Consumer Protection | Business Protection

Beating Tax Refund Fraud Happens Early

June 19, 2015

“AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.”

One of the fastest growing forms of identity theft-related crime is tax refund fraud, which occurs when a thief files a false tax return using your personally identifiable information. This crime, which some experts estimate costs the IRS over $4 billion a year in faulty refunds, often goes undiscovered until the victim attempts to file his or her legitimate tax return and has it flagged as a duplicate.

Unfortunately, once someone has discovered that they are a victim of tax identity theft, they will struggle with the issue for many years to come. So just how does someone who has been victimized prepare for tax time? While the old “ounce of prevention” saying applies in so many different situations, this is truly one of those events that offer the victim almost no recourse other than keeping a thief from filing in the first place.

The most important thing you can do is to file your tax return early, literally in order to beat a thief to it. If anyone is going to find out that a return has already been filed in your name, you really want it to be the thief, not you. If you prepare your documentation in December, you’ll be ready to file after January 1st, the moment all of the paperwork is in order. There’s no reason to wait until April 15th, especially not when your tax refund is at stake. You will want to make sure that your employer is aware of your situation so that they can get your tax documents to you as soon as possible to enable early filing.

One of the tools that tax identity theft victims often overlook is using the resources of the IRS itself. While many victims are understandably disgruntled with the tax giant, you can be assured that the IRS dislikes identity theft as much as you do. Fighting identity theft has been an ongoing battle, and they are working to provide help to victims. Tax identity theft victims should contact the IRS Identity Protection Specialized Unit (IPSU) at 1-800-908-4490 as soon as they are aware of any problems or if they have questions or issues related to their filing. If you have contacted the IPSU and have not had a resolution to your case, you should contact the Taxpayer Advocate Service toll-free at 877-777-4778.

An important step to minimize the time spent on your identity theft case is being well organized. You should have filed a police report when you first found out you were a victim of identity theft. Keep a copy of this police report in a central, protected location. Along with this document, you should have a copy of any communication you have had with the IRS, including your IRS Fraud Affidavit. Just as you keep records of past tax returns, receipts and other documentation you need to file, hold on and protect these items.

Victims of tax identity theft must also remember that if your return was filed by a thief, that thief has your information and could easily have used it for other purposes. As soon as you learn of the false return, you should take steps to ascertain whether other aspects of your identity have been compromised. These steps include ordering a copy of their credit reports, closely reviewing financial statements, and even health insurance benefit statements.

If you are currently in the process of resolving tax-related identity theft, keep these resources in mind. As you look to the next tax season, try to start planning early to be sure you are able to file as early as possible. December is only six months away, so the time to prepare will be here before you know it.

Tags:

Lesser-Known Ways to Steal an Identity

June 17, 2015

Jackie here. We talk a lot about checking your credit report and bank statements for signs of ID theft, but making fraudulent charges on your accounts isn’t the only way thieves can use your identity. Thieves also love using not-so-well-known methods for theft as they can often avoid detection for much longer. Which of these types of identity fraud were you aware of?

Health Insurance

Medical care can be expensive, making health insurance a gold mine for thieves. Thieves can steal your insurance information and pretend to be you at the doctor or pharmacy. This isn’t just a financial nightmare; it can also lead to serious medical problems including cancelled insurance and conflicting medical records (which can lead to treatment difficulties).

Medical ID theft is surprisingly common. It is estimated that at least 2.3 million American adults have fallen victim to medical ID theft and the number continues to grow. Resolution is difficult too. Only 10% of respondents in a Ponemon survey had satisfactorily resolved their problem.

Criminal Record

Some thieves commit criminal ID theft by giving another person’s name, driver’s license number, or SSN during a criminal investigation. This can lead to arrest warrants in your name for crimes you didn’t commit. Although this type of ID theft is concerning, it is luckily rather uncommon. Here are some tips if you do find yourself in trouble.

Social Media Accounts

Your social media accounts are vulnerable to hacking. Thieves can gain control of your accounts and use them to solicit money from friends and to spread malware and other harmful links. Hacking your actual accounts isn’t the only way thieves take advantage of your identity on social media; some thieves create secondary accounts using your name and your pictures to trick friends into “friending” you so the scammers can attempt to take advantage of them.

Tax Refund

Tax ID theft topped the list of FTC consumer complaints in 2014, with the problem only expected to continue growing. Tax ID theft occurs when thieves file taxes in your name and take your refund. One of the best ways to fight this problem is to be sure you file early.

Your Computer

Are identity thieves lurking in your computer? Thieves use malware, ransomware, and other types of malicious software to take over your computer. Thieves can track your typing to obtain your login credentials, lock up your computer until you pay a fee, and redirect you to their websites when you browse the web. Antivirus software is essential, as is keeping up on your updates. Here are some more tips for keeping your computer ID theft free.

Other Methods

While the methods listed above are some of the larger problems when it comes to lesser known types of ID theft, they aren’t the only things to watch out for. Thieves may also take advantage of your frequent flier miles, hotel points, gift cards, chat programs, etc. If it’s valuable, odds are thieves have found a way to take advantage.

Tags: , , ,

What Does Google Know About You?

June 12, 2015

Jackie here. What secrets does Google know about you? Your internet search history is packed with information you might not like the world to know. For a quick lesson in privacy, take a look at your search history and see what you’ve been inadvertently sharing. This simple exercise is very revealing of how much information we actually share online and how important protecting privacy actually is. What does your search history reveal about you?

Finding Your Google Search History

To access your Google Search history, head to the Google Web History page, click on the gear and select “Download” (detailed instructions here). You’ll need to log in to your Google account and accept a few authorizations. Google will then prepare your archive and send you a link when it’s ready. Then, you can download your history to Google Drive and take a peak. The file will be zipped so you’ll need to unzip it. Files will be arranged by date.

Just so you know, the files are JSON files which can be difficult to decipher, but if you use the search feature to find “query_text” you’ll be directed right to your search history. If you’ve turned the Web History feature off previously, you won’t be able to access your results.

What Can You Do?

If your results are a bit shocking (or a little embarrassing), there isn’t much you can do (short of revising what you search for in the future), but you can tweak a few settings.

Turn off Search History- You can turn off the Search History feature in Google from your Account History page. This will keep your searches from impacting the results of future searches (and will keep you from getting any results the next time you download your history), but won’t keep Google from having access your search information for internal purposes. While you’re there, you may want to tweak a few of the other privacy settings there (like location mapping). Be aware that turning off Search History will mean less personalized, and possibly less relevant results.

