Protecting Your Security

With the recent hack of Equifax, as well as earlier hacks of Yahoo, Target, Anthem and Blue Cross, along with leaked data from the IRS, it is quite likely that your personal information is available to criminals.  About 7% of the people in the US have had identity theft resulting in losses averaging $3500.

With stolen identity data, along with a little social media and online research, they have a good chance of emptying your bank account or opening a new account in your name.

Things all of us should do to protect our identity and credit:

  1. Put a freeze on your credit reports.
  2. Secure your financial accounts by setting up another way of confirming your identity when logging in or calling in.  Use unique and strong passwords.
  3. Set up alerts for unusual activity with your bank and credit companies.

Here are the direct links to the credit monitoring services page for setting up a credit freeze:

https://www.freeze.equifax.com  – This link bypasses the breach information page, and allows you to freeze your Equifax account. Do this first.

https://www.experian.com/freeze/center.html

https://www.transunion.com/credit-freeze/place-credit-freeze  links to this page:

https://www.transunion.com/product/trueidentity-free-identity-protection

https://www.innovis.com/personal/securityFreeze

Remember to keep track of the PIN you will get when you sign up – this will be required should you need to apply for credit.

This article has details on why a credit freeze is the best protection you can have:

How I Learned to Stop Worrying and Embrace the Security Freeze  

https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

The essential parts of the article:

“…If your response to this breachapalooza is to do what each of the breached organizations suggest — to take them up on one or two years’ worth of free credit monitoring services — you might sleep better at night but you will probably not be any more protected against identity theft. As I discussed at length in this primer, credit monitoring services aren’t really built to prevent ID theft. The most you can hope for from a credit monitoring service is that they give you a heads up when ID theft does happen, and then help you through the difficult process of getting the credit bureaus and/or creditors to remove the fraudulent activity and to fix your credit score.

There is shockingly little public knowledge or education about the benefits of a security freeze, also known as a “credit freeze.”
A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file).

Freezing your credit involves notifying each of the major credit bureaus that you wish to place a freeze on your credit file. This … can be done online. Once you complete the application process, each bureau will provide a unique personal identification number (PIN) that you can use to unfreeze or “thaw” your credit file in the event that you need to apply for new lines of credit sometime in the future. There are four consumer credit bureaus, including Equifax, Experian, Innovis and Trans Union. “

This site allows you to opt out of offers for credit cards www.optoutprescreen.com. It is not necessary if you have frozen your credit, but useful to prevent thieves from getting offers for credit intended for you.

This is the site where you can view your credit reports for free every 90 days: www.annualcreditreport.com. It is a good idea to look for any unexpected activity.  This is the site that the credit bureaus and identity protection services will refer you to for your credit report.

“It’s also a good idea to notify a company called ChexSystems to keep an eye out for fraud committed in your name. Thousands of banks rely on ChexSystems to verify customers that are requesting new checking and savings accounts, and ChexSystems lets consumers place a security alert on their credit data to make it more difficult for ID thieves to fraudulently obtain checking and savings accounts.  https://www.chexsystems.com/web/chexsystems/consumerdebit/otherpage/SecurityAlertOnline

I am often asked about credit monitoring services, such as LifeLock.  Here is a good article explaining how credit monitoring works, and how useful it is:

Are Credit Monitoring Services Worth It

http://krebsonsecurity.com/2014/03/are-credit-monitoring-services-worth-it/

The essential parts of the article:

“Avivah Litan, a fraud analyst with Gartner Inc., rattled off a long list of reasons why credit monitoring services aren’t much use to most consumers.
-Most won’t tell you if a new wireless or cable service has been taken out in your name.
-They do nothing to monitor your bank account transactions, credit card accounts (for fraudulent charges), retirement accounts, brokerage accounts, loyalty accounts and more. And these are all areas where consumers should be very concerned about account takeover.
-They do nothing to tell you if a bad guy has hijacked your identity for non-financial purposes, i.e. to get a new driver’s license, passport or other identity document.  Of course a bad guy impersonating a consumer using a forged identity document can end up in prison, causing lots of problems for the victim whose identity was hijacked.
-They do nothing to stop tax fraud (typically tax refund fraud) against you.  Same is true for other government benefit programs, i.e. medicare fraud, Medicaid fraud, welfare fraud, and Social Security fraud.
“In short, they only give consumers limited help with a very small percentage of the crimes that can be inflicted on them,” Litan said. “And consumers can get most of that limited help for free via the government website or free monitoring from a breached entity where their data inevitably was compromised.”

California’s Office of the Attorney General has a searchable list of companies that have recently reported data breaches, and nearly all of those firms are offering free monitoring services for affected consumers.

Enter your email address into the haveibeenpwned.com website to see if your account is known to be hacked.

Confirm your login identity

Some security-conscious websites offer users the option of multi-factor authentication, typically in the form of two-step authentication. Two-step authentication requires users to both provide a password and prove their identity through something they own, such as a phone. For example, a two-step authentication website might require you to enter a password and also a code texted to your smartphone. Or the website might robo-call you and ask you to punch in a code provided by the website using your phone.  Two factor authentication provides extra security that will protect you in the event someone steals your password, so it’s highly recommended for online financial transactions.

To hack your Gmail account with two factor authentication, someone would now need to know your email address and password, and they would need to steal your phone and know how to get the authentication code from it. And just like that, your email account is now harder to break into than your house ever will be.

Some banks now allow you to set up a voiceprint of a passphrase to authenticate you over the phone. This makes it more difficult for a criminal to call in and change your pin or address.

Use strong and unique passwords

Here is an article on Managing your passwords – We recommend www.LastPass.com

Here is an article on Login Security  and 2 factor authentication. Be sure to secure the email account you have assigned for password recovery for sensitive websites.

Instructions for Setting up 2 factor authentications for common online services.

List of sites supporting 2 factor authentication.  See if your bank is listed, and get instructions.

Here are some of the resources available that provide consumer information and education to help protect you from becoming a victim of fraud:

You can watch hacking activity in real time here.

And, of course, we can help you with securing your identity and assets if you would like assistance

 

-Tim Torian