Protecting Yourself Against Identity Theft
Identity theft
is a serious crime. Identity theft happens when someone steals your personalinformation and uses it without your permission. It is a growing threat to everyone. In 2013, 13.1 million consumers were victims of identity fraud or theft.12 Your identity can be stolen in a variety of ways: by cyber thieves; by unscrupulous vendors; or by those who are pilfering
identification cards, bank statements, and other items from your mail box or online. Criminals may also glean personal details in forums like Facebook or LinkedIn and collect useful background data that aids in identify theft. Changes in financial accounts, apparent mistakes in billing, calls from collection agencies, denial of loan applications, and even notices about accounts or jobs in your minor child’s name are a few of the
indicators you might be a victim of identity theft.
This document addresses some common identity theft scenarios, methods of prevention and ways to recover if such theft occurs.
What is Identity Theft?
As indicated above, identity theft is a serious crime that may have serious consequences to your financial, credit history, and reputation. Identity theft happens when someone steals your
1 Javelin Strategy 2014 Identity Fraud Report
personal information and uses it without our permission, often to commit other crimes, such as bank, immigration and employment fraud.
It can disrupt your finances, credit history, and reputation, and it takes time, money, and patience to resolve.
Identity thieves might:
• Steal your wallet, purse, mail, or other areas to remove your credit cards, driver’s license, passport, health insurance card, and other items that reveal personal
information.
• Go through trash cans and dumpsters, stealing bills and documents that have sensitive information.
• Steal personal information on the job (industry, government,
medical, etc.).
• Pretend to offer a job, a loan, or an apartment, and ask you to send personal information to
“qualify”.
• Misrepresent a legitimate
business; trick you into revealing personal information.
• Install “skimmer” devices and pinhole cameras at gas pumps or Automatic Teller Machines
(ATMs) to acquire your account information and Personal
Identification Number (PIN) on credit cards.
• Exploit computer systems of businesses or financial
Page 2 of 7
institutions to steal personal identifying data or credit card information.
• Collect publically available information from social media sites to use in social engineering.
Identity thieves often use scams
involving tactics of “social engineering”
(in person, via phone, mail, or email) to trick you into providing personal
information. Others use information you place in the public domain that provide opportunities or pathways to acquire your identity. While other criminals exploit vulnerabilities in operating systems or remote access systems such as Automatic Teller Machines (ATMs) and pay at the pump systems to steal credit and debit card information.
How to Protect Your Information Persistent vigilance on your part can help detect and limit damages caused by an identity thief. The following are recommended:
• Safeguard your Social Security Number. It is the key to your personal and financial
information.
• Protect your paper and physical valuables.
o Don’t let incoming mail linger.
o Resist the urge to use your mailbox for outgoing mail (bills and checks are easy to spot).
o Don’t leave your purse in the grocery cart while shopping (it’s an easy target).
o Invest in a shredder and destroy sensitive
documents. (Note:
Moving to electronic statements and documents further
reduces your exposure to physical threats.)
o Cancel credit cards you don’t need.
o Keep your credit card in sight when allowing a merchant to process it.
Remember to lock your car even if “empty” of valuables (a portable garage door opener and car registration offer quick thieves an easy payday).
• Read your credit reports. You have a right to a free credit report every 12 months from each of the three nationwide credit reporting companies. Order all three reports at once, or order one report every four months.
To order, go to
https://www.annualcreditreport.c om or call 1-877-322-8228.
• Read your bank, credit card, account statements and the explanation of medical benefits from your health plan. If a statement has errors or doesn’t come on time, contact the business.
Page 3 of 7
• Shred all documents that show personal, financial, and medical information before you throw them away.
• Don’t respond to email, text, and phone messages that ask for personal information. Legitimate companies don’t ask for
information this way. Delete the messages. At a minimum, ask for a callback number and verify it is associated with the company they claim to represent.
• Create strong passwords that mix letters, numbers, and special characters. Don’t use the same password for more than one account.