Tags: , ,

Balancing Act – Pros and Cons of New Federal Breach Notification Bill

June 9, 2015

Karen Taylor for AllClear ID

On April 15, 2015, the House Energy and Commerce Committee approved the Data Security and Breach Notification Act by a 29-20 vote. If passed, the proposed act would be the first federal law that would require uniform regulations governing consumer notification of data breaches.

Over the past several years, the majority of U.S. states have created their own regulations around disclosure and notification after data breaches. But this federal bill could make them all moot if passed into law — thereby, replacing all existing state laws with a single standard for compliance. As can be expected, there are pros and cons to this proposed legislative shake up.

Experts say the uniformity of the bill is its biggest strength and greatest weakness. The key negative expressed by industry professionals is that many existing state laws are more comprehensive, specific, and potent than the general federal bill. But, according to proponents, one of the biggest advantages of having one uniform federal law is that it simplifies a complex and confusing state-based regulatory landscape.

“Varied state data breach notification laws create a complicated patchwork of requirements,” wrote Reid J. Schar and Kathleen W. Gibbons, of Jenner & Block, in an article on Bloomberg BNA. “As (U.S.) states amend their laws, the landscape continues to shift. Companies that do business in multiple jurisdictions are at significant risk of failing to comply with one or more state notification statutes should a breach occur.”

The pending bill is not the first such measure introduced, but others “have all failed”. “However, given the number of individuals affected by, or likely to be affected by, a data breach and the fact that identity theft has topped the Federal Trade Commission’s ranking of consumer complaints for the fifteenth consecutive year, support for a national data breach notification law has never been stronger.”

Here are a few of the ways in which the pending federal breach notification bill might affect state laws:

Sets a national uniform breach notification timeframe.
The bill proposes that notification of a breach be provided to consumers within 30 days from when the scale of the breach was determined and once security has been restored. In contrast, existing state laws’ notification time varies (e.g., 10, 30, 45 days).

Reduces the scope of breach incidents that require notification to only those that cause potential “financial harm.”
This prerequisite “significantly narrows the basis for required notification in 33 states and D.C. The new language seeks to reduce the exposure to noncompliance that often compels organizations to either adhere to a ‘highest standard’ practice or risk costly violations,” according to Anne Peterson of Reed Smith. This means that depending on the type of data compromised by the breach, organizations will be left to decide whether the breach is considered severe enough to be reported.

Adjusts the definition of “personal information.”
The bill defines personal information as data tied to ID theft and/or payment fraud, such as: SS numbers; financial account credentials; other account credentials; driver’s license and other government-issued unique identification numbers; and more.

Gives enforcement authority almost exclusively to the FTC.
Critics of the bill oppose the expanded enforcement authority of the FTC, saying it restricts state attorneys general actions, as well as eliminates consumers’ private rights of action, which currently exist in 10 states.

Generalizes companies’ requirement to maintain ongoing security measurement and practice standards.
“The [bill] eliminates state data security laws with an unclear standard that surely will be litigated and left to judicial interpretation,” said New Jersey Democratic Rep. Frank Pallone.

It remains to be seen how this new development will play out. Before further action can be taken, the bill must be formally introduced into the House of Representatives. No matter which direction it goes, the fact remains that every company will need its own internal breach response plan to carry out in the event of a breach, according to national or state laws and regulations, as well as their own internal corporate policies surrounding consumer data security.

According to Schar and Gibbons, “It is critically important that companies maintain a comprehensive and regularly updated data breach response plan.”

Tags: , , ,

Verizon 2015 Data Breach Report Updates 9 Breach Incident Patterns

June 7, 2015

Karen Taylor for AllClear ID

This is the first in a three-part series on the new “Verizon 2015 Data Breach Investigations Report.” The series shares highlights including: (1) updates on nine incident breach patterns, (2) security best-practice suggestions, and (3) “before and beyond the breach” insights.

Verizon recently published its 2015 Data Breach Investigations Report. The report includes updates on its innovative nine breach incident patterns, best practice recommendations for all nine patterns, as well as eight insights on “before and beyond the breach,” among other observations.

We’ve highlighted some of Verizon’s updates to its nine breach incident patterns before you dive into the 70-page report — including stats on the frequency of each security incident and the percentage of incidents with confirmed data breaches.

Updates to 9 Breach Patterns

In its 2014 report, Verizon researchers hit on a unique way present security breach data when it found that “92% of all 100,000+ incidents collected over the last 10 years fell into nine basic patterns.” In its 2015 report, Verizon stated: “While we saw many changes in the threat landscape in the last 12 months, these patterns still covered the vast majority of incidents (96%).” Here are some updates to these patterns:

1. Crimeware
Frequency of incidents across all security incidents — 25.1%
Percentage of incidents with confirmed data breaches — 18.8%

Crimeware incidents are “predominantly opportunistic and financially motivated in nature,” noted Verizon. While not much changed from 2014, Verizon found: “Malware used to launch DDoS attacks jumped from #8 to #2 in threat action variety.”

2. Insider Misuse
Frequency of incidents across all security incidents — 20.6%
Percentage of incidents with confirmed data breaches — 10.6%

“As with prior years, the top action (55%) was privilege abuse … in virtually every industry,” says Verizon. What’s more, end-user-instigated incidents rose to the top position, over cashiers, to 37.6%. “This is disconcerting news, considering how many regular end users make up the population of any given organization.”

3. Physical Theft and Loss
Frequency of incidents across all security incidents — 15.3%
Percentage of incidents with confirmed data breaches — 3.3%

Verizon noted. “Like last year, most of the theft occurred within the victim’s work area (55%), but employee-owned vehicles (22%) are also a common location for thefts to occur.”

4. Web App Attacks
Frequency of incidents across all security incidents — 4.1%
Percentage of incidents with confirmed data breaches — 9.4%

“Organized crime became the most frequently seen threat actor for Web App Attacks, with financial gain being the most common of the primary motives,” stated the report. “Over 95% of these incidents involved harvesting creds from customer devices, then logging into web applications with them.”

5. Denial of Service
Frequency of incidents across all security incidents — 3.9%
Percentage of incidents with confirmed data breaches — 3.1%

“Distributed denial-of-service (DDoS) attacks got worse again this year with our reporting partners logging double the number of incidents from last year,” reported Verizon. “However, we also noticed an interesting pattern … we saw some indication that there may be two distinct tiers — or clusters — of DDoS attacks based on bandwidth, velocity, and duration.”

