what is not:

Examples of Passwords

Sensitive

Not Sensitive

E-mail accounts

Hobby message boards

Gaming sites connected to an account

All other gaming sites

Paypal or online banking accounts

“Play” banking (stock market games)

eBay profiles

MySpace profiles

Blogs where you are the admin

All other blogs

8. Use a password with at least eight characters. If you can use more, do so. However, avoid using a single, long word. Think about it — say you use the password “excalibur.” If a thief figures out “e-x-c-a-l” and knows that your password is nine letters long, it will be fairly easy to guess the rest. Here are some examples of good ways to use long words:

• With a number or special character in the middle of the word (excal23ibur)

• With half of the word, but not the whole word, backwards (excalrubi)

• Spelled incorrectly (excallyber)

• With numbers or special characters replacing letters (exca!ibur)

• With all the vowels moved to the end of the word (xclbreaiu)

• Flip-flopped (iberexcal)

• Moving your fingers one key to the right or left (rcvs;onit)

9. To go along with the above hint, no matter how many characters you use, mix it up. Choose both numbers and letters and, if possible, special characters (such as * or !).

10. Use both upper and lowercase letters if the account allows it. The more variety you use with your password, the better. Think about using uppercase letters in unusual ways. Instead of in the beginning of a word (Excalibur) or every other letter (ExCaLiBuR), which people commonly do, try something like exCaliBur.

11. Chose your secret questions and answers wisely. Most sites will give you a choice. Do not choose your mother’s maiden name or your spouse’s middle name. This is information that is readily available for those who really want to find it. Even your pet’s name is at risk if a thief accesses records at a vet’s office. Chose an answer that very few people other than yourself would be able to answer, such as your favorite teacher’s name. If you can make up your own question, make it even harder. A good question, for example, would be “What is the mascot of your favorite team of your favorite sport?” Stuck on thinking of a question? Here are some great ones you can use:

• Who was my best friend in third grade?

• What was my least favorite subject in school?

• Who was my first boss?

• What is my favorite band’s first album called?

• Where did I go for vacation in 2005?

• What food do I like to get at my favorite restaurant?

• What is my favorite alcoholic drink?

• Where was my best friend born?

• How many friends came to my last birthday party?

• What was my son for Halloween last year?

• Who is my favorite movie star?

• What was my grandmother’s favorite thing to bake?

• Who was my role model as a child?

• What 80s fashion do I wish we could bring back?

Have fun with it! Try to think of a question to which you will know the answer right away, but which will stump anyone who does not know you well. Beware of secret questions that have a limited number of answers. For example, if you use “Who is my son’s favorite Ninja Turtle?” anyone trying to steal your identity will not have to know the answer — they will just have to guess four times.

12. Do not save your passwords — clear your cookies (cache) every time you shut down your computer. This is especially crucial if you have a laptop that you use outside your home. It is fairly easy to steal something so small and compact like a laptop bag.

13. Change your passwords every six months. Some accounts will prompt you to do this, but many will not. Take matters into your own hands and simply spend one minute making a new password. In fact, you may want to note it on your day planner or calendar. Get on a schedule for changing all your passwords to keep them protected.

14. Limit those who have access to your password. In fact, unless you share an account with a spouse, do not share that information with anyone. Some of the most tragic cases of identity theft are those in which the victims know the person stealing the identity. Children, spouses, other relatives, and close friends may all be desperate enough to steal your personal information. Do not let your guard down, even around people you think you can trust.

15. If you verbally use your PIN or password, such as you may need to do to verify your account over the phone, change it immediately afterwards. There may have been people who overheard your conversation, and you must also be aware that the operator who verified your info now has it. In addition, telephones are not completely secure. It is still possible to pick up reception from other conversations. It does not happen often on its own, but if you know what you are doing with electronics, you can figure out how to intercept and pick up other conversations.

16. Set up a special e-mail account that you can use purely for confirming registrations for non-sensitive sites like chat rooms and online celebrity fan sites. The more you can keep these Web sites separate from the ones that really matter, like your online bank account, the better.

17. An Extra–Long Tip: Make Your Password Something That You Can Remember!

Why do so any people use passwords like “Name123” that are extremely easy for identity thieves to crack? One reason – they are easy to remember. Many people are worried that they will forget important passwords, especially if they change them all of the time. It’s true – passwords can be difficult to remember. That is why most sites have “backdoor” methods for getting into your account – by answering a question, you can gain access to your account. However, this is not always the case, and, even if it is the case, forgetting your password every time you log into a site can really waste a lot of time. Therefore, it is important to create a password that you can actually remember. Following are some tips for creating great passwords…but ones that you can remember.

18. Have a theme to all of your passwords that makes sense to you but would be hard for anyone else to guess. For example, your “theme” might be “girls on my high school field hockey team.” As much as they searched, few thieves would come up with that list of names. However, if that is easy for your to remember, use the names and numbers of all of the girls you played field hockey with as your passwords for a site. So, when you change from Debbie29Myerson to CandiceCandySmithstone26, you will have a little kick start to remember how you changed it. Give each password site a theme like this – just do not use something that is common to everyone. For example, “places I’ve been and the years I traveled there” is a good theme. “fruits and their colors” is not. Paris1985Texas is a much better password than yellowbananas.

