In a previous post, we identified the top reasons that put you at risk of becoming a target of savvy identity thieves.  In this post, we will examine the last 5 rules in a set of 10 that you can take to make sure you never become a victim of these criminals.   To view our previous post in a series on Identity Theft, please see the post titled “The 4 Major Signs that you are At Risk of Identity Theft” on the 760Credit Blog.  To view the first 5 rules for preventing ID theft, see “Top 10 Rules to Prevent Becoming a Victim of Identity Theft” on the 760Credit Blog.  The series is meant to help you become as identity theft-proof as you can possibly be, so the tips provided could possibly save you thousands of dollars and years of heartache.

It is important to us that the public understands the fact that identity theft is not going anywhere.  It is a major threat that is only going to grow in size and scale as more parts of our physical lives are moved online.  While our first article focused on preventing ID theft in the physical world, this set of preventative measures focuses on staying safe in the digital world of the internet.

Rule 6:  Never Use a Password Twice and Always Use a Password Manager

 In our previous post, we mentioned the reason behind choosing a random series of letters, numbers, and special characters to create a password that would be impossible to guess, because it has no intrinsic or sentimental link to your personal life (like the numbers of your date of birth would, for instance); and would also be impossible for a malicious password cracker to stumble upon.

Building on that, you should always make sure to use a different password for each login associated with personal or sensitive information, such as your online banking or credit card provider’s online access.  At this point, you may start to feel as though this is going to be a tedious and cumbersome task, where you are having to keep, memorize, and enter a long, random password for each site you log in on.  However, ingenious developers have created browser extensions known as “password managers” that allow you to enter one password while storing all of your passwords for different sites.  That way, you will only ever have to enter the one password in order to log in to any of the various login IDs that you keep associated with the password manager.

However, when it comes to password managers, not all are created equal, and there are actually some that are malicious software, using your inherent trust of the software to steal your passwords and give them to ID thieves.  Because of this, we can only suggest that you go with a password manager with a proven track record of security and protection of its users, and for that, we suggest LastPass, the gold standard in password managers.  Any passwords stored with LastPass are heavily encrypted, so in the case that the file containing the passwords is ever hacked, the thief will only have access to a useless set of random characters.

Rule 7:  Use Credit Monitoring Tools such as CreditKarma and CreditSesame

Besides the tools available from the credit bureaus alone, which come at a cost to you in exchange for a monthly subscription, utilizing services such as Credit Karma and Credit Sesame can help you put up a formidable defense against would-be ID thieves.  While other credit monitoring services can do a great deal to keep an active eye out for changes to your score, Credit Karma and Credit Sesame allow you to pull a full version of your credit report once every 7 days, and they are both free.  Credit Karma, in our opinion, has the best options for monitoring, as they offer your reports from TransUnion and Equifax, and they also offer free tax preparation every year.  However, Credit Sesame has a separate identity theft protection product, the free version of which comes built-in with $50,000 of ID theft insurance, while the paid version offers higher limits and better tools.  Thus, the most prudent advice for getting the most out of these types of services has to be to utilizing them together, as the more tools you have available at your disposal, the better protection you have in place.  Credit Karma also offers the option for federal and state income tax preparation, which can give you added peace of mind as well, as stolen tax return documents are a huge source of personal information for identity thieves.

As mentioned, both of these services allow for credit score and report updates every 7 days, and while Credit Karma does not include your Experian report, you can access your Experian report one per month for no cost or requirement to place your credit card on file through Experian’s own service.

Not only will including these free credit monitoring tools greatly help you with preventing identity theft from having dire effects on your quality of life.

Rule 8:  When it Comes to Social Media, Less is Better

Social media is a wonderful societal phenomenon that allows us to stay in touch with people that we thought we would never see again – for better or worse.  It allows us to coordinate with our friends, socialize with a long-distance family member, and create professional connections and networks to further our careers.  However, while it is all of these things, it is also the biggest gift that those who peddle in the business of surveillance have ever hoped for, both the legal sort and those who watch your interactions for more nefarious reasons, such as to learn your habits to steal your identity.

The youngest generation currently in adolescence at the time this article is being written has no organic memory of life before the wide-spread, always-on form of connectivity that social media has given us.  Because of this, the preciousness of privacy that was so important to the founders of our nation that they literally wrote it into our founding documents (and even further created federal statutes focused upon on the right to privacy), was handed over to tech giants like Zuckerberg and company with the click of a mouse accepting their terms of service.  Thus, the generation that will come to power within the next 20 years will have no concept of a life without always-on surveillance via digital means.  Thus, during that time span, one can only postulate that ID thieves will find more and more of their victims through the same platforms that we all interact on.

So, if you are concerned about identity theft, you have to weigh your options when it comes to social media.  If you have been the victim of ID theft before, you probably fall into the category of people that are willing to cut social media our of their own personal lives forever.  However, if you are an up and coming teenager that will come into adulthood within the next year or so, you are likely to have an account on every social platform out there.

Now, both of these examples demonstrate the extreme ends of the spectrum.  In reality, most people will fall somewhere in between both extremes, so you just need to examine your risk and concern regarding identity theft and utilize the services accordingly.  For instance, do you really need a personal social media account for Instagram, Twitter, Facebook, Snapchat, YouTube, Google+, LinkedIn, and about 20 others?  If you are not trying to market a service or product, there is no reason to have social media accounts across every platform, and doing so paints a target on your back for criminals, as they can study your language, habits, and friends; finding out personal information along the way that may aid them on their pursuit of becoming you.