6. Cyber Espionage
Frequency of incidents across all security incidents — 0.8%
Percentage of incidents with confirmed data breaches — 18%

“The vector of malware installation is mostly through phishing, but was split between either attachments or links, and malware installed through web drive-by has made a stronger than normal appearance this year,” Verizon reported.

7. Point-of-Sale Intrusions
Frequency of incidents across all security incidents — 0.7%
Percentage of incidents with confirmed data breaches — 28.5%
Contrary to industry beliefs, point-of-sale intrusions are on the rise, the Verizon study finds. “The evolution of attacks against POS systems continued in 2014 with large organizations suffering breaches alongside the smaller retailers and restaurants.”

8. Payment Card Skimmers
Frequency of incidents across all security incidents — 0.1%
Percentage of incidents with confirmed data breaches — 3.1%

Card skimmers continue to innovate, reports Verizon. “This year’s improvements include the use of ridiculously thin and translucent skimmers that fit inside the card reader slot as well as direct tapping of the device electronics to capture the data with nary a trace of visibility.”

9. Miscellaneous Errors
Frequency of incidents across all security incidents — 29.4%
Percentage of incidents with confirmed data breaches — 8.1%

“As with years past, errors made by internal staff, especially system administrators who were the prime actors in over 60% of incidents, represent a significant volume of breaches,” reported Verizon.

One Breach Response Solution for All Breach Patterns

No matter which breach pattern penetrates your company’s security measures, there is only one way to ensure your response is swift and well-orchestrated — by creating a breach response plan before any attack or mistake occurs. When done right, breach response plans prepare your company to respond quickly, accurately, and with the best interest of your business and your customers front and center.

Tags: , ,

Avoid These Summer Travel Scams

June 5, 2015

Jackie here. Summer’s coming, and that means everyone needs to be on the lookout for travel scams. Stay safe during your travels by brushing up on common scams before you hit the road. The Better Business Bureau has created an amazing infographic highlighting 40 of the most common travel scams. We’ll cover a few of the scams seen around the world below, but make sure you check out the complete list as well. Some of the scams are specific to a certain location so be sure to look for your summer destination on the list.

Fake Front Desk Call

You’re happily sleeping in your hotel room when the phone rings. It’s the front desk calling to verify some credit card information. Don’t share your info. The caller is actually an identity thief trying to get your card number. Instead, head down to the front desk and verify your information in person. This scam often occurs in the middle of the night to discourage guests from heading to the front desk. If you don’t want to get up in the middle of the night, surely they can wait until the morning.

Fake Takeout

You check into a hotel and grab the pizza flyer slipped under the door to order some dinner. Unfortunately, the flyer’s a fake. Dinner’s not coming and you just shared your card details with a thief. If you want to order takeout, look up the number online or in a phone book. Don’t trust fliers you find in your hotel room.

The Expensive Taxi

When you don’t know your way around a town, you don’t really know the quickest route from Point A to Point B. Some taxi drivers like to take advantage of this fact, taking unwitting riders on longer than necessary rides to rack up the charges. This one’s hard to avoid, but try to use licensed taxis if possible. Your hotel may have recommendations about which taxi service can be trusted.

Overly Helpful Locals

ATMs can be confusing in other countries, especially if you aren’t fluent in the language. In this scam, a helpful local will offer to help you navigate the cash machine, but really they are just memorizing your PIN. Later they’ll pickpocket your wallet or make off with your cash. Never use the ATM in the presence of a stranger. Cover the keypad when entering your PIN. A variation of this scam involves stealing your money as soon as it is dispensed.

May your summer be filled with fun, and scam-free travels.

Tags: , , ,

What Does a Scam Sound Like?

May 29, 2015

Jackie here. How do you know when a scam comes calling? The Better Business Bureau has shared a recording of a real scammer calling a consumer. Head on over to their website and take a listen. While not every scam sounds the same, many of the call-in scams will sound similar. Knowing what to look for can help you stay protected from ID theft.

What Should You Do?

If you get a call like this one, what should you do? Here are some simple tips for dealing with scammers on the phone.

Hang Up- If it sounds like a scam, it probably is. Hang up the phone. You don’t need to be nice; just hang up. If you’re worried about missing crucial information from a company you do business with, call them back using a known phone number. Scammers often use popular companies to trick you into sharing information. Just because they say they are calling from Microsoft or your bank, doesn’t mean they actually are. Don’t engage with scammers like the caller in the BBB clip.

Report the Call- After a call, report it. Any information you have may help law enforcement to shut down the scam. The FTC Complaint Assistant is an easy way to report scam phone calls. It just takes a couple of minutes and can be done entirely online.

Most Importantly…Don’t Share Any Personal Information- Don’t give the scammers any information they don’t already have. Don’t share any personal information including your name, address, Social Security number, bank information, account numbers, etc. Some scammers tell you they need your information to verify your identity. If you didn’t make the call yourself, don’t verify anything.

Have you ever received a scam phone call? Let us know what happened and how you knew it was a scam.

Tags: , ,

What You Should Know About Online Marketplaces

May 28, 2015

AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.

Just about everything is online these days. Many items that used to require going to a store to purchase can now be acquired from the comfort of your living room or on the go with your smartphone or tablet. Shopping isn’t the only thing that can be done online, either. It’s also possible to look for jobs, apartments, and service providers online. While the rise of online marketplaces has made shopping, job hunting, and apartment searches more convenient, it has also made us more vulnerable to scams and identity theft. Here are some tips to protect yourself while using online marketplaces.

Tip #1:

Make sure that you do not give out your Personally Identifying Information (PII) until the right time. If a potential employer has not scheduled an in-person interview with you, but needs your Social Security number to run a background check, that’s a huge red flag. In addition, you should make sure that you have seen any housing you are looking at renting or buying before you offer up your PII or any type of deposit. You should do more than just drive by, as well. Just because a building is actually there doesn’t mean it is for rent, so do yourself a favor and ask questions of the landlord or manager and don’t be afraid to voice any concern you may have. Only once you are sure the property is legitimately available should you supply the information for a credit check needed to obtain the apartment.