19. Save your passwords in a master document. Yes, this sounds like a bad tip, but it can be a good one – if you password protect this document, as well as hide it on your computer. Do not use the word “password” or “username” anyways in the document, including in the name, which will make it hard for anyone to search for it. Reserve a very, very high level password to protect it. Change this password weekly, if not more often. Yes, you will have to remember this one password – but remembering one is easier than remembering 20 or 30.

20. Create passwords for each site based on a song or poem, using lines. For example, say you used the song “Jingle Bells.” The first line of that song is “Jingle Bells, Jingle Bells, Jingle all the way,” which has eight letters and 39 characters. Your first password for a site could be “jbjb8jatw29”. The second line of the song is “Oh what fun it is to ride” (seven words and 19 characters), so when you change your password, you can make it “owf7iitr19”. Use a different song for each site where you need a password. It is a great way to create very hard passwords that are easy to remember.

21. Think of a number you can remember and a password that you can remember that has ten letters. Let us say, for example, that you use your phone number (seven digits) and the word “bookkeeper”. Each letter in the word is numbered (1-b, 2-o, 3-o, 4-k, and so forth) and then you use your secret number to rearrange the letters. So, if your phone number is 555-2984, your password would be kkkoepk. Add in a number you can remember to make it a bit stronger and you have an excellent password.

Protection from Hacking and Spyware

22. Make sure you have an anti-virus program on your computer, as well as anti-spyware protection. Symantec is a really good option, or you can ask a professional for help in choosing the best program.

23. When available, download updates from your anti-virus company. Computer hackers are evolving every day, so protection programs have to constantly update to stay a step ahead. You should get automatic notifications to your e-mail or on your desktop when new updates are available. Download immediately.

24. Do not download anything from the Internet unless you know exactly what it is. Many times, spyware is disguised as anti-spyware programs meant to protect you.

25. If you meet someone online, do not download anything from them, including a picture they want to show you or a song they want you to hear. Instead, ask that they upload the picture to a free online photo site and send you the link or find the song on YouTube and allow you to listen to it that way.

26. Stay away from P2P (Peer to Peer) online file sharing Web sites. This can be very dangerous, as you can never be sure what you are downloading along with the file. In addition, many files shared in the Peer to Peer world are not legally allowed to be share. You can receive fines of thousands and thousands of dollars for downloading things that are copyrighted, like songs.

27. If you want to use a credit card online, make sure the site is secure first. Otherwise, the message could be caught and used. When is a site secure? When it is encrypted. Encryption should be used whenever you send an e-mail as well. Basically, what encryption does is scramble your message (an e-mail, a credit card number, etc.) so that, if it is intercepted, it cannot be read. Only the intended receiver can read the message. All you have to do to ensure that a Web site is encrypting your information is look in the lower right-hand corner of the Web browser’s screen. If you see a little lock, you are safe.

28. Ask questions. If you are unsure about a site’s encryption methods or want more information, call the company before using your credit card online. If they will not answer your questions, you can always buy the item somewhere else or mail a check instead. Here are some great questions to ask if you cannot find the answers online:

• Has your site had any problems in the past?

• Will I be e-mailed the transaction details?

• What encryption methods do you use?

• Who can see my account details?

• How long has your site been in operation?

• How will you be alerted if there is a problem?

• How will I be alerted if there is a problem?

• Who is responsible for charges if there is a security problem on your site?

• How long do you keep my information?

• If I request a refund, will it be charged to my card?

If the Web site is at all ambiguous, save your shopping for another day.

29. Consider purchasing a program than encrypts the files on your computer as well. The Web company Pretty Good Privacy (www.pgp.com) sells fairly inexpensive software that allows you to “lock” your computer. It is a good idea if you will be traveling, using a laptop at college, or otherwise are afraid that your computer could be stolen.

30. Use a firewall to alert you before your computer automatically downloads anything or to prevent suspicious downloads altogether. Most anti-virus or anti-spyware programs have a firewall system, but you may have to manually set up that part of the program. Otherwise, the settings may not be optimized for you and your needs.

31. If you choose to connect to a wireless network, make sure that network is secure. You should need a password or PIN to log onto that network. If you are going to set up your own wireless network, make it a secure one.

32. Use a single credit card for buying things online. Keep the credit limit on this card low and patrol it often to make sure you do not see any weird activity. Avoid using a card with a high limit, using a debit card, or using multiple cards for online activity.

Avoiding Online Scams

33. Only do business at auction sites that have a good reputation, like eBay. These sites offer the most support when something goes wrong and have taken measures to prevent scammers from succeeding. At the very least, you can be assured that the site itself will not scam you. If you are unsure about a site, here are some questions you may want to ask. Use the site’s e-mail system, call the provided phone number (there should be one), or scan the FAQs (Frequently Asked Questions) for answers:

• How long has this site been running?

• Who is in charge (get a name, address, and phone number)?

• How many members are participating as buyers or sellers?

• Have there been any online scams on this site in the past?

• What encryption methods do you use?

• When I sign up, who gets to see my password and credit card information?

• Will I be e-mailed if there is any account activity?