However, if you are determined to have a far-reaching social media presence across multiple platforms, simply limiting the type of information that you share in your posts and/or make public will go a long, long way in keeping you safe.  For instance, don’t share your birth date, don’t check in from every public place you visit, and set your preferences to keep your data private.  As such, the rule for social media is definitely “less is more,” no matter what avenue you apply it towards.

Rule 9:  Encrypt, Encrypt, Encrypt

Encryption refers to the encoding of certain data in a manner that it cannot be revealed or read unless a pre-determined, mathematical tool called a cipher (displaying an algorithm), which combines with another set of data called a “key,” is used to decode it.  Encryption has been used since Antiquity to hide sensitive data, such as troop movements during the war from prying eyes.

In the digital world, encrypted data means that someone trying to steal it will be met with a bunch of random characters that are of no value unless the cipher is cracked using software tools to guess solutions to the algorithm at very high speeds.  The genius of encrypting digital data lies not in its ability to hide the data – because encryption can and has been broken – but rather, because the person trying to crack the encrypted data has to rely on heavy usage of computing power, it may take thousands of years before the data can be cracked.  How long it takes to break depends on the length of the “key,”  some of which would theoretically take billions of years to crack.

Now that the explanation is out of the way, encrypting your personal information when transmitting it online is one of the best ways to ensure that your data is never stolen online.  In days past, one would have to use a separate software program to encrypt data.  However, because of innovating companies such as ProtonMail, anyone can encrypt every piece of email that they send.  Anyone sending personal data in an email should do so using encrypted mail, like ProtonMail; as it is encrypted on both ends, meaning that “not even [their] CEO can see your data,” according to their FAQ.  This is super important; because even if a criminal were to intercept an email with personal data, it would be useless for them.

The next application of online encryption has to do with the companies that you transact with online.  In the event that you apply for a credit card, open a bank account, or do anything else that requires you to submit your information over the internet, make absolutely certain that the site is secured with encryption before you submit.  You should see the symbol of a lock on sites that are encrypted and a slash through them if they are not.  Also, the very first part of the web address, known as the URL, should read “https://” instead of “http://”.  These sites will almost always use the SHA-256 algorithm to secure your personal data.  This is a very secure algorithm and is the same encryption level as Bitcoin.

Keeping an active role in making sure your online data is safe is one of the best steps you can take in preventing your identity from falling into the hands of a criminal.  Instead of just clicking through a tedious-looking application, make sure that you keep an eye out for the security features that should be present on any online credit application, if it is from a legitimate source.

Rules 10:  If In Doubt, Turn About

In the end, this final rule for preventing identity theft will serve as the best protection, so long as it is applied appropriately.  If your basic human instinct tells you that you shouldn’t submit an application, subscribe to a platform, create an account, or complete a transaction in the digital world; follow that instinct.  For example, one common method used by criminals to extort people for money or for personal information is the “phishing scheme.”  The Federal Trade Commission has an excellent page explaining the technicalities of such scams.  However, to put it simply, a phishing scam simply involves the impersonation of a legitimate entity by a criminal in order to steal a person’s passwords, bank account number, and credit card information.  The criminal will create an email and website using the original, legitimate version’s code but changing the input stream to send to them instead of the entity.  Then, the criminal will send an email to the target, again modeled the visual layout of a legitimate email, asking for personal information to “verify that you are the user.”  While it seems like most people would be able to spot this a mile away, the ID thief exploits two very strong human emotions – fear and trust – into turning these scheme into effective scams.

Other scams include the “409 scam,” in which someone claims to have millions of dollars but needs several hundred dollars to effectively bribe a customs official into giving you the money.  This scam usually involves cash wire transfers, but many times, variations also ask for your personal information.

So, when it comes to protecting your identity from online threats – if your sense of wariness starts to tingle, turn the other way.  Trust your senses, and if something does not seem right, don’t go through with it.  You are never going to mysteriously fall into thousands of dollars for no reason, so never believe a fraudster claiming that he will give you thousands of dollars if you first pay a $500.00 fee.  The old saying is as true now as it ever was – if it seems too good to be true, it probably is.

Conclusion

In the end, after taking into account all of the information presented in this two-part guide to keeping yourself safe from identity theft, you have been given tools for doing so both in the physical world and the digital realm.  While this may seem like quite a bit of material to take in, most of these tips and rules can be easily accomplished by simply paying attention to what you are doing instead of getting into the habit of online complacency, where you simply click “accept” to anything just to get the popup to go away.  Taking the time to read what you are signing up for, paying attention to sites that ask for your personal information, and keeping your data safe via encryption are very simple steps that you can incorporate into your personal regimen for keeping your identity safe.

Source Material

1. 760Credit. Top 4 Signs You are at Risk for Identity Theft.  Article from 760Blog.  Retrieved from https://760credit.info/the-top-4-major-signs-you-are-at-risk-for-identity-theft/.
2. Product Link. LastPass Password Manager.  Link:  https://www.lastpass.com/
3. Product Link. Credit Karma Credit Monitoring.  Link:  http://www.creditkarma.com/
4. Product Link: Credit Sesame Credit Monitoring.  Link:  http://www.creditsesame.com/
5. Product Link: Credit Sesame Identity Theft Protection Service.  Link: https://www.creditsesame.com/product/identity-theft/
6. Product Link: Credit Karma Income Tax Filing.  Link:  https://www.creditkarma.com/tax
7. U.S. Const. amend IV.
8. The Privacy Act of 1974, 5 U.S.C. § 552a.
9. Product Link. ProtonMail Encrypted Email Service and FAQ Page.
10. http://www.protonmail.com/
11. http://www.protonmail.com/faq
12. Federal Trade Commission. Information Page> Security> Online Scams> Phishing Scams.  Retrieved from:  https://www.consumer.ftc.gov/articles/0003-phishing