2 Scary (and Real) Stories About Identity Theft and 3 Ways to Fight Back
Is your private information secure?
In 2018, 14.4 million consumers fell victim to identity fraud. Their collective out-of-pocket expenses more than doubled to $1.7 billion.
Knowing how to protect against identity theft is an important part of financial literacy — lost money is a threat to financial security, no matter how it happens. Having a grasp on effective risk management practices can help consumers fight back.
We spoke with two professionals about how their financial information was leaked (or nearly leaked). Here are their stories, and three tips to help you stay safe.
Story No. 1: Caught without a VPN
Will Ellis, founder of Privacy Australia, founded his company after falling victim to an online security breach that compromised his financial information while traveling for work.
“I lost some of my funds which I had set aside for my trip and had to cancel a few activities, cutting my trip short,” he said. “Luckily, I did catch it in time before even more was taken.”
The culprit? Accessing an unsecured public Wi-Fi network.
All internet users have an IP address. This connects a device, like a computer, to a network. Typically, internet traffic goes through ISP servers, which means the servers can see everything an IP address does online. Browsing history and other confidential information can then be handed over to advertisers and third parties.
The dark truth is that hackers prey on IP addresses to gain access to this private information. Using a public Wi-Fi network makes internet users more vulnerable to attack.
“[I]f I had been using a VPN, none of that would have happened in the first place, and I would have been able to enjoy my trip as I had planned,” Ellis said.
A VPN, or virtual private network, extends a private network across a public network. Users with a VPN are able to send and receive data securely as if their device was connected directly to a private network.
Three benefits of using a VPN include:
- Hiding an IP address
- Encrypting data sent and received
- Protecting against third parties trying to intercept this data
“I feel that we often forget just how much of our information has been stored in the cloud, and just how easily we can fall victim to a cybercrime,” Ellis said. “That’s why it is important to be as secure as possible when browsing the web and to take the correct precautions to protect our personal data,” he added.
Story No. 2: Saved by multifactor authentication
When entering login credentials, users sometimes receive a prompt to confirm their identity with a secondary sign in. This two-factor authentication process, while at times tedious, can be a financial lifesaver.
Frank Spear, a marketing expert at Awesome Motive Inc., spoke with us about the time that multifactor authentication protected him from identity theft.
“It was a normal day when I got a notification saying that there was an attempt to access my PayPal account,” Spear said. “Suddenly, several warnings popped up, followed by the always frightening, ‘Your account has been locked for security purposes,’ message.”
Someone had attempted a brute-force attack, which consists of submitting multiple randomly-generated passwords, in an attempt to unlock Spears’ account. Luckily, multifactor authentication intervened.
Alarmed, Spear called PayPal and verified his real identity, ultimately saving his account.
Multifactor authentication adds another layer of protection to an account. A user can only gain access to their account after successfully verifying at least two types of identity. For instance, a hacker may crack a password, but won’t gain access to an account without secondary credentials, like an email or smartphone code.
3 Ways to Guard Against Identity Theft
You've read how it happened to others. But how can you prevent it from happening to you?
Tip No. 1: Protect your social security number
Protect your social security number (SSN) at all costs. This nine-digit identification number is used for several purposes, such as tracking income and benefits. Scammers who gain access to a SSN can use the victim’s good credit to their advantage – applying for loans, credit cards, and other financial services.
Don’t carry your social security card around. Don’t write the number down. Don’t tell it to a stranger.
In fact, there are only a few legitimate reasons to ever give out a social security number, such as:
- Opening a bank account
- Taking out credit or a loan
- Filing taxes
Be wary of people who ask for your social security number, especially if the interaction doesn’t occur in person. For instance, scammers may use a fake email address to pose as an authority figure, such as a bank representative, and ask for personal information. Consumers should be prepared to ask questions to determine if the situation is legitimate. Some examples:
- Why do you need my SSN and how will it be used?
- Can I provide a different form of identification?
- What will happen if I don’t provide my SSN?
If the person can’t provide reasonable answers, then don’t give out a SSN.
Tip No. 2: Shred important documents
Shred everything. Yes, everything.
Any document with personally identifying information on it – a signature, account information, address, phone number, medical information, password, or SSN – should be shredded immediately after u
Pre-approved credit cards. Bank statements. Utility bills. Mailing labels from charity organizations. All of these innocuous papers can act as a gateway to identity theft.
Shred all incoming mail before throwing it out, as well. People who want to steal your identity will go to extreme lengths to gain access to your information – even rooting around in the garbage.
Can’t shred it? Keep hard copies of documents under lock and key in a secure location.
No. 3: Create a strong online password
Create strong login credentials to protect digital accounts.
Avoid using easily found information, such as your birthdate, mother’s maiden name, or SSN. A good rule of thumb: If a password is easy for you to remember, then it’s likely easy for a hacker to guess.
Instead, use a combination of letters, numbers, and special characters to create a strong password.
Each account password should be different. The chances of getting hacked increase when the same password is used across accounts. For example, a data breach may expose an account password. If a unique password was used, then it’s the only one that will need to get updated. This will save you time and give you peace of mind.
If you’re worried about remembering multiple passwords, then use a password manager to keep them secure and organized.
Privacy infringement and identity theft pose a challenge for consumers. Fight back with risk-management strategies.
Will Ellis is an IT security consultant and founded Privacy Australia in an effort to help everyday people protect their privacy and data.
Frank Spear is a content marketer for Awesome Motive, who creates WordPress Plugins for small business owners, such as RafflePress and SeedProd. He has contributed content to the online marketing community for close to a decade.