• What kind of rating system is used for sellers?

• Do you have a site-wide escrow service available? If so, who runs that service and how long has it been in operation?

• What happens if there is a security problem?

• Who do I notify if my item is not what I ordered?

• What do you do if my item is not what I ordered?

• How do I report a problem?

34. Use an escrow service with large purchases. Sending money orders is a way to prove you made the payment, but it does not guarantee you will get an item. An escrow service will hold your money and/or the item and then distribute the money and item to both parties. Using a third party like that prevents anyone from not paying or from taking the money without sending the items.

35. Make sure that the escrow service you use is a reputable one. Be very, very, very wary of using an escrow service you have never heard about. It could simply be a makeshift Web site intent on collecting your credit card number. In most cases, large Web sites that run auctions and other bidding services where members trade items provide an online escrow service. While there is usually a fee for using this service, if it is run by the auction site itself, you can at least know that it is reputable. Suggest using this service and, if the other person refuses, be a bit wary of doing business with that person.

36. Check out user ratings before you buy anything from an online auction. This is not a guarantee, but it is a good way to at least spot suspicious activity. Be careful of any seller who has a low rating or is suddenly selling a very expensive item after hundreds of very small items.

37. If you receive an e-mail asking for any kind of personal information, do not reply or follow any links to Web sites. Instead, call your financial institution to make sure the e-mail is real. Financial companies will rarely e-mail you to ask for information.

38. Never reply to any e-mails saying that your account has been suspended or frozen. Again, call the financial institution to respond to such e-mails.

39. When you call a company to confirm an e-mail, make sure you use a phone number that has been confirmed as correct. Better yet, stop in at a brick-and-mortar office building if possible. Do not use any phone numbers or e-mail addresses that have been included in the e-mail you have received. 99 percent of the time, these will just lead right back to the scammer who will confirm that they are legitimate and ask for your personal information once again.

40. Use a bulk mailbox folder. Keep your settings as aggressive as possible and simply check it every day to look for legitimate e-mails that appeared there by mistake. It is much easier to think of your bulk mailbox as a “holding ground” for “possible spam.” If you keep on track by checking it every day, you should not have a problem with build-up. After a few days, you will be able to scan rather quickly. Non-spam e-mails will stick out like a sore thumb.

41. If any spam e-mail ends up in your inbox, mark it as spam so your computer can learn which IP addresses are spam. Computer programs are “smart,” which means that they do learn if you allow them to do so. By marking items as spam, the computer will learn. You may also protect others who are receiving the same messages.

42. Use a filter program on top of the one that your e-mail service provider gives you. There are a number of good products on the market. Avoid downloading any you have never heard of or are “new,” as they could contain spyware. Instead, look for a program made by one of the major companies, like Microsoft®, or look for a product that such a company recommends or sells on their Web site.

43. Do not “unsubscribe” to spam e-mail. That is just a way to sell your e-mail address to more spam lists. Notice that I have said “spam” and not “bulk.” Spam e-mail does go to your bulk folder, but if you sign up for an online newsletter, it might go to your bulk folder along with the spam. This happens because most spam filters mark messages that are sent to large groups of people. If you know you have signed up for an e-mail service, you can unsubscribe without any problems.

44. If you are receiving a lot of spam, complain to the IP address and ask to be removed. Simply hit the “reply” button and you are well on your way to being off the list. Be polite the first time you e-mail them and remember, it may take a few days or even a week to enter your information allowing you to unsubscribe. However, being polite does not have to mean that you are not firm. Put your foot down and do not take no for an answer. If you have not been unsubscribed in two weeks, e-mail the IP address again and check up on why you are still receiving junk e-mail.

45. If you post messages in forums, do not post your e-mail address. If you really have to post your e-mail address, write it like this: name-at-gmail-dot-com. That way, spam bots will not pick it up as readily. Think twice, though. Do you really need to include your e-mail address? Most forums include a system where users can privately message one another. It is a tiny built-in e-mail system. Check to see that your private mailbox is enabled if you have one. You can even choose to sync it with your regular e-mail. That way, whenever you receive a private message from someone in the forums, you will receive an e-mail alerting you of that message to your regular inbox. That way, you do no even have to remember to check it.

46. Have more than one e-mail account. When you have to sign up for something online, use your “junk” e-mail address. It is fairly simple to sign up for a Yahoo! or Gmail account, and you can use this address to filter out the non-sensitive e-mails you may receive. If you are signing up for an account linked to your credit card, use your regular, secure e-mail. For everything else, use the dummy e-mail.

47. If you have a Web site, give users a form to contact you instead of posting your e-mail address. You can find several free online resources for creating contact forms in any type of Web site design program. You do not have to know HTML well to make this work for you. By using a form, you are avoiding tons of spam e-mail and you can also be sure that the e-mails you do get do not end up in the wrong folder because they had a weird subject line or were sent to multiple people. On top of that, when you use a form, it records the IP address. If there is a problem down the road, having the IP address will really help you solve it or alert you to other fraudulent e-mails.