Tip #2:

Avoid alternative payment methods when transacting online. Wire transfers, specifically via Western Union, are often used in scams. While this may be an obvious red flag when you are buying or selling something online, this can also be used in employment or housing scams. A potential employer may state that they will pay you via Western Union, or ask that you pay your first month’s rent via wire transfer. These are most likely scams and should be avoided. Other forms of payment that can be a red flag for fraud are cashier’s checks, money grams, and personal checks. These can be made fraudulently and liability will be transferred to the person taking the payment if false funds are deposited into their bank account.

Tip #3:

Most importantly, remember who is responsible for activities on online marketplaces. Most online marketplaces have a robust amount of information on avoiding scams while using their sites. Why do they do this? Because scammers are increasing their efforts to scam more and more people every day. You must remember, though, that online marketplaces ARE NOT, by law responsible for any nefarious activity taking place on their websites. Look at it this way – if you went into a department store and an employee ripped you off you could complain to the management of the department store and could reasonably expect for the situation to be resolved. This is not the case with sites such as Craigslist, eBay and others. The people you are doing transactions with, whether they be property managers, potential employers or merchants, are not associated with the site itself and therefore the site is not responsible for their actions. The bottom line is that if something does go wrong, there’s usually not going to be anyone to fix the problem for you.

All of these warnings make online marketplaces sound like risky places to conduct business. However, by being cautious with your information you can navigate your way through transactions to get what you need, when you need it. Keeping these tips in mind can help you avoid fraud, scams and identity theft.

Tags: ,

4 Key Pieces to Your Identity

May 18, 2015

Jackie here. These days, it may seem like almost any bit of personal information about you can be used by fraudsters to commit ID theft. While methods are evolving, there are some standard pieces of information that make it much easier to pose as another person. Let’s take a look at what information thieves need to capitalize on your identity.

Your Name

You use it all the time. It’s on your name tag at work, proudly displayed across your social accounts, and something you share with the doctors, repair people, and even strangers at the grocery store. Your name is a big key to your identity. That doesn’t mean you should start keeping it a secret, though. Your name might be one key to your identity, but typically it must be paired with other information for ID theft to occur. What’s more, in some instances, ID thieves don’t use your real name at all, but instead pair other pieces of your identifying information with a different name.

Your Social Security Number

Who have you shared your SSN with lately? You might not openly tell this number to friends and family, but odds are you’ve given it to doctors, utility companies, and others more times than you realize over the years.

Your Address

Your address isn’t typically a secret (friends, family, and neighbors all know it), but it is an important part of your identity. With a name and an address, thieves can often access accounts, sometimes even sensitive ones. Your address can also be used to redirect mail, giving identity thieves a treasure trove of personal information. While you can’t keep your address a complete secret, you can take steps to better protect it. Don’t share it openly on sites like Facebook or Twitter. LexisNexis found that a surprising 20% of consumers admit to sharing their addresses on social media.

Your Date of Birth

If your PIN for your bank account is the year of your birth, change it immediately. Every combination of 19XX make up the top 20% of most common PIN numbers. Your birthdate can also be the final piece of identifying information to unlock various accounts.

These four keys to your identity are things we share daily. In fact, the only thing on this list that you don’t share often is your SSN. Do your best to protect your information, but know that it is out there. Watch closely for the signs of ID theft so you can catch it quickly if it does occur.

Tags: , ,

The Ever-Changing Credit Card

May 15, 2015

Jackie here. Could a changing security code be the key to fighting credit card fraud? One card manufacturer hopes that their prototype credit card with a changing verification code (that 3 digit code sometimes called a CVV) will be in your wallet soon. Let’s take a quick look at this idea for fighting credit card fraud.

The Card

At first glance, the new card from Oberthur Technologies looks just like any other credit card. It is a standard size and just .76 millimeters thick. The main difference between this card and the ones you already have is the changing code on the back. The code changes every 40 to 60 minutes to a new randomized number. This number is displayed on a small, postage stamp sized screen. The small screen is battery powered and designed to last 3 years without a charge.

If your card information is written down, it won’t work later as the code will have changed. Without the new code, the card won’t work. One potential downside to this is you could not input the card information to make automatic payments for bills and other expenses, as the CVV changes so often.

A Better Solution?

This card is touted as a better solution to credit card fraud than the CHIP-enabled cards companies are now using. These cards have a specialized chip that discourages fraud when used with a special reader, but fraudsters will likely circumvent the chips by heading online where chip verification isn’t currently possible.

Since this card can be used both online and off, it may be a more comprehensive solution to credit card fraud. Only time will tell if this card becomes available to the masses and will really cut down on fraud.

Tags: ,

Be Smart With Smart Devices

May 12, 2015

Jackie here. Is your home smart? I spotted an alarming article on Yahoo about the potential vulnerabilities in smart homes. A majority of smart devices are hackable (one study found 7 out of 10 devices had some sort of vulnerability). While the threat isn’t big for now, it is likely that as smart homes – homes with smart devices that are increasingly connect to the internet and each other – become more common, hackings will become more common. What can you do?

Secure Your Router

The biggest thing you can do to protect your home is secure your router. This is the most common way that thieves gain access to home networks. The router basically acts as the door to your network and it’s a lot easier to walk through the door than crawl through a window. Securing this one point can greatly increase the security of your home network, even if you change nothing else.

Change Default Log-ins- When you set up your router make sure you change the default username and password. Since these credentials are typically the same on similar devices, they are very easy to crack. Choose a unique username and password combination. Consider enabling the guest function as well so visitors to your home can use your router without access to your primary password. Make sure your administrator password and your Wi-Fi password are different.

Use WPA2- Most new routers are automatically configured to use WPA2, but be sure to check your router to confirm. This function encrypts data going in and out of your router and leads to enhanced security of the personal information you transmit over the router.

Stay on Top of Updates- Update, update, update. Vulnerabilities happen from time to time and updates are the best way to ensure your device is protected. As problems are discovered, updates to the firmware are created to correct them. Failing to update your firmware can leave your network very unsecure.

Consider a Second Network- Some people choose to use two networks: one for their computers and one for their smart devices. This ensures that should your smart devices be compromised, your more valuable information stays secure.

Smart devices are the way of the future. Learning how to use them wisely and increasing your knowledge about smart device security is essential to keeping your personal information secure.

Tags: ,

5 Free Tools to Protect Your Identity

May 5, 2015

Jackie here. Protecting your identity doesn’t have to cost a lot of money. Here are some free tools you can use to help keep your identity safe.

