Weaponized Data Can Lead To Identity Theft
We get a lot of mail, even these days when so much of our communication is done electronically. Granted, most of it is not of interest to most of us and it goes directly into the trusty “File 13.” However, those pre-approved credit card applications, loan re-finance offers, bank statements, and the like are all valuable to would-be cybercriminals. While perhaps none of this data on its own is of much value, it can be collated and put into a neat and tidy package. At that point, it is “weaponized data” and can be used against you in many ways:
- To apply for credit in your name
- To get healthcare with your health insurance information
- To get malware onto your devices via phishing
And many more.
Earlier this year 143 million U.S. residents were victims of a data breach at Equifax. This is one of the three major credit bureaus that we rely on to provide correct information to creditors and others. But they let us down and we didn’t even have the option to opt-out of them collecting our data. They just do it and there is nothing we can do about that.
There are things we can do to protect our data, however.
Consider freezing your credit. This may cost a few bucks, but will prevent anyone including you from having access to your credit files. It must be done separately at each of the bureaus (Equifax, Experian, TransUnion), but it’s a small price to keep your credit and identity a bit safer. Just keep in mind that it will require an unfreeze and refreeze whenever someone needs to access your information. This may also require a fee. Read the fine print.
If you are an identity theft victim and can provide proof, you can usually freeze your credit at no charge. Check the bureaus’ website to find out what information you need to provide for this.
If you need easy or frequent access to your credit, perhaps a freeze isn’t right for you. For example, if you’re trying to get a car loan, rent an apartment, or even apply for university programs, you will need to have it available. In this case, consider credit monitoring, placing a fraud alert, or Identity Theft Protection service.
Credit monitoring services will alert you when your credit is accessed, but won’t stop someone from retrieving it or acquiring credit in your name. But if you don’t recognize the inquirer, you can contact the bureau immediately and resolve it.
A fraud alert will also not protect your from becoming a victim of fraud. However, to get access to your credit, the bureaus may have to take additional steps to confirm your identity before proving any information.
Identity Theft Protection will alert you about access to your credit file, but may also provide other services such as helping you get your credit fixed if fraud does occur. They also may provide searches of public records to see if your information is found and monitoring of black market websites.
As always, when signing up for any service, be sure to read the fine print. Some of them offer a free service, but only for a limited time. Others require purchase of other products before getting the freebie.
Don’t Get Hooked By Phishing
Two major goals of phishing attacks are to download malware to retrieve that highly coveted financial information or to install remote controllable malware onto corporate networks. This is all too easy to do, as all it takes is one person to click a link that unleashes something malicious and put an attack into motion. This happened with WannaCry and many other attacks of late.
Now these phishing attacks are becoming nearly impossible to detect. They use information that can be gathered in a plethora of ways, such as from documents you toss out, to information posted on social media, to photos uploaded to image sharing sites to create a profile of a specific target. Then the information is used to go phish.
Don’t open attachments or click links that are not expected or that come from unknown senders. Unless you know it’s on the way, assume it’s suspicious first. Verify with the sender before clicking anything.
Use caution when posting information about yourself on social media and other websites. Consider not posting your job title or department. Those in the human resources and financial departments are frequently targeted with phishing attacks to commit wire fraud, W-2 theft, or business email compromise (BEC) scams.
Yes, You Need To Change Your Passwords
All online accounts should have unique passwords. Yes, it’s difficult to remember them all, but password reuse is a real thing. The cyberthieves use stolen passwords they either steal items or more money themselves or make purchases on the dark web. They do try them on other websites that may be lucrative. Try using a core password and adding characters from the websites to create a unique password. For example, your core password may be xI2$c5 and you want to go to Bank of America’s website. Your password could become xI2$c5BA or BAxI2$c5. When using this technique, it’s highly unlikely you will ever create a duplicate password.
And when it comes time to change your password, consider creating a new core password.
If that won’t work for you, write them down, but consider using clues rather than writing the passwords down exactly. Keep that list separate from your computer and lock it away in a secure place.
There is no way to guarantee 100% that you won’t ever become a fraud or identity theft victim. But you can follow these guidelines and increase the cybercriminals’ failure rate when it comes to your information.
Shred ‘Em Dano!
Shred all documents that may have sensitive or even useful information. Those credit card applications you didn’t request? Shred them. Those unsolicited offers to sell your house? Shred them. Mail from the charities you donate to and the subsequent renewal offers? You guessed it! Shred them.
All of this can be put together into your potential identity theft profile.