Identity Theft - The Silent Stalker
My 4.5-year-old daughter loves to play make-believe with me. One of her favorite characters is “Princess Sofia the First.” She draws her inspiration from the episodes and then adds her own spin to the stories. Her stories inevitably end up with me being the witch, mean giant, or just an all-around bad guy. She is the hero, Princess Sofia! She slays the bad guy, saves all the people, and remains the ruler of her kingdom! While our stories are far from reality, it is important for her and us as adults to understand that not everyone has our best interests in mind.
Most surround themselves with people we believe to be “good.” We choose not to surround ourselves with or generally think about the people who intentionally set out to harm others. In many cases, including identity theft, we aren’t even aware of the threat that is present. Unfortunately, there are people in the world who prey on others through cybercrime. These criminals spend their time trying to steal your identity, and when they succeed, it causes a mountain of problems. Several people I know have had this experience. In fact, approximately nine million people in the US every year have their identity stolen, as estimated by the Federal Trade Commission. These fraudsters are crafty and do this as their profession. This month’s article will discuss how criminals steal your identity as well as recommendations to help protect yourself.
How does this happen?
Criminals steal personal information and identities for monetary gain. Identity theft ranges from people stealing bank account numbers so they can transfer out funds to opening credit cards in a victim’s name to even living under the guise of another person’s legal name and social security number. Here are some of the more common ways they do it.
Changing a victim’s address
Keep an eye on the mail. If statements that used to arrive at regular intervals stop showing up, a thief may have completed a change of address form to start having financial statements and other sensitive documents sent to their residence instead. (A sensitive document is anything that contains financial or personal information such as a person’s full name, date of birth, social security number, address, or phone number.)Skimming
There are machines called “skimmers.” They can be implanted into ATMs, and they collect card numbers and PINs. They can also be put into credit card readers, and the number, expiration date, and cardholder name can be collected. These stolen numbers are then made into fake cards, sold on the black market, or used in identity theft.Phishing
Fraudsters may try to steal passwords to sensitive websites by sending their victim a fake password reset link. The link directs the target to a site that looks like the legitimate website for the organization the fraudster is pretending to be. Emails may also contain attachments or fake advertisements for products and a link. Opening these attachments or clicking on links may install malware on the victim’s computer, giving the fraudster a direct route into the device.Keystroke tracking
Malware can perform various activities. One of them is tracking keystrokes. When a keystroke-tracking victim logs into their email or financial websites or enters a credit card number to make a purchase, these keystrokes are captured and sent to the criminal.Fake Wi-Fi networks
Hackers will go into public places to set up fake Wi-Fi networks that look like legitimate ones. If a person logs into them, the hacker can see everything that person is doing and may even be able to access their computer. When using Wi-Fi in a public setting, it is important to make sure to use a legitimate, password-protected network. There may be many fake websites in the area that look similar to the real ones. For example, available Wi-Fi networks at a Starbucks may include the legitimate Starbucks network, plus a few others that may have a “1” in the name or that start “Starbucks” with a dollar sign instead of an “S.” Those are probably fake and designed to trick people.Dumpster diving
This is exactly what it sounds like. When mail is thrown away which contains valuable puzzle pieces of sensitive information, the thief comes along and grabs it right out of the trash.Social media stalking
Public social media profiles are a gold mine for identify thieves. Answers to many “security questions” that a person sets when creating a username on a website can be found by scrolling a person’s social media feed.
How is this prevented?
Most people have unknowingly engaged in several of the items listed above, thereby making themselves vulnerable to cyberattacks. That being said, a person can help secure themselves against fraudsters and prevent future attempts of identity theft by following the prevention strategies listed below.