Free Yearly Credit Report

Under the Fair Credit Reporting Act, you’re entitled to a copy of your credit report from each of the credit bureaus once a year. You can take all three at once, or spread them out over the year. Get your free credit reports from annualcreditreport.com – this is the only website where you can pull your credit report for free under the FCRA. Your free reports won’t list a numerical credit score, but if you want to get an idea where you’re at, try the free FICO score estimator. Just answer a few questions using your credit reports and you’ll get a range that your score will likely fall into.

Fraud Alert

Are you at an increased risk for ID theft? A fraud alert makes it harder for identity thieves to open accounts in your name by requiring businesses to contact you before issuing credit. You can place one on your file by contacting one of the three credit bureaus (they will then contact the other two). This tool can protect you for 90 days and is especially useful if you’ve found unauthorized accounts on your credit. Keep in mind that putting a fraud alert on your account can also lengthen the process for you to open legitimate lines of credit, as businesses will need to contact you before issuing credit as well.
File for a fraud alert here. Remember, you only have to file with one of the three credit bureaus to get protection from all three:

Equifax

TransUnion

Experian

Anti-Virus Software

Anti-virus software is a great first line defense against malware. You don’t have to spend a bundle to protect your computer from viruses and malware threats. Most free options have scaled back features when compared to the paid versions from the same company, but are good options to test out the service and for those on a budget. Here are some free anti-virus options:

AVG

Avast

Panda

Anti-Malware Software

For extra protection from malware (a big ID theft threat), try anti-malware software. Malwarebytes has a free version available.

Opt Out for Pre-Approved Credit

Those pre-approved credit card offers are a gold mine for identity thieves. Make sure you aren’t making it easy for someone to obtain credit in your name. Opt out of pre-approved credit offers by visiting OptOutPrescreen.com.

Which of these free identity protecting tools have you tried?

Tags: , , ,

An Ever-Changing Password

May 4, 2015

Jackie here. A weak password is a problem, but what’s the solution? Yahoo rolled out a new password system that generates an ever-changing password for their users. Best of all, this password comes on demand, so you don’t have to remember a thing (and its only 4 digits). Will this new idea become a viable alternative to the password?

A New Password Every Time

Do you have a hard time remembering your account passwords? Yahoo’s new system eliminates the need to remember a password by texting you one each time you want to log in. Simply activate the system, register your phone, and never remember your Yahoo password again.

If you have a Yahoo account and want to sign up, here’s what to do:

Log In- use your existing password
Enable On-Demand Passwords- You’ll find this option in the security settings.
Register Your Phone- Follow the process to register your phone. You’ll need to use a phone that can receive text messages.
Log In- The next time you go to log in, you won’t see a spot for a password, but rather a button that says, “Send My Password”. Click the button and a 4 digit password will be sent to your phone.

Yahoo hopes this system will provide a replacement to the password and will make their site more user-friendly and boost online security.

What do you think of Yahoo’s new password system? Will you try it?

Tags: , ,

Protect Your Personal Information

April 30, 2015

Jackie here. We talk a great deal about protecting our personal information, but even with safe sharing practices, information is out there. With so much information posted online and in public records that are easily accessed, some information you can’t keep secret. There are even companies, called data brokers, that have created files on almost everyone and will share this information with others for a small fee. What can you do?

I recently read an article on AARP that talked about these information-packed files. The author ordered a report on himself (it cost just $33) that revealed information like past employers, places he’d lived, birth date, relatives, and more, all the information a scammer might need to trick him into a falling for a scam or to commit ID theft. These websites are perfectly legal, both to run and to use, and there is little you can do to keep your information off of them.

Since personal information is the key to identity theft, these websites are a bit disturbing, especially to those that value privacy. Here are some tips for protecting yourself in a world where personal information isn’t so personal.

Opt-Out When You Can- Some of these companies allow opt-outs, but know the process can be tricky and some companies charge a fee. You’ll find detailed information about some of the available opt-outs here.

Lock Down Social Media- Some of the information on data brokering sites may be gathered from public information on social media sites like Facebook and Twitter. If you haven’t done so already, double check those privacy settings today.

Be Scam Smart- Scammers are tricky, and when armed with personal information may be able to make a convincing case. Be extremely cautious when you’re contacted out of the blue with offers, prizes, etc. It is very easy to hang up and call a company back using a known number.

Choose Security Questions Wisely- Many of these files have information like the name of your former high school or elementary school. When choosing the answers to security questions, keep these files in mind. Some people like to use obscure answers they will remember, but that might not be technically correct. You can answer your security questions however you choose, so try to make them as secure as possible.

Tags: , ,

Do I Have to Share my SSN with my Doctor?

April 17, 2015

Jackie here. We’ve advised you not to share your Social Security number unless absolutely necessary, but the tricky part is knowing when you must share and when you can say no, especially when you head to the doctor’s office. There is often a space on their forms for a SSN. Do they really need it? Here’s what you need to know about sharing your Social Security number when you go to the doctor.

Does My Doctor Need My SSN?

There is no simple answer to the question, “Does my doctor need my SSN?” It really depends on your insurance. Some insurers use the SSN as an identifier. If your doctor doesn’t have yours, they won’t get paid. Does your insurance company need a SSN to pay claims? Call and ask to find out. If you have Medicare, a SSN is almost always needed. Other insurance companies including Medicaid, TRICARE, and CHIP used to use SSNs for patient identification, but have transitioned to a different system. If you have an old card that uses your SSN, call and ask for a new one.

How to Say No to Sharing Your SSN

If your insurance company doesn’t require an SSN, you can likely refuse to provide it at the doctor’s office. Be kind, but firm in your refusal. Remember, you can refuse, but they can also refuse to provide service. Staying calm will lead to better results than getting angry or frustrated. Try these tips:

Ask Questions- Before providing your SSN, find out how it will be used. Ask questions about why it is needed, how it will be protected, what happens if you refuse, and what your other options are.

Offer Alternatives- If a doctor’s office wants your SSN to get in touch should billing problems arise, offer alternatives like an email address or a cell phone number. Try to avoid providing things like your driver’s license number, as this too can be used to commit ID theft.

Find a Different Doctor- If your doctor insists and you really don’t want to provide your SSN, find a different provider. Unless your insurer requires your SSN for billing, you shouldn’t have to share it with your doctor.

It’s important to know when you are required to share personal medical information and when are may have another option. This will help you keep your information safer from medical identity theft. Find more tips from Consumer Reports here.

Tags: ,

Scam: Don’t Watch that Video

April 14, 2015

Jackie here. There’s a scam making its way around Facebook and other social media sites that could leave your computer ridden with malware if you aren’t careful. Here’s what you need to know:

What is Malicious Tagging?

