1
IDENTITY THEFT PREVENTION - DAVID P. HULSER, FBI - PRESENTATION NOTES Practical, simple precautions to reduce your exposure to identity theft
• Get a handle on your personal credit profile
– Obtain a free credit report for you & spouse from each of the 3 major credit bureaus (Experian, Equifax, and TransUnion)
• 877-322-8228, or
• www.annualcreditreport.com (immediate access), or
• Annual Credit Report Request Form (www.ftc.gov/credit), and mail to: – Annual Credit Report Request Service
P.O. Box 105281 Atlanta, GA 30348-5281 – Stagger requests – once every 4 months
• Schedule a reminder in your calendar/Smartphone • Once you have obtained your free credit reports:
– Identify and verify all credit information
• Possible unknown a/c’s, judgments, etc. – Close all dormant and/or unnecessary a/c’s
• Contact credit card co., and advise them to note “acct. closed at customer’s request” – credit score issues
– Consider placing a free “Fraud Alert” with credit bureaus (90 days, or 7 years) for both you and your spouse
• https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp – Consider placing a “Security Freeze” with credit bureaus
• Initial $10 fee in Virginia to place security freeze, unless actual victim • Must consider timing for future credit applications, refinance, etc. • “What’s In Your Wallet?”
• Let’s take a quick inventory of personal information in your possession: • Multiple Credit Cards?
2 • Blank checks?
• Driver’s License?
• Health Insurance ID Card? • Store Receipts?
• Automobile Registration and/or Auto Insurance Card? • Frequent Flyer Card?
• Social Security Card?
• Telephone Numbers of Family/Friends? • Password “Cheat Sheet” Card?
• Make a complete photocopy of everything (front and back) in both spouses wallet/purse – Important contact info. in the event of lost or stolen wallet/purse
• Store in secure location, other than safe deposit box, for access when needed (possibly on a Sunday)
• Maintain password protected info on Smartphone? • Treat your mail very carefully
– Contact the USPS to request a vacation hold (3-30 days, & free of charge) • www.usps.com
• 800-275-8777
• Fill out vacation hold card at local post office • Never place outgoing mail in mailbox with flag up!!!!!
– Red flag on mailbox = green light for ID thieves • Discuss mailbox solicitors
• Discuss “check washing”
– Deposit at local post office or USPS collection box • Consider purchasing a locking mailbox
• Immediately follow up with creditors, banks, etc. if you don’t receive your monthly statements as scheduled • Consider eliminating paper credit card and bank statements and converting to E-Statements and online bill
3 – Minimizes possibility of stolen mail
– Minimizes need to shred sensitive documents
• Visit your bank's, credit card issuer's or creditor's web site(s) frequently to monitor regular account activity – Account activity awareness will limit damage if compromised
• Discuss embezzlement schemes…control receipt of statements, and review monthly (or more often online)
• General Prevention Ideas • Treat your trash very carefully
– “One Man’s Trash is Another Man’s Treasure” – Purchase a confetti-cut shredder
• Destroy all sensitive information, including convenience checks and pre-approved credit offers from credit card co’s, insurance information, monthly statements, etc.
• Make your information less accessible to identity thieves by doing the following:
– Remove your name from the pre-approved credit card lists of the 3 credit bureaus (EQUIFAX, EXPERIAN, AND TRANSUNION) by taking advantage of their “OPT-OUT” service
• Call 888-5-OPTOUT [(888) 567-8688], which reaches all 3 major credit bureaus • www.optoutprescreen.com
• “Opting Out” will not negatively impact your ability to gain access to credit or insurance, and will not affect your credit score
– Remove your name from commercial marketing databases by registering your telephone number with the NATIONAL DO NOT CALL REGISTRY:
• www.donotcall.gov, or • 888-382-1222
– Your registration will not expire. Telephone numbers placed on the National Do Not Call Registry will remain on it permanently due to the Do-Not-Call Improvement Act of 2007, which became law in February 2008
– Certain political, charity, and medical related calls are exempt – Robo calls are on the rise!
• Recorded messages from companies using auto-dialers, and they are not screening for numbers on Do Not Call Registry
4
• Many using fake caller ID information – Caller ID Spoofing • Credit Card and Bank Accounts
– Examine your credit card and checking/savings account statements like an obsessed accountant – Review more frequently (daily/weekly) online
– Be familiar with credit card and bank statement closing dates – Reconcile account at least monthly
– Have picture placed on back of credit and debit cards, if available
– Print “PHOTO ID REQUIRED” or “SEE MY ID” in signature block instead of signing
• Still not effective with some merchants due to automation (i.e. self check-out, card readers) – Request, via telephone and/or in writing, that each of your credit card companies and banks remove
your name from any marketing and promotional lists that they may sell or share with other companies – If any of your credit card companies send unsolicited convenience checks to you, request that you be
removed from their mailing list for these checks – Consider going PAPERLESS!
• Promote benefits of online banking/credit card access, setting account alerts/reminders, etc. – Only include name at top of checks
• Never include SSN, DOB, telephone #
• Merchant may ask for driver’s license to note other personal identifiers, including address • Refuse to add (especially SSN) if requested by merchants - they will back down before
refusing sale
– Always arrange to have new checkbooks mailed to local bank branch versus home mailbox • Boxes of new checks obvious to identity thieves
• Protect your Social Security number
– Should have a new VA driver’s license containing a “T” number versus your SSN (VA law as of 7/1/02) – Never carry documents containing your SSN (Medicare cards unfortunately still contain SSN)
– Never give your SSN to anyone by telephone, unless you initiated the call to a known entity – Avoid having your SSN used for ID’s at work if possible
5
• If they insist, may want to take your business elsewhere • Prevention re: Internet
• www.onguardonline.gov (FTC site)
• Avoid being “hooked” by “Phishing” scams – What is phishing?