Utilize credit reports and credit freezes
There are three credit bureaus (TransUnion: www.transunion.com, Experian: www.experian.com, and Equifax: www.equifax.com), and each year they are required to provide a free report. This report is an excellent log of lending activity and requests for credit lines. If there are items on the report that are not familiar, it may be a sign of identity theft. If there are no surprises in the report, that is good news. The next step is for a person to freeze their credit. Credit freezes can be initiated on each of the three credit bureau websites. A credit freeze keeps any credit inquiries from being made and stops additional lines of credit from being opened. Freezes can be temporarily suspended by revisiting the website.Update software and apps
Phones and computers are constantly getting updated versions of apps and operating systems pushed to them. Why? Usually, it is because a hacker has discovered a vulnerability in the code. Software companies rebuild their products when these entry points are discovered to provide a safer experience for their users. Not downloading updated versions of software leaves a device vulnerable to hackers. Installing anti-virus software on a PC is also a good move. It should be kept updated as well.Utilize a password manager
Using strong passwords and changing them often is a good way to encourage security. A password manager can help keep track of all of them. Different password managers have various bells and whistles. Technology publication PC Mag has a rundown of some of the most popular: https://www.pcmag.com/picks/the-best-password-managersBuy a shredder
Then use it. Every time. Do not throw away or recycle whole pieces of mail, particularly those pieces with sensitive information on them. These are valuable puzzle pieces to a fraudster.Be social media savvy
Online quizzes are fun. It is nostalgic and enjoyable to post about memories with old friends from high school and college. However, take a moment to think about how many people have their high school mascot, birthday, or hometown referenced on their Facebook feed. These are answers to many online security questions! Set social media profiles to private and limit what is shared.Use two-factor authentication
There are two general ways to use two-factor authentication. The first way pertains to logging onto a sensitive website. After entering the username and password, the site can send a code to the user’s cell phone, which then must be entered into a pop-up window in order to complete the login process. Two-factor authentication can also be used with financial and other institutions. An agreement can be set up whereby these professionals contact the approved account owner via a method specified in advance before executing any instructions that have been received via email or text.Do not visit sensitive websites on public Wi-Fi
It can be hard to distinguish fake public Wi-Fi from legitimate public Wi-Fi. Also, real public Wi-Fi can be hacked. It is best to avoid visiting sensitive sites while on public Wi-Fi or proceeding with any transaction over public Wi-Fi that requires entry of personal or financial information. As a rule of thumb, it is best to avoid public Wi-Fi altogether. Using a cell phone as a hot spot to connect to the internet is more secure. The best option is using a Virtual Private Network (VPN) to encrypt any information being sent or received on a device.Do not click that
Do not open or download attachments from unrecognized senders. Even if the sender’s email address is familiar, be wary of text within the body of the email that does not resemble how that person would usually write a message. If there is doubt, contact the sender for verification before clicking. In addition, businesses will never send an email requesting their clients to update a password or personal information by clicking a link within the email. Delete these messages immediately. If there is a question as to the legitimacy of the message, call the organization directly at the phone number listed on their official website. Do not click the link in the suspicious email, use a website provided within the email, or call any phone numbers provided in the email.
It is hard to tell who is at the other end of an email message or if somebody is watching your keystrokes. The good news is that taking the precautionary steps given above can help reduce your chances of being part of the nine million Americans every year who fall victim to identify theft. If we have not yet discussed setting up two-factor authentication or security questions for your online access, let’s get that taken care of sooner rather than later. Remaining vigilant can help you remain the ruler of your kingdom, and keep the bad guys out!
This commentary reflects the personal opinions, viewpoints, and analyses of The Dala Group, LLC employees providing such comments. It should not be regarded as a description of advisory services provided by The Dala Group, LLC or performance returns of any The Dala Group, LLC client. The views reflected in the commentary are subject to change at any time without notice. Nothing in this commentary constitutes investment advice, performance data, or any recommendation that any particular security, portfolio of securities, transaction, or investment strategy is suitable for any specific person. Any mention of a particular security and related performance data is not a recommendation to buy or sell that security. The Dala Group, LLC manages its clients’ accounts using various investment techniques and strategies, which are not necessarily discussed in the commentary. Investments in securities involve the risk of loss. Past performance is no guarantee of future results.