This scam uses a practice known as malicious tagging. A friend will appear to share a video (often one with adult content) to their wall with the names of many friends tagged. If you’re tagged, you’ll receive a notification and likely want to view the video. If you click to view the video, a pop-up will appear that encourages you to update your video player software (like Flash Player). Click to update and you’ll unknowingly install malware on your computer. This malware not only steals personal information (potentially leading to ID theft), but also takes over your Facebook, tagging your friends in the malicious video and perpetrating the scam once again.

What Can You Do?

This scam is a scary one, but there are ways to protect yourself and your friends.

Just Because it’s from a Friend, Doesn’t Mean It’s Safe- We tend to trust links and videos shared by friends, but on social media, this isn’t always a wise choice. Your friend’s accounts may be compromised and they may be unknowingly sharing malicious links. If something seems suspicious, steer clear, even if it’s shared by a trusted friend. To spot a potential scam, look out for postings that seem out of the norm for your friends – if they don’t usually share videos with friends, double check with them before you watch.

Beware of Required Updates- Stay on top of your computer, plug-in, and software updates on your own (automatic updates are an easy way to do this). If an update notification pops up when you attempt to watch a video or follow a link, decline the update and head to the applicable website to do it yourself. Here are some tools to help you stay on top of the updating game:

Firefox’s Plug-In Checker- If you use Firefox, try the Plug-In Checker to see what needs updating. You’ll see which plug-ins are potentially vulnerable and will have access to easy links to update.

Chrome Plug-Ins- Chrome users can head to Chrome’s help page on Plug-Ins for links to supported plug-ins and their updates.

Microsoft Update Page- This help page from Microsoft has tips and tools for keeping your computer up to date.

Report It- If you come across spam or potentially malicious content on Facebook, report it. This helps Facebook to find and remove the bad content and may protect other friends from falling victim.

Think Before You Click- If something is touted as “exclusive”, “one-of-a-kind”, etc. keep your eyes open for a scam.

Stay on the lookout for malicious tagging and don’t fall victim.

Tags: , ,

What Does Facebook Know About You?

April 11, 2015

Jackie here. When it comes to protecting your privacy online, one of the best places to start is with your social media accounts. It might not seem like you share a lot with these sites, but you’d be surprised how quickly those little snippets of your life add up. Here are a few surprising things Facebook (and the world if you’re not careful with your privacy settings) knows about you.

Your Name

What’s in a name? It might seem like pretty basic information, but knowing exactly who you are makes everything you do on Facebook so much more valuable. You aren’t just a nameless user to Facebook, but a specific person complete with a name. Identity thieves may use your name to trick friends and others into believing a scam is real.

Your Birthday

Facebook knows your birthday since it is something you must share to register for an account. But, if you aren’t careful with your privacy settings, everyone else might know your birthday too. Since birth dates are sometimes used as a piece of important identifying information, it might be a good idea to restrict this information, or at the very least, only share it with friends.

Where You Live

Even if you haven’t personally chosen to reveal your current city of residence to Facebook, they may know where you live based on GPS. Your mobile device may share your location every time you use the Facebook app. Additionally, those check-ins at your favorite restaurant reveal a lot about your location. Be careful with check-ins. Thieves have been known to use Facebook as a tool for determining when you are and are not at home.

What You Look Like

Facebook is surprisingly good at identifying its users through pictures. Their facial recognition program, DeepFace, boasts 97.35% accuracy, close to human level performance. Facebook knows what you look like and can find and identify pictures of you, even if you haven’t tagged yourself. Always double check pictures that are tagged of you on the site to make sure they are pictures you want identified with you. Although you can’t remove other Facebook user’s pictures, you can untag yourself if you don’t want the picture to show on your account.

What You Like

Each time you click “Like” on Facebook, you tell them a little more about what you like and who you are. While this information is highly lucrative to Facebook for advertising purposes, it can also be valuable to thieves if your profile isn’t properly secured. Thieves can see what you like, what companies you do business with, and can potentially use this information to create highly targeted scams that you may fall victim to.

Who Your Friends Are

Facebook is all about friends. After all, what fun would be the site be if it wasn’t for those silly cat pictures your friends are posting? Choose your friends carefully. If you want to welcome everyone into your network, use Facebook’s options for differentiating friendship levels. You can classify people into groups like Acquaintance, Friends, Family, etc. to ensure you’re always sharing with the right audience.

There’s nothing wrong with sharing on Facebook, but make sure you know what you’re sharing and with whom. Take the time today to check your privacy settings and make sure you are protecting your online privacy.

Tags: ,

Activity Trackers and Your Privacy

April 6, 2015

Jackie here. Do you use an activity tracker? These wristbands can make it easy to stick to your fitness goals, but does this convenience come at a price? Some privacy experts worry that fitness trackers could be used to gather and sell personal information. If you’re interested in using a fitness tracker, make sure you know what you’re sharing so you can make an informed decision. Here’s what you need to know about fitness trackers and personal privacy.

Read Privacy Policies- FitBit, one of the big names in fitness and activity tracking, has a privacy policy that prohibits any information sharing or selling. Many of the other fitness trackers may have similar provisions. When considering a device, read the privacy policy carefully. Find out how they’ll use your information and how they’ll store it. Remember, policies can change so you should review privacy policies often to stay apprised of any changes. To find the privacy policy for your device, head to their website or do a search with the device name and the words “privacy policy”.

No Regulations- While there are regulations regarding privacy on health apps, the same does not apply to fitness apps. These apps are use at your own risk and the privacy policies involved can vary greatly from company to company. Do your research and be aware that privacy policies are determined by the company, not by federal regulation.

Your Data is Valuable- You might think that no one else cares about your fitness activities, but this is not true. Your information is very valuable to advertisers, health insurance companies, and even employers. Don’t underestimate the value of your data.

Send Data Securely- If you do use a fitness tracker, send your data to the company securely. Unsecured networks (public Wi-Fi) can be easily compromised.

Last year we shared some information about health and fitness apps and privacy from the Privacy Rights Clearinghouse’s special report. Much of the information we shared then, applies here too. If you haven’t had a chance to check it out, make sure you do.

Do you use a fitness or activity tracker?

