ISHPI

I know what Identity Theft is!....Don't I?
ISHPI CyberBytes Newsletter Vol. 2 Issue 7
Read all CyberBytes Newsletters

In today’s digital age, our personal information is more valuable [and Iā€™d argue accessible] than ever [think google, meta, Microsoft, etcā€¦. over all the data they snatch from us every day, it is why the EU implemented the General Data Protection Regulation (GDPR)]. Unfortunately, this abundance of information on each of us also makes us a prime target for identity theft. Like anything, when we understand the threat, know what to look for, and how to protect ourselves, we make ourselves less of being the ā€œlow hanging fruitā€ a criminal would opt for. So, letā€™s talk about safeguarding our digital dossier.

To make sure we are on the same page, Iā€™ll ask the question, and it is not a ā€œdumbā€ question [and not just because Iā€™m asking it šŸ˜‰], ā€œWhat is Identity Theft?ā€ It is when ANYONE obtains and uses your PII ā€“ your name, identification numbers like Social Security or passport number, or credit card details, etcā€¦. to commit fraud or other crimes. Guess what, there is more than one type of Identity Theft!

  1. A [most?] common form of identity theft is Financial Identity Theft, where someone uses your information for to get a credit card, mortgage, or car loan, in your name and you are confronted to pay the bills [or the sudden target of aggressive collections!].
  2. There is also Medical Identity Theft, where someone steals your medical information and charges medical insurance in your name for medical procedures you never received.
  3. And another, Tax-Related Identity Theft, when a criminal uses your tax identification number to file a tax return in your name and claim a fraudulent refund. Then when you attempt to file for a tax return, you cannot get your money back as it’s already been submitted to someone else.

Ok, while there are more, letā€™s pause here and discuss these main ones, what now? Protect ourselves, you say? Great answer, unfortunately, it is not as easy as it sounds. Because we have, as part of our digital life, have voluntarily surrendered our information to MANY organizations and do so every day. Now, the ability you have, to Protect Yourself, has been delegated to them [those holding your PII] and it’s up to them to protect it and to some degree, out of your hands. Now while it may seem youā€™re powerless, it is not as bleak as Iā€™m making it, there are some key steps you can take to make the information you provide through your different accounts online safer.

  • Strong Passwords: One of the most effective ways to protect yourself is to secure each of your accounts with a unique, long password, and enable multi-factor authentication.
  • Regular Software Updates: Ensure your devices are updated with the latest security patches and features by enabling automatic updating on all your devices.
  • Credit Cards: Use credit cards for online purchases, never debit cards, as credit cards give you far more protection against fraud. Another idea is to use one credit card for just online purchases and another for in-person purchases. Some services provide virtual or one-time use credit cards for every online purchase, look into it with your card or digital wallet provider [Apple or google wallets for example].
  • Credit Freeze: A credit freeze locks your credit report, preventing fraudsters from opening new accounts in your name. This can be done for free by contacting the major credit bureaus.

Now we have done what we can do to protect ourselves, weā€™re done right? No [those that thought that before I wrote it, give yourself a gold star ā­]. Now comes a constant and change to your everyday life. You get to be like me and all the other cyber types in the world, we assume breach and work every day to find it before it does too much damage. That mindset is important because an identity theft happens every 22 seconds! Yeah. Pretty sobering šŸ˜¬. So, after preventing what we can, Detecting Identity Theft is of the upmost importance. In fact, early detection is one of the most powerful ways we can protect ourselves. The sooner we can detect our identity is being used by someone else, the sooner we can act. Some easy ways to be triggered to a possible identity theft include:

  • Unusual Financial Statements: You must monitor ALL your bank and credit card statements. Look for any charges or money transfers you know you did not make. I suggest that you enable automatic notifications on all charges and deductions. I have mine set on all financial accounts and cards, and I donā€™t set a threshold to exceed before the alerts trigger, like $25.00, because I want to know ANYTIME money is coming out of an account! This way anytime there is a charge to your credit card or a change to your savings or checking account you are notified right away.
  • Irregular Credit Reports: Annually review your credit reports for suspicious activity. You are looking for any new loans in your name that you know you did not make or any major changes in your credit rating.
  • Mysterious Bills or Notifications: Be wary if you begin receiving bills for items you know you never purchased, or if you are contacted by payment agencies for unpaid bills for items or services you never purchased ā€“ these can also be phishing attempts!
  • Unexpected Denials: If you’re unexpectedly denied your tax refund, or a credit or a loan application, investigate why ASAP!!!

So, Rob, now I know all this, but what do I do if I detect any of this?? Great Question [another gold star for you ā­ā­]! Next is how to Respond and Recover. If we find that our identity has been compromised, we MUST act right away.

  • Report Immediately: If we identify fraudulent activity in our bank account or credit card, we need to contact our bank/card company immediately. Also, depending on the breadth of the theft, file a report with local law enforcement. This can be crucial in proving the crime and helping you recover any costs or file insurance claims.
  • Fraud Alerts and Credit Freezes: Place a fraud alert on your credit reports with the credit bureaus and if you havenā€™t already, place a credit freeze on your account when you call. Work with credit bureaus to remove fraudulent information.
  • Document Everything: When calling organizations to recover, be sure to keep detailed records of your communications and actions taken, to include who you talked to, what date / time, and what was discussed.
  • Change Passwords: Update passwords for all your key accounts. If you do not have a password manager to track all your new passwords, consider getting one.

For more information,

A good commercial site about Identity Theft protection:
The GovernmentĀ 

Newsletter submitted by:Ā  Rob Collings, ISHPI’s VP of Cybersecurity | CISO

September 3, 2024

Share this Newsletter