48. Give to charities you know and trust. At the very least, avoid giving online. If you get an e-mail about a charity needing help, call them, research them to make sure they are legitimate, and send a check. Remember, though, donating to a specific charity is not necessary to reach the people who are in need. In other words, any charity focusing on Katrina victims will be putting their money in the same place. Therefore, if you are moved to donate to a certain organization but are not sure it is legitimate, look for a different one that you can confirm is doing the same thing. Some “basic” charities that you may want to consider:

• The Red Cross (disaster relief and emergency help)

• Make-a-Wish (terminally ill children)

• The Ronald McDonald House (families with sick children)

• The Heifer Project (world hunger)

• Relay for Life (cancer research)

• Toys for Tots (holiday gifts for needy children)

• Habitat for Humanity (shelter for the homeless)

• Your local Goodwill or Salvation Army

• Any program sponsored by a well-known corporation

• Any college/university giving program

• Your neighborhood school’s PTA

• Your local EMT, ambulance, or fire house (especially if they are volunteer-run)

• Your local church, temple, synagogue, or other house of worship

49. Do not assume that a charity is legitimate because it has a legitimate-sounding name. Many scam artists will steal your credit card number using a site that has “Red Cross,” “World Trade Center,” “Tsunami,” or “Katrina” in their domain name. They take advantage of that fact that there are legitimate disaster relief charities helping the cause. As new disasters happen and needs arise, new fake charities begin to launch Web sites. It is a continuous cycle.

50. Contact your state charity-regulating offices to determine that a charity is real before you donate. Every state keeps a running list of nonprofit organizations, as well as contact information and statistics about that organization. You can usually find a number for the state office online at your state’s Web site, or you can look in your phone book under “government.” If you are not sure what number to call, just call the main office number listed. The switchboard operator will be able to transfer you to the correct person, and that is a lot easier than spending hours looking for an obscure number online.

51. Opt out of all mailing lists, online and offline. Here are the contacts for the major companies that sell mailing lists. Send a letter to each asking that your name be removed:

Mail Preference Service

Direct Marketing Association

PO Box 9008

Farmingdale, NY 11735

Telephone Preference Service

Direct Marketing Association

PO Box 9014

Farmingdale, NY 11735

Database America

Compilation Department

470 Chestnut Ridge Road

Woodcliff, NJ 07677

Dun & Bradstreet

Customer Service

899 Eaton Avenue

Bethlehem, PA 18025

Metromail Corporation

List Maintenance

901 West Bond

Lincoln, NE 68521

R.L. Polk & Co. Name Deletion File

List Compilation Development

26955 Northwestern Highway

Southfield, MI 48034-4716

52. Keep track of all correspondence when you are attempting to fix a security problem or opting out of services, such as in the case above. Send your mail certified so that you receive a ticket with the name and signature of the person who received it. Print off a copy of all letters – snail mail and e-mail – that you have sent and mark the date. File carefully. Most important of all, if you suspect that something is wrong, record your phone messages. In some places, there are laws that state that certain people or businesses have to tell the caller that they are being recorded. So know the law, but take that crucial step. You may need the conversation for later.

Using Your Computer

53. Buy a lock for any bag in which you will be carrying your laptop and keep that bag locked whenever the computer is inside. Most important, do not keep the key in one of the bag’s outside pocket. Carry the keys on your person if you can, protecting them like you would a set of car keys. In fact, a good place to keep your keys for your laptop bag is on the key ring with your house keys and car keys. Make a spare and keep it someone safe, like in a fireproof safe or safety deposit box. It may seem like a lot of trouble for just a computer bag key, but you will thank yourself if your bag is ever stolen, which can be done quite easily, especially at an airport.

54. When working on a laptop in a public place, avoid going onto any sites that require a password or PIN. Security cameras can pick up this kind of information, and you can never be sure just how trustworthy those watching the tapes may be. Even if there are no cameras, it is easy for someone to look over your shoulder.

55. If you are working in a public place and must use a site requiring a password, change it as soon as you get home. Do not use a version of the original password; think of something completely different. That way, if anyone did happen to memorize your password or PIN, it will be useless to them by the time they try to use it.

56. Avoid using public computers, such as those found at the library, for signing into any accounts. If you must, make sure you clear the cache before logging offline, and, like noted in the tip before, change your password or PIN when you get home.

57. When you get rid of your computer, get an expert to make sure that absolutely all the information is wiped from it, even if you do not think that you have stored any sensitive information on it while you had the computer. This is a crucial step even if you are simply throwing the computer away instead of reselling it. The right technicians can repair a broken computer from a dumpster to retrieve data from it.

58. Never visit a Web site that you would not want others to know you are visiting. You actions on the Internet can and will be traced. This is a good tip to use in your daily life, not just in regards to Internet identity security. Your husband will find out if you have a profile on online dating sites. The police will find out that you are looking at child pornography. The list goes on and on. When in doubt, just do not do it. The Internet is not a secure world.

59. Never write anything in an e-mail that you would not want others to know you are writing. Again, this can be tracked and intercepted. Besides, you never know when the recipient will have his or her account hacked or password stolen.

60. Do not open e-mails from senders you do not recognize, especially if they are in your bulk mailbox. It is better for the sender to have to resend information that you have deleted than to accidentally get sucked into a scam or installing spyware on your computer.