Tags: , ,

Spring Clean Your Identity

April 4, 2015

Jackie here. Have you been neglecting your identity? In the daily hustle and bustle it is easy to let some important identity protecting tasks fall through the cracks. Just like you spring clean your house to get caught up once a year, take some time to spring clean your identity. Catch up on those tasks you’ve been forgetting and keep your identity a little safer. Here are some ideas:

Check Your Credit (and Clean it Up)- Have you ordered your free credit reports this year? Once a year you’re entitled to a free report from each of the credit bureaus. Get your reports by visiting annualcreditreport.com. If you notice any errors, correct them right away. If you see signs of ID theft, take action before the problem gets worse.

Opt Out- Are you getting unwanted credit card offers in the mail? Is your number on the Do Not Call Registry? Take a few minutes and opt-out to protect both your privacy and your identity. Here are a few opt-out options to consider:

Prescreened Credit Offers

Do Not Call Registry

Top Opt Outs from the World Privacy Forum- a great list of 10 opt-outs you should consider.

Shred- Unwanted paperwork can pile up. Take some time and get to shredding. Shred any paperwork with sensitive information that you no longer need, including old bills, medical statements and records, expired credit cards, bank statements, tax records, etc. Use a crosscut shredder to ensure your documents are really destroyed.

Change Your Passwords- Even if you’ve chosen strong passwords, it’s still a good idea to change them occasionally. If you haven’t changed your passwords lately, update them today!

Check Privacy Settings- When was the last time you checked your privacy settings on Facebook, Twitter, Google+ and other social accounts? This help sheet will walk you through the process on many of your favorite sites.

Re-Read Privacy Policies- Privacy policies might not be the most interesting reading around, but they are important. Review the privacy policies at your favorite websites and be aware of what you’re sharing.

Update- Is your anti-virus software up to date? What about your favorite apps and plug-ins? Update your computer, run an extra security scan, and make sure you’re protected.

Delete Old Apps- Remember that heartbeat tracking app you installed and used only once? Now’s the time to say goodbye. Go through your apps and delete any that you aren’t currently using. In addition, double check the information you are allowing your current apps to access – many automatically request access to data they do not need.

What will you do spring clean your identity this year?

Tags: , , , ,

Device Debacles – Lost, Stolen, and Neglected Data Risks

April 2, 2015

Karen Taylor for AllClear ID

When we think about threats to private data we often think of the headline-grabbing cyber attacks. We tend to forget the data breaches that result from a more mundane cause — the loss of devices and documents on which the data resides.

Yet, there is a real and present danger of data being breached through lost, stolen, and neglected devices and documents such as servers, computers, and cell phones, according to experts.

In one study, eSecurity Planet found the leading cause of data breaches has been the theft or loss of unencrypted laptops and USB drives. “If there’s a difference between a laptop theft today and 10 years ago, it’s that it’s probably got saleable data on it,” stated ESET senior security researcher Stephen Cobb.

Further, in its 2014 Healthcare Breach Report, data protection company Bitglass found that “68% of breaches since 2010 occurred because devices or files were lost or stolen, while only 23% were due to hacking.”

While not as sensational as external threats, internal data security threats come with the same high costs — regulatory penalties, lawsuits, and PR nightmares.

For example, the Ponemon Institute found that “lost or stolen devices increased breach costs by $18 per record.”

Losing Sight of Lost Data Risks

Every year there are hundreds of cases of missing data due to lost, stolen, and neglected devices and documents in every industry — from banking to healthcare. Here are just a few scenarios.

Lost in Transportation. An employee of a large Canadian bank lost two back-up servers while transporting them from one location to another. The tapes included the private data of 260,000 customers, including Social Security numbers and bank account information.

Blowing in the Wind. In 2014, a man found patients’ medical records scattered down a street blowing out of a trash dumpster. The records contained the patients’ names, addresses, phone numbers, Social Security numbers, and other private information patients shared with a healthcare provider in Kansas City, Missouri.

Missing in Inaction. In February 2012, a healthcare provider lost ten computer disks that were being stored in an empty office. They contained encrypted personal information on over 300,000 patients, including names, diagnosis, Social Security numbers, and more. Emory Healthcare faced HIPAA fines, a HIPAA breach violation, and a class action lawsuit.

Dealing with a Physical Data Breach

The moral of these stories is that your breach preparedness plan should cover the steps you need to take to deal with and recover from a device breach as well as the more sensational cyber breaches. In many instances, enhanced employee security and data disposal training may prevent a data breach from occurring altogether.

Keep in mind that from a customer’s perspective, the loss of their privacy data by any means is often catastrophic. They are not concerned whether it was a high-tech headline-gripping malicious attack or a mistake that sent their private information blowing down the street. They just want to know how the organization is going to help them recover after a data security incident.

As entities entrusted with our customers’ data, we should treat every data breach with equal care, concern, and proactive communication.

Tags:

What are Phishing Kits?

April 1, 2015

Jackie here. When you want quick and easy… buy a kit. We use kits for making salads, DIY crafts, etc. Scammers use kits for something much more sinister… stealing your information. Phishing kits are an inexpensive way for thieves to launch information stealing campaigns. Let’s take a look at what phishing kits are and how you can protect yourself from phishing attacks.

What Are Phishing Kits?

Phishing kits enable scammers to quickly and easily steal your information. Little technical knowledge or expertise is needed when using a kit. Scammers simply buy the kit (sometimes for as little as $2) and install it, no programming needed. This allows thieves to jump in and start stealing information quickly. Unfortunately for those of us that aren’t thieves, phishing kits are bad news because they make the process of stealing information much simpler.

Phishing kits are often loaded on to legitimate blogs and websites when hackers compromise these sites. This makes having up to date anti-virus software even more important because you don’t have to be visiting dodgy websites to be at risk.

How Do They Work?

Phishing kits can snatch your login information when you visit websites. It might look just like the login page for your bank, but it might not be. When you enter your username and password, the phishing kit gathers the information and sends it back to the scammer. Sometimes you’ll even be successfully logged into the site (using a trick where scammers input the information for you on the legitimate site) to keep you from realizing you’ve been compromised.

How Can I Protect Myself?

Protecting yourself from phishing kits requires diligence. While there isn’t a 100% guarantee you can protect your computer, here are a few tips that can reduce your risk:

Be Cautious with Links- Stop and think before you click that link. Hovering over a link to see where it is headed it always a good idea.

Watch for Bad Grammar- If you notice blatantly bad grammar in an email, send it to the trash. Scammers often use bad spelling and grammar in their phishing emails. Phishing is getting more sophisticated these days, so watch for strange requests for personal information in unsolicited emails.