• "Phishing" is a term coined by computer hackers, who use email to fish the Internet hoping to hook you into giving them your logins, passwords and/or credit card information
– Do not reply to e-mail, pop-up messages, or text messages that ask for personal identifying information • Do not click on links within messages either
• When in doubt, contact financial institution directly via known website address or known telephone #
– Discuss recent TEXT message scam - $1,000 BestBuy gift card and link to “www.bestbuy.com.bestwinners1.org”
• Only conduct personal business on secure websites – https://www.mybank.com – Also check for secure area padlock icon
• Maintain up-to-date anti-virus, firewall, and spyware software – Old saying… “YOU GET WHAT YOU PAY FOR…”
• Buyer beware when purchasing items via online auction sites
– Use secure payment systems, or credit card (for dispute protection) • Never purchase with money orders or cash
• Consider maintaining one credit card earmarked for internet purchases only • Use a dummy e-mail account
– Free e-mail accounts are available
• If it gets e-mail bombed with spam, you can drop it and start over • Reserve your primary for family & friends
• Change your login ID’s and passwords
– Many sites utilize your SSN or a/c # as a login ID default • Don't Set Your System to "Remember My Password“
6
– Avoid the temptation…only saves you a few seconds, but could cost you dearly, especially in event of stolen laptop
– Remember Passwords - Don't Write Them Down
– Passwords are hard to remember, and most of us are guilty of writing them down and taping them to the underside of keyboards or under the mouse pad or carry them in a laptop case, or put them in a wallet or purse. Thieves know this, and these are the first places they look.
• Avoid using common computers for sensitive personal business
– Online bill payment, checking investment accts., etc. on internet cafés while at work, on vacation, business trips, or in public libraries
• If you must, be sure to “clean up” after yourself
– Delete cookies, delete files, and clear history before leaving computer • Facebook Security
– Limit the amount of personal information available on your Facebook profile (e.g. DOB, address, etc.) – Proactively manage your Facebook privacy settings (e.g. select “Friends Only”, and limit profile
information, especially for non-friends)
– Only accept friend requests from people you know
– Limit the amount of "time and place" data that you expose through Facebook • Discuss with younger family members/teens
– Remember that even people you know can be identity thieves • Social Networking Awareness
– Identity thieves monitor chat rooms, dating, and social networking sites for victims – Victims are usually over 40, divorced, widowed, or disabled
– Scammers create fictitious profiles with pictures of attractive women or men – After gaining victim’s trust, ask for money
• Out of country business trip emergency
• Cashier’s checks (counterfeit), converted to cash, and wired to online “lover” • Agree to meet in person, then end up kidnapped, extorted, or even killed
– Also targeting seniors/grandparents generally, and relatives of US military personnel (family emergency scams)
7 • Immediate Action Steps for Identity Theft Victims
– Contact all creditors and financial institutions to inform them of the fraud, and cancel cards and accounts
• If your checks are stolen or have been counterfeited, contact the major check verification companies to notify retailers not to accept checks from your compromised a/c:
• TeleCheck: 800-710-9898
– To find out if the identity thief has been passing bad checks in your name, call: • SCAN: 1-800-262-7771
• Immediate Action Steps for Identity Theft Victims
– Contact each of the 3 major credit bureau fraud units to report the identity theft, and add a “fraud alert” statement to your credit file:
• Equifax: 1-888-766-0008; www.equifax.com • Experian: 1-888-397-3742; www.experian.com • TransUnion: 1-800-680-7289; www.transunion.com
– Contact law enforcement immediately, and maintain copy of police report
• Local Police, U.S. Postal Inspection Service, Social Security Admin., FBI, and/or USSS – File a complaint with the FTC
• www.ftc.gov, or 877-ID-THEFT – Keep detailed notes of all conversations!!!
• Names, dates, times, discussion points, etc. • Top 10 Immediate Action Steps – Homework!
1. Go to www.annualcreditreport.com and order your 1st credit history. Set yourself a reminder to repeat every 4 months (Equifax, then Experian, then TransUnion).
2. Go to www.donotcall.gov to place your telephone numbers on the national do not call registry.
3. Go to www.optoutprescreen.com to opt out of pre-approved credit card and insurance offers for yourself and spouse.
4. Go to www.dmachoice.org to manage (reduce/eliminate) direct mail offers (catalog, magazine, and other merchant offers).
5. Go to www.equifax.com/answers/set-fraud-alerts/en_efx to place a 90 day “fraud alert” tag on your credit report.
8
6. Call each of your credit card co’s (# on back of card) and tell them to stop mailing you convenience checks and remove from marketing lists.
7. Purchase a confetti-cut shredder, and use it regularly.
8. Review/reconcile your bank/credit card statements; go paperless. 9. Avoid sweepstakes and other “sign-up” offers.
10. Photocopy and/or compile detailed list of all purse/wallet contents. • Some Final Thoughts…
• Minimize Your Profile
• Control Your Mailbox Exposure • Monitor (credit and online banking) • If it doesn’t make sense, report it • Resources
• Websites with helpful Identity Theft Information:
– Federal Trade Commission – www.consumer.gov/idtheft – Internet Crime Complaint Center – www.ic3.gov
– Frank Abagnale – www.abagnale.com
– Better Business Bureau – www.bbbonline.org
– U.S. Postal Inspection Service – www.usps.gov/websites/depart/inspect – FBI – www.fbi.gov
– SSA/OIG – www.socialsecurity.gov/oig – www.onguardonline.gov