61. Configure your e-mail to prevent anyone from connecting to your SMTP port. This will help protect you from hackers spoofing your e-mail address.

62. Use a password upon start up. Yes, most hackers can get through this rather easily, but every little step helps. This wall of protection might mean the difference of a few hours, giving you time to alert your credit card companies, bank, and other financial institutions that your information may have been compromised. It also means that you will have time to log into your online accounts and change your passwords or lock them completely.

63. Monitor your children’s activities online. Children do not often understand that giving out personal information can be detrimental. Remember, though, your child’s identity is as much at risk as your own. Talk to your children about identity theft and go over what is acceptable and not acceptable to do online. Keep the conversations age-appropriate, and remember that even the best conversation does not replace a watchful eye.

64. If possible change your computer settings so that your children cannot log on unless you are in the room. Also, look into investing in programs that block the Internet. Today’s technology allows you to determine a specific list of sites where your children may visit. All other sites will be locked out. Work out a list of fun and educational sites together. There are a number of great programs that allow you to do this, including the following:

• Crayon Crawler

• Kidsafe Explorer

• Cybersitter

• Netmop

• KidSplorer

• The Bsafe Online Internet Explorer

65. Realize the potential of a good baby-sitter or tutor. If your child needs to use the Internet for a school project but you are too busy taking care of other children, cooking dinner, working, etc. to monitor his or her activities, hire a responsible local college student (or even a mature high school student if your own child is fairly young) to monitor the computer activity.

66. When you are away from your desk at work, even for just a few minutes, log off of your account so that your computer cannot be accessed by anyone else in the office. Even if everyone else is in the same meeting as you, delivery people, interns, and secretaries could still use your computer without you knowing it.

67. If you are going to be away from your desk at work for any amount of time, do not just log off of your computer – also lock your door. Again, if someone really, really wants to get to your personal account on that computer, they will find a way, but every little step helps. It will take someone longer if they have to pick a lock and then figure out a password, and in that extra time, they could be caught or have to quickly leave because you are coming back to your office.

68. An Extra-Long Tip: How to Wipe Your Hard Drive

One of the most important tips for helping to protect your identity from online criminals is to wipe your hard drive and delete important files completely. This is a skill that everyone with a computer should know how to do, yet few actually ever learn. Why is it so important? Well, when you delete something from your computer, it is not really gone. Due to the changes in the computer world, information is staying on your computer longer, meaning someone who knows what he or she is doing could still access sensitive items you deleted a few months ago. Wiping your hard drive prevents this access.

So, why does the delete button not actually delete your files? It seems like a lot of work to delete a single file. This characteristic of computers actually comes from a time when computers were very, very slow. It takes a long time to delete files, or rather, it took a long time to delete files (computers now are much faster). So, instead of having a consumer wait forever for a file to delete, the computer just deletes the path to the file, telling the computer that it is all right to overwrite the file when more space is needed. Unless you actually delete the file (not just the path), someone who knows where to look can still recover those files. You cannot search on your computer anymore to find them, but there are back doors to get into these files. Any file you do not fully wipe is at risk, including word-processed documents, pictures, and videos. Eventually, your computer will overwrite these documents, but that could take months or even years since computers have much more memory than they did in the past.

Do not panic. Wiping your hard drive is fast, easy, and free. You do not have to be an expert to learn how this works. Of course, make sure that you really want to delete a file, because you will not be able to get it back, even if you are the smartest, most well-trained computer technician in the world.

To wipe your hard drive, you need a program. These can be a bit tricky to find, even on the Internet. Although you may at first think that wiping programs should be a staple in the computer world, like anti-spyware programs, the government puts pressure on manufacturers to not offer wiping programs. Remember, bad guys use them, too. Imagine how these wipers can be dangerous, for example, when used by someone running a child pornography ring. One call to tip that person off and the entire computer can be wiped before the FBI shows up.

A wiping program deletes a file by overwriting it with gibberish or blank space at least once. For maximum security, you should be able to set the program to overwrite your files multiple times. The more secure you want to be, the longer it will take to run on your computer, so make sure you have plenty of free time to allow the program to do its job. Running it overnight is a good idea.

Start backing up any document or program that you don’t want to lose. Like mentioned above, you will absolutely not be able to retrieve this program once you have wiped your computer clean. Common things that people forget to back up include:

• Music

• My Downloads

• Programs that you didn’t install with a CD or that you do not have the CD for anymore

• Fonts

• My Favorites

• My Bookmarks

• Pictures

• Plugins

You have a number of options in order to back up the items that you need. All of these options work well, as long as you remember to destroy the copies when you have your computer up and running again if there is sensitive information on them:

Use an external hard drive. This is probably the best option, as you can simply install it on your computer and then drag and drop all of your files into it on a weekly or monthly basis. External hard drives do not have operating systems on them, so you cannot open and use your files on there, but they do effectively store any file, so you can simply reinstall what you want when your computer is wiped clean. Note that you also may want to wipe your external hard drive after you are finished.

E-mail your files to yourself. This is a fairly insecure way to save files so it should not be used to save sensitive information. In addition, you will probably not be able to e-mail huge files to yourself, as there is a limit to the size of your attachments and the size of your inbox. However, it is a good option if you simply want to save a file or two.