• Turn on two factor
authentication (2FA) features on every online account that makes that security feature available (visit http://twofactorauth.org/
for a list of websites which offer 2FA security).
• Similar to 2FA, turn on text message and/or email alerts on your online banking, email, social media, and any other accounts you value so you can quickly address security and fraud issues.
• Regularly review privacy settings on your social media accounts to ensure Personally Identifiable Information is not available to criminals.
• Use encrypted connections when shopping or banking online. An encrypted site has “https” at the
beginning of the web address; “s”
is for secure. The Electronic Frontier Foundation (eff.org) offers a pluginfor Firefox and Chrome called, “HTTPS
Everywhere” that will help ensure your are using secure versions of websites that offer it.
• If you use a public wireless network, use a Virtual Private Network (VPN) service if possible on your device and do not send information to any website that isn’t fully encrypted.
• Use anti-virus and anti-spyware software, and a firewall on your computer.
• Set your computer’s operating system, web browser, and security system to update automatically.
• Using credit cards instead of debit cards, if you have the discipline, can also help limit damages from theft. Credit cards typically feature more robust anti-fraud protection and zero liability policies if your credit card is stolen.
• Enable the privacy settings on social media sites to limit your information to those you know The Do’s and Don’ts of Social
Networking
• Only establish and maintain connections with people you know and trust. Review your connections often.
Page 4 of 7
• Assume that ANYONE can see any information about your activities, personal life, or professional life that you post and share.
• Ensure your family and friends takes similar precautions with their accounts, their privacy and sharing settings can expose your personal data.
• Avoid posting or tagging images of you or your family that
clearly show your face. Select pictures taken at a distance, at an angle, or otherwise
concealed. Never post
smartphone photos and don’t use your face as a profile photo, instead, use cartoons or avatars.
• Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points.
Facebook – Securing Your Profile Identity thieves use Facebook to retrieve data that can be used to steal your identity or trick a family member or friend into providing their personal identifying information. It is
recommended you secure your profile by using the following settings:
1. Log in to Facebook, the Click Account located on the top
right next to profile. Click Privacy Settings.
2. Decide how private you want to be. Click on each tab and look at the dots for each one – the dots show who can see that aspect. We recommend you choose “Friends Only”. Then Click ”Apply These Settings” in the bottom right corner.
3. Uncheck the “Let friends of people tagged in my photos and posts see them” box. This ensures that only your friends are able to see posts and photos that you tag.
4. Click the Customize Settings link under the box you just unchecked. This will allow you to further edit your Facebook settings.
5. Decide how private you want certain things to be by selecting from the drop-down menu.
6. Hide certain people or networks from seeing your information.
Click customize from the drop- down menu. Choose “Friends Only”, uncheck any networks you don’t want to see your photos (remember that when this is checked it means that ANYONE in the network can see that piece of information, not just your friends in the network). Type the names of
Page 5 of 7
any person on your fiends list you don’t want to see your info.
7. To make a certain piece of information visible to only a couple of people, click
Customize from the drop-down menu. From the next drop- down menu, choose Specific People… Then, type the name of the people you want to be able to see the info. As long as your networks are unchecked, only those to whom you grant permission will be able to see that piece of information.
8. Change your photo privacy Settings. Click on Edit Privacy Setting for existing photo albums and videos at the bottom of the “Things I Share section”. Choose the
appropriate settings for each album. Use the drop-down menu as you did for the
previous steps. Click the “Back to Settings” button in the upper left corner when you are done.
9. Preview you profile. This
feature allows you to view your own profile as if were someone else. Click “Preview My Profile”
in the upper right corner. Type the name of the person’s view you want to check and press enter.
10. Click Back to Privacy Settings to make any necessary changes.
Now you are more secure.
LinkedIn – Securing Your Profile Identity thieves will also LinkedIn profiles in the same way they use Facebook to target you and your family and friends. Below are some things we recommend to protect your password security and privacy:
1. Change your password every few months. Don’t use the same password on multiple accounts or works from the dictionary. Passwords should be more than 10 characters and be comprised of Upper and lower case letters, numbers and special characters. Never give your password to others or write it down.
