Sunday, November 25, 2012

How to Protect Yourself From Identity Theft, Fraud and Phishing


Identity theft is an ever-increasing issue given the sheer amount of people who are having financial difficulties due to the worldwide financial crisis. You can only protect yourself against identity theft, do not leave it up to anyone else to help you.

There are some basic measures we can all take to reduce the risk. The first of which I would suggest would be two have two separate email addresses, one for your financial business, and the other for everything else.

So your online banking, PayPal, your accountant and just about anything you buy online, you should use your financial email address. Use a very difficult password with a minimum of 10 characters including capitals and symbols and don't give this email address out to anyone else. The reason we include any purchases in this email is that you are giving your financial information away to these sites included card numbers and pertinently, your address.

Use the email address only for your financial transactions and never give it even to friends. Use your other email address for everything else.

It's fairly obvious why you wouldn't want people getting hold of your bank details or card number, but the reasons run a little deeper as to why we wouldn't want people accessing this email address. If they guessed your password what would they have access to? A few online purchase receipts (with your address on), details of your PayPal account which they can access to withdraw cash to themselves, your online banking login details? You might think "Well just because someone can access my email doesn't mean they could access your PayPal or online banking accounts" and you would only be partly correct. All they need is access to your email address and they could request a new password be sent. Bang! You're in trouble.

If you have to write down the password and place it in your purse or wallet do so, it's better than making it an easy password to guess or hack.

This has been really focussed on fraud, but there is another, more insidious factor, we need to bear in mind. That factor is identity theft.

Identity theft, to my mind, is worse than fraud. Yes fraud involves stealing your own assets, but identity theft runs deeper than that, they steal your identity and take out loans and credit cards in your name. When the lender comes calling, they are going to be calling the named lender, you! This can not only hurt you financially, but can also affect your future ability to lend, your reputation and your health.

You are particularly susceptible if you create relationships online, i.e. from dating or from social networking. The whole process is ripe for identity theft, it is all about getting to know someone so you can give out very personal information during the course of the chat. For example, they want to know how old you are, you tell them because it's one of those things that come up a lot. But let's take the conversation further:

"What star sign are you?" "Wow I'm Virgo too, when's your birthday?" It all seems innocuous enough, but if you tell them, they combine it with your age and they have your date of birth as easily as that.

Let's go back to the earlier example of them accessing your email. If you have one email address and you give it out, to exchange photos or something (or bear in mind how much information you show on Facebook) they can go to your email provider and pick the option that you have forgotten your password, they can they find out what your security question is and either find the answer by searching through Facebook or directly asking you. As an example, the security question might be your first pets name. They then might start asking questions about your past. "Where were you born?" "Do you have any brothers?" "Were you a happy child" "Did you have any pets?" and before you know it you're discussing fluffy your first rabbit and how it got stuck in your boots. They can then close the conversation, go to your email account and unblock your inbox.

So they have your date of birth and access to your email account, all they need to do is login, find the receipt for the table you bought a week ago and BAM they have your address. And all they have had to do is ask a few questions, ones that are asked every day, very innocuous.

Let's go back to the conversation. They have asked where you were born. In the UK the only information someone needs in order to get a real copy of your birth certificate is your name, town of birth and date of birth. With your birth certificate they have the basis of your whole life.

Where else can someone get your address? Are you on an online directory? Like for example is your phone number listed? The electoral role? Can they search your surname and area and find you?

If you are going to meet someone, do it in a public place, don't show them pictures of your house or your car, all these things can be traced.

Once someone has your address you are open to having your whole life destroyed.

They can apply for loans, credit cards in your name, they could also change your address at your bank although this makes it more likely they will be caught. But if someone has your address and date of birth, and takes out a loan in your name using your credit history by telling them you have recently moved address. Of course this means that the lender will come to you on the first default, also your future credit options will be limited.

Even without your address, if they have your date of birth and birth town it doesn't take much more to get your birth certificate which in some respects can be used to prove your identity. Let's say they want to open a basic bank account in your name, they can take out an electricity account in your name with no ID requirements, when you get your first bill, this can be used as proof of your address, with that, along with your birth certificate, they can open a basic bank account with no credit facility. But after a bit of time they can easily use your electricity bill, bank account statement and birth certificate to take out a contract phone in your name giving them a credit file and history. After a bit of time they can use this credit file to take an overdraft and/or loan in your name, even a mortgage. They can also use your bills to apply for a replacement driving license in your name.

It's surprisingly easy to do all the above simply by knowing your date of birth and address, or in the US your social security number.

So you have to protect yourself. Start off by saving your important emails to your computer and deleting them from your email account. Open a new email account and protect it with a top notch password. Further protect it with a security question that is unusual, one that might cause you to question it if it comes up in conversation. If all the questions are easy then substitute the real answer with one that you will remember that's incorrect, i.e. Mothers maiden name: table.

Be very careful what personal information you give out during normal conversation, it might be a good idea to train yourself to re-read anything you write before you click send.

Be aware also that even your nearest and dearest can steal your identity. I once investigated a case for a woman who's best friend had stolen her identity. In cases like this, I would suggest signing up with a credit reference agency who will be able to email you whenever a change to your file has been logged.

Finally, how do we rectify identity theft? Well if you are in the US, you can call the Federal trade commission on 1-877-IDTHEFT and the IRS on 1-800-908-4490. You should also report it to the Internet Crime Complaint Center. If in the UK, report it to the police first and foremost, then contact the lenders and give them the crime reference number. Keep a close eye on your credit report and deal with issues as they arise. Give your crime reference number to your bank and any lenders you have. Any company part of the finance act has guidelines on how to assist in these circumstances and they will be able to provide you with further information and support.

Phishing websites.

Phishing is the practise of someone getting you to reveal your bank account (or other account) details by way of a form that looks just like the real thing. Most of these scams are done through emails and you will receive it from a legitimate looking address, it might tell you that there is a problem with your account and you should click the link to get it unblocked. The email looks genuine, the link looks genuine and the page it takes you to looks genuine. The way to always stop these in their tracks is to hover over the genuine looking link and read the actual destination link that pops up in a small box, this is the actual destination rather than what is actually typed in the email. Is this destination address taking you through to the right place? If not, delete it. An example destination address might read paypall.com and you might miss the extra L if you wasn't specifically looking for it.

Most financial institutions have a fraud department dedicated to investigating these matters so you can always forward on the email to the company it is purported to have come from. As an example, there was a recent story that the HMRC (British version of the IRS) were sending out tax refunds to people, the stories were correct, but phishers were sending emails to people asking them to log onto a fake online form where they could collect the details. Once I read it and seen it wasn't genuine I forwarded this straight to the HMRC fraud department. Whether anything comes of it they don't say but I hope they catch the culprits.

A Review of Krolls Identity Theft Shield Program   The Urgency of ID Theft Prevention   



0 comments:

Post a Comment


Twitter Facebook Flickr RSS



Français Deutsch Italiano Português
Español 日本語 한국의 中国简体。