Burn your information onto CDs. This is a great way to store things that you will always need and that will remain stagnant. In other words, it isn’t a good option for files that you want to edit and back up often, as you cannot continually rewrite a CD and will end up spending a ton of money on blank CDs. However, it is a good way to store things like pictures and music.

Use another computer. If nothing else, you can transfer your files to another computer and store them there until you wipe your hard drive. This is a good option only if you are storing non-sensitive files. Also, remember that your back up computer can crash just as easily as your primary computer, since it has an operating system. This is the least secure way to back up your files, but will work in a pinch.

Next, do a low-level wipe. This will not fully protect your computer, but it is a good start and will keep anyone who does not know much about computers from accessing your sensitive files. If you’re using an older version of Windows, you will need to create a start-up disk by following your computer’s instructions. However, if you are using Windows XP or later versions, or if you have a Mac, the disk will be included in the packet of disks when you buy your computer. Restart your computer with the disk in the drive and you should get an option to boot from the CD. Follow the instructions on the screen, deleting everything as it pops up, and you’ll have a fairly blank slate to start.

There are a number of wiping programs that you can then use to completely wipe your hard drive. Check out the following programs, making sure to read reviews and news before you use anything that supposedly wipes your hard drive. Downloading programs from the Internet, no matter how they are marketed, is always risky, and you do not want to accidentally download a virus that steals your information!

• Total Wipe Pro (cost $19.95)

• WipeDrive (cost $39.95)

• Free Disk Wipe (cost free)

• QuickWiper (cost $29.95)

• Stellar Wipe (cost $39.00)

As of right now, the best on the market for most people is probably WipeDrive. However, because of increasing pressure from law enforcement agencies and the government, wiping program manufacturers were constantly closing up shop, opening under different names, and otherwise becoming available and unavailable. Do your research to find out what programs are available and which ones work the best today at the moment you are reading this book.

Offline Protection

69. Shred your mail, including all credit card offers you may receive. Criminals are not above diving through your dumpster to find information they can use. And believe me: They can use the tiniest piece of information to start their theft of your identity. From credit card offers to old bank statements, you need to shred almost anything you throw away. Shredding is fast and shredders are inexpensive, so there is really no reason not to shred your documents. When in doubt, shred.

70. Watch your mail carefully, because thieves often steal it before you get home. Invest in a mailbox that locks or use a post office box if you do not have a door slot. At the very least, make sure that you get your mail every day. If you usually get a few pieces and have not received mail in a few days, call your post office.

71. Opt out of pre-approved credit card offers, which are often a target for identity thieves. You can opt out fairly easily by calling the Opt Out Request Line at 1-888-567-8688.

72. Never give out personal information over the phone, even if someone can refer to your account number. Instead, tell the caller that you are busy and need to call back in a few minutes. Then, call your bank using their official number or stop at your bank in person. If the call was legitimate, they will be willing to wait for your information.

73. Keep your social security card in a safe place, not in your wallet, which can be stolen fairly easily.

74. Do not include yourself on any of the Who’s Who publications. Most professionals are offered this “honor,” but it is simply an avenue for people to find out a lot of personal information about you. Opting out will not mean you are any less respectable professionally.

75. Use traveler’s checks when on vacation or carry a secured credit card.

76. If your driver’s license is issued to include your social security number, call your state department of motor vehicles and ask that it be changed. You may have to pay a fee to get a new license, but it is well worth the money.

77. The same is true for any identification card you carry or wear, including your insurance card, an employee identification card, and so forth. You should never carry your social security number with you unless you specifically need it for some reason.

78. Check your own credit report once a year. You can do this every 12 months without any repercussions. If you see anything suspicious, do not panic — it could simply be a mistake. Call the major credit reporting bureaus right away to find out what is going on.

79. Keep your credit card in sight when using it to pay anything to avoid having someone skim the card and steal the information on it, which means take cash when you pay at a restaurant. Waiters and waitresses are the most common people to steal your credit card information by skimming, because at most restaurants, the cash register is not near your booth or table. Even if it is, you are usually so engrossed with eating and talking to your dinner date that you will have your guard down. Do not be fooled by a friendly server. Keep the card close to you whenever possible, and if you have to use a card to pay for your meal, use a debit or prepaid card. The number on those cards will not do thieves much good since they will not have your PIN.

80. Sign the back of your card. Experts agree that this is the safest way to protect yourself. Some people like to write “Check ID” on the back, thinking it is safer, but for someone who really wants to steal your identity, it is not hard to make up a fake ID. It is much harder to fake a signature. Or, rather, it is easier to prove that a signature is not yours. Therefore, if your card is stolen and a thief makes purchases, you can look at the store’s signature copy and compare it to your own. If it does not match, the store should be willing to take responsibility for the bad purchases. After all, they are supposed to compare signatures right away. It is harder to prove that someone used a fake ID to make purchases, simply because more clerks do not memorize your face after you use your credit card. If the thief looked similar to you, there is a good chance the clerk would not be able to tell you apart in a line up. When nothing out of the ordinary happens, it is hard to remember a face. Think about it; can you picture the face of the last clerk that helped you at a mini mart or checked you out at the grocery store?