2. Limit the contact information you share in your profile.
LinkedIn is designed to share your professional life and make contacts that can help your career; however, you might not want some of your information shared. Click “Edit Profile” link from the “Profile” menu at the top of your LinkedIn home page. Scroll down to the
“Personal Information” area and click the “Edit” button. Select and remove any information
Page 6 of 7
you don’t want open to the public.
3. Turn on LinkedIn’s Secure Browsing Mode. Click on the triangle next to your name in the top-right corner. Click
“settings” link from the drop- down menu. Click “account”
tab in the bottom-left corner of the screen. Click on “Manage Security Settings” and check the box that says “When possible, use a secure
connection (HTTPS) to browse LinkedIn in the pop-up box that opens”. Click “Save Changes”.
4. Consider limiting the information in you public profile. Click on the triangle next to your name in the top- right corner. Click the
“settings” link in the drop-down menu. From the “Profile” tab at the bottom of the screen, choose the “Edit Public Profile”
link. In the “Customize Your Public Profile” box on the right side of the page, uncheck the boxes of the sections you wish to remove from public visibility.
5. Review your Privacy Control Settings and Make Changes as Needed. If you aren’t
comfortable with people seeing your activity feed or knowing that you’ve viewed
their profile, consider limiting access to your feed and/or setting the “anonymous” profile viewing mode. These settings are available in the “Privacy Controls” section of your
“Profile” tab.
Other Things to Consider…
Here are a few other things to consider in order to protect your privacy:
• Where possible use two factor authentications on services where it is offered. Many financial websites and Google offer two-factor authentication.
• Go paperless with your bills and financial statement. It lowers your profile and chances someone will steal this
information from your mail box or trash (if it is not shredded).
• If possible, use credit cards instead of debit cards. Credit cards frequently provide better protection as fraudulent
charges will likely be removed from the account, while debit cards provide less protection.
With Debit cards they will disable the use of the card, but funds stolen before the
reported as fraudulent are not likely to be reimbursed.
Page 7 of 7
• Where offered, enable text or email notification of suspicious activity on you accounts.
• If you suspect you are a victim of Identify Threat, your CISO Team can offer advice and assistance in filing an Identity Theft Report.
If Suspect Your Identity is Stolen…
Flag Your Credit Report
Call one of the nationwide credit reporting companies, and ask for a fraud alert on your credit report. The company you call must contact the other two so they can put fraud alerts on your files. An initial fraud alert is good for 90 days.
Equifax 1-800-525-6285 Experian 1-888-397-3742 TransUnion 1-800-680-7289 Order Your Credit Report
Each company’s credit report is slightly different, so order a report from each company. Dell SecureWorks CISO recommends ordering one of the three
credit reports available through https://www.annualcreditreport.com every four months. When you order, you must answer some questions to prove your identity. Read your reports carefully to see if the information is correct. If you see mistakes or signs of fraud, contact the credit reporting company.
Create an Identity Theft Report An Identity Theft Report can help you get fraudulent information removed from your credit report, stop a company from collecting debts caused by identity theft, and get information about
accounts a theft opened in your name.
To create an Identity Theft Report:
• File a complaint with the FTC at ftc.gov/complaint or 1-877-438- 4338; TTY: 1-866-653-4261.
You completed complaint is called and FTC Affidavit.
• Take your FTC Affidavit to your local police, or to the police where the theft occurred, and file a police report. Get a copy of the police report.
The two documents comprise an Identity Theft Report.
Keep an audit trail and maintain vigilance. Unfortunately, it can take years to ensure your personal data is not being fraudulently used.
Contact the Social Security
Administration to determine if you’ll need a new number.
College students who are the victims of identity theft should visit
http://www.ed.gov/about/offices/list/oi g/misused/index.html to ensure no rogue college loans were opened using their information.
For more information about Dell
SecureWorks security services for your business, visit www.secureworks.com.