81. Cancel credit cards you do not use. The fewer cards you have, the easier it will be to watch out for suspicious activity. To cancel a credit card, do not just cut it up and throw it away. It is important to actually call the company to have the account closed. Otherwise, the account will still be open for purchases and open to attack, even if you do not carry a balance. On another note, officially closing your credit card account will help improve your credit score and will stop you from paying any kind of annual minimum balance fee, which is required by many major credit cards.

82. Use a smart card, which is a pre-paid credit card that works like a debit card. Or use a credit card with a fairly low limit. The less the crooks have access to, the better. You can get a smart card from any of the major credit card companies.

83. Lenders will increase your credit limit all the time, just for paying the card on time or being a cardholder for a certain number of months or years. If you do not need that extra spending money, call and request that your credit limit be lowered. Credit card companies are supposed to notify you when there is a change, but some simply state in the contract that your limit will increase at specific times. Keep track of how much credit you have and how much you really need.

84. Take your receipt with you when you purchase something with your credit card. Although credit card slips do not show all of your information, giving thieves even a little piece, like your name, signature and the last four numbers, is dangerous.

85. Only use bank ATMs, not privately-owned ATMs, which are much more likely to have attachments that skim your card and steal information from it. If you really need money and cannot find a bank, use your debit card to pay for purchases at a store like Kmart or Wal-Mart. Most of these stores have a cash-back option and you can use this as an instant, usually free, ATM. It is safer than using a privately owned ATM and usually cheaper, too.

86. Before using an ATM, be a bit observant. Where is the security camera located? Use your hand to cover the key pad as you type in your pin, just in case an identity thief tapped into the camera’s feed. Be aware, however, that it is not a good idea to block the view of the camera in any way. For example, do not hang a hat over the camera to block the view. If a security guard is watching, he or she will think that something suspicious is going on, and depending where you live, such practice may be illegal. You do not actually want to hide your actions when using the ATM, just your PIN number.

87. Check the ATM for any signs of tampering. If possible, use the same ATM every time you need money, and if you notice any changes, contact your bank. It is possible that the bank upgraded their ATM, but it is also possible that an identity thief added a skimming machine to the card reader.

88. For financial counseling, accounting matters, and credit counseling, work only with reputable businesses. Counselors should be accredited with the National Foundation for Credit Counseling or the Association of Independent Consumer Credit Counseling Agencies. Before you release sensitive information, you should review the company’s confidentiality policy, ask for a list of past clients, and otherwise do a bit of research. Think of it as if you are interviewing an employee. You do not have to use a company just because they have come recommended. Do a bit of investigating to find out who will work best for you.

89. Do not choose to work with any company solely by surfing the Internet. You should always visit a real life office or, at the very least, do research to pair with telephone conversations. The only exception to this rule would be big companies that are extremely popular and, in some cases, do not have brick-and-mortar offices. Examples of such businesses include ING, PayPal, and eBay. When in doubt, just do not use that Web site. There are plenty of options for anything you want to do.

90. If you see your social security number being used anywhere, such as on your health insurance card or employee identification, talk to the customer service department about changing this information. Make sure you check out all your accounts, including loans, credit cards, and so forth.

91. Use an assumed name when possible, which is totally legal as long as you have no intent to deceive. A good idea is to use your middle name or initials for your everyday communications. Only use your real, full name when you need to use it, such as with the police or with the government.

92. Ask to update your medical information whenever you go in for your annual check up. Make sure your medical records are not showing any weird visits, treatments, or prescriptions that you do not remember.

93. Find out how your information is stored professionally. You should ask your doctor, accountant, and lawyer at the very least for information about protection procedures and how they are watching for identity theft. There are thousands of professionals in every state, so if you feel like yours are not doing enough to keep you safe, take your business elsewhere.

94. If you are self-employed, apply for a separate tax identification number, called an EIN. This is what you should use in place of any form that requires your social security number, including your income taxes. Traditionally, EINs are used for employee purposes, but you can apply for and receive an EIN even if you do not have any employees.

95. An Extra-Long Tip: Learning about Identity Theft Laws

If knowledge truly is power in the identity theft prevention world, then learning about just how you are protected is key. While there are a number of laws pertaining to identity theft, there are still many loopholes that identity thieves are using to overcome the law. You can help stop them by writing to your local and state government to propose change. New identity theft bills, both protecting people online and offline, are being proposed every day to help prevent, catch, and punish criminals. Doing your part can help make the world safer fro everyone. Learn about the following laws:

96. The Fair Credit Reporting Act: Under the Fair Credit Reporting Act, consumer reporting agencies are allowed to collect and distribute your personal information. However, they must do so fairly and with your security in mind. First, these agencies must take steps to verify information and resolve disputers. If information is taken off due a disputer, the consumer must be notified if it is put back on the report. In addition, negative information can only be reported for seven years (with the exception of bankruptcy, which can be reported for ten years).

Also under this law, information furnishers (ie, creditors who report your activity with their company) must provide complete and accurate information, investigate any and all disputes, and inform customers when negative information is to be reported on your account.

If anyone uses your report for anything (say, for instance, to raise your interest rate because your credit score has dropped), they must notify you of the adverse action they are about to take. They must also give you the name of the company that provided your credit report so that you can investigate anything you believe is incorrect.

All of these actions are to protect you from going through life without knowing that your credit score is falling. Since you are notified, you can catch errors and dispute things that were caused by identity thieves. If these laws were not in effect, you might go years without knowing that your credit score is falling. That gives the identity thieves only a few months to get away before you know something is wrong, rather than being about to ruin your credit for many years.

97. The Fair Credit Billing Act: This act protects your credit score when there are errors on your billing statements, which is often the case if an identity thief steals your credit card. Until the matter is resolved, the following things must be kept from your credit report:

• Charges not made by you

• Damaged goods

• Billing errors doing to wrong calculations

• Goods that were never delivered

• Statements mailed to the wrong address

• Charges that were never made

You must send written notice that you are disputing something in order for these laws to protect you.

98. Electronic Funds Transfer Act: Because so many of us use our credit and debt cards to purchase things online, and because even more people do online banking, the Electronic Funds Transfer Act is great for protecting consumers, merchants, and lenders dealing with identity theft. The consumer must:

• Contact the lender within 60 days of the error on the statement

• Release name and account number

• Fully explain why the charge is erroneous

• Send details of the dispute in writing within 10 business days, if requested by the lender.

At the same time, the lender must:

• Investigate and attempt to resolve the dispute within 45 days, or within 90 days if it involved the erroneous opening of a new account

• Recredit any amounts found to be incorrect

• Notify the customer if they catch an error

• Explain findings that were deemed not to be erroneous

• Send copies of any documents used in the investigation at the consumer’s request.

In addition, the Electronic Funds Transfer Act helps to determine who is liable for faulty charges in the case of a lost or stolen card:

• If your card is lost or stolen and you report it before any charges have been made, you are not liable for any charges made to that card.

• If your card is lost or stolen and a charge is made, you are liable for $50 worth of charges if you report the loss within 2 business days.

• If your card is lost or stolen and you report it as such after 2 business days, but within 60 business days, you are responsible for charges up to $500.

• If your card is lost or stolen and you do not report it within 60 business days, you could be liable for all charges made to that account.

Unfortunately, they vary a bit from state to state, but if you reference the following documents in your local courthouse or online, you should be able to find the exact laws that pertain to you and other citizens in the state where you live:

Alabama: Alabama Code 13A-8 -190 through 201

Alaska: Alaska Statutes Title 11, Chapter 46, Section 565

Arizona: Arizona Rev. Statute 13-2008

Arkansas: Arkansas Code 5-37-227

California: California Penal Code 530.5-8

Colorado: Colorado Article 5, 18-5-901, Part 9

Connecticut: Connecticut Statute 53a-129a and 52-571h

Delaware: Delaware Code Title II, 854

District of Columbia: District of Columbia 22-3227

Florida: Florida Statute 817.568

Georgia: Georgia Code Title 16, Chapter 9, Article 8

Hawaii: Hawaii Statute 708-839-6 through 8

Idaho: Idaho Code 18-3126

Illinois: 720 Illinois Statute 5-16 G

Indiana: Indiana Code 35-43-503.5

Iowa: Iowa Code 715A8 and Iowa Code 714.16B

Kansas: Kansas Statute 21-4018

Kentucky: Kentucky Statute 514.160

Louisiana: Louisiana. Rev. Statute 14:67.16

Maine: Maine Rev. Statute 17-A 905-A

Maryland: Maryland. Code Article 27-231

Massachusetts: Massachusetts General Laws Chapter 266, 37E

Michigan: Michigan Laws 750.285

Minnesota: Minnesota. Statute 609.527

Mississippi: Mississippi Code 97-19-85

Missouri: Missouri Statute 570.223

Montana: Montana Code 45-6-332

Nebraska: Nebraska Statute 28-608 and 28-620

Nevada: Nevada Statute 205.463-465

New Hampshire: New Hampshire Statute 638:26

New Jersey: New Jersey Statute 2C:21-17

New Mexico: New Mexico Statute 30-16-24.1

New York: New York Penal Code 190.77 through 190.84

North Carolina: North Carolina General Statute 14-113.20-23

North Dakota: North Dakota Code 12.1-23-11

Ohio: Ohio Code 2913.49

Oklahoma: Oklahoma Statute Title 21, 1533.1

Oregon: Oregon Statute 165.800

Pennsylvania: 18 Pennsylvania Constitutional State 4120

Rhode Island: Rhode Island General Laws 11-49.1-1

South Carolina: South Carolina Code 16-13-500, 501

South Dakota: South Dakota Codified Laws 22-30A-3.1

Tennessee: Tennessee 39-14-150 and Tennessee 47-18-2101

Texas: Texas Penal Code 32.51

Utah: Utah Code 76-6-1101-1104

Vermont: Vermont State Code 13-2030

Virginia: Virginia Code 18.2-186.3

Washington: Washington Code 9.35.020

West Virginia: West Virginia Code 61-3-54

Wisconsin: Wisconsin Statute 943.201

Wyoming: Wyoming Statute 6-3-901

Table of Contents