Update Your Computer- Make sure your anti-virus software is up to date. Also update your various software programs. Thieves often exploit vulnerabilities in programs, which software updates may correct.

Check the Reputation- You can check the reputation of a site before you visit. This reputation checker from Norton is one tool that can help.

Try an Incorrect Password- If you’re unsure whether a login page is legitimate, try the wrong password first. Often, phishing pages won’t return an error message.

Phishing kits are scary business, but if you follow smart browsing principles, you can do a lot to protect yourself.

Tags: , ,

Targeted LinkedIn Ads are Coming Your Way

March 30, 2015

Jackie here. LinkedIn is a wonderful networking tool, but it is not without privacy trade-offs in some instances. LinkedIn recently created and implemented their own ad network that tracks you across the site and on the web. If you don’t want to receive targeted ads from the site, here’s what you need to do to opt-out.

How to Opt-Out

From the “Privacy & Settings” section found in the account settings drop-down box, select “Manage Advertising Preferences”. Here you can opt out by unchecking the box that authorizes LinkedIn to use cookies to understand your browsing patterns. This help page will explain a bit more about LinkedIn’s advertising practices and explain the opt-out process in more depth.

The ads on the new ad network won’t just appear on LinkedIn; they can be found on websites across the internet (Groupon and Samsung are some of the first to test the network). According to the company, the ads might be highly targeted, but the companies in question won’t know who you are. They are simply targeted to people in certain professions, LinkedIn groups, and locations.

This is a great reminder to double check your privacy settings on all social media sites. Policies often change and checking in regularly will help you to stay in control of what you share.

Tags: ,

Smart TV Privacy: What You Need to Know

March 27, 2015

Jackie here. Do you have a smart TV? These high tech devices are certainly convenient, but they raise a few privacy issues too. Samsung recently came under fire for a liberal privacy policy that warned users not to discuss sensitive information around their TVs. These devices have the potential to gather a great deal of user information. Who benefits? And what can you do to keep your family’s privacy safe? Today, let’s take a deeper look at the smart TV.

What Do Smart TVs Gather?

Smart TVs collect and send data about all of your watching habits to various third parties. This can help to personalize your viewing experience. Your TV knows what you like to watch and can recommend new shows. This data can also be used to personalize your advertising experience, showing you ads that are more relevant, and more interesting. But, this information isn’t just helpful to the consumer. It is also highly valuable for companies.

Smart TVs gather information about your viewing patterns, and not just what you stream over the internet. The technology is known as automatic content recognition (ACR) and gathers information about everything you view. They can tell what DVDs you’re watching, what television programs you’re watching, what you view on YouTube, and what you do on Netflix, Amazon Prime, Hulu, etc. This information can be sold to television companies to determine ratings, used for advertising to target specific shows and products, and to improve and change services offered by the TV. Some ads even allow viewers to purchase recommended products directly from their remote controls.

If your set has voice command enabled, your device may also inadvertently capture anything you say around it, transmitting this information to various information gathering companies.

What Can You Do?

What are your options for protecting your privacy when you have a smart TV? The first and one of the most important is to remain educated about your device and the permissions you’ve given it. Many smart TVs have pages upon pages of privacy policy, making it hard to read the whole thing. It is a good idea to carefully analyze your policies and to opt out when possible if things concern you.

Many of the controversial services, including voice commands and ACR, can disabled if you find the right section and follow the process. This can be difficult, but if something makes you uncomfortable, take the time to find out how to disable these services. Consult your TV manufacturer for specifics on opting out on your device.

If your TV is smart, you’ve got to be smarter. Know what you’re sharing and make an informed decision about protecting your privacy.

Tags: ,

Anonymized Data May not be Anonymous

March 26, 2015

Jackie here. When you swipe that credit card, what information are you giving away? A recent study suggests that consumers are likely sharing more information than they intend. The study used anonymized credit card data to pinpoint particular purchasers, turning private purchases into public knowledge.

With just four purchases (an amount easily made within one day: your morning coffee, your grocery store run, lunch, and a gas station fill up), researchers were able to identify consumers from anonymized data with 90% accuracy. If prices were included, only three transactions were needed.

What does this mean for you?

Quite simply, it means that it might be easier to identify you by seemingly random purchases than many originally thought. Companies often share anonymized data with outsiders. Consumers aren’t typically concerned as the data shouldn’t be able to tie directly to them. This study suggests that a little more caution may be needed.

The next time you see the term “anonymized data” in a privacy policy, remember that anonymized is not the same as anonymous. Knowing what information you’re agreeing to share is an important part of protecting your privacy.

Superfish and Privacy – What Lenovo Owners Need to Know

March 22, 2015

Jackie here. Do you have a Lenovo device? Recent reports indicate that the company has been shipping devices pre-installed with a type of malware known as “Superfish”. What do you need to know to protect your privacy?

What is Superfish?

Superfish is a type of malware that comes pre-installed on some Lenovo devices. When you hear malware, you might think scammers and ID theft. This malware is different. It monitors your internet usage and inserts ads into your searches. At the very least it’s a pesky privacy violation, but some security experts worry that thieves could potentially use it to steal your information. It can also interfere with security certificates on secure sites making it risky to connect to online banking.

To find out if your computer is loaded with Superfish, head to this website and wait a few seconds. The website will perform a quick check and let you know if Superfish is operating on your device.

What Can You Do About Superfish?

If you do find Superfish on your computer, take action. Security experts have found ways to use Superfish to compromise computers and thieves probably have too. Amid public backlash Lenovo has released a way to uninstall the malware. Head to their support site and use the removal tools provided on your device.

Tags:

Tips for a More Secure Laptop

March 19, 2015

Jackie here. When you’ve got work to do on the go, nothing beats a laptop. Are you keeping yours safe? Proper care for your laptop is much more involved than just storing it in a padded case. Try these tips to boost your laptop security and keep your identity safe.

Treat It Like Cash- Would you leave a $100 bill on the table of your local coffee shop while you run to the counter for your order? Then don’t leave your laptop. OnGuardOnline recommends treating your laptop like cash. This will help keep your laptop out of the wrong hands.

Give It a Password- If your laptop doesn’t have a password, set one up today. A password is a great first line defense against prying eyes. Make sure you store your password in your mind, not on a paper inside of your laptop case. The same rule applies for passwords to bank accounts, email, and other sensitive websites.

Ditch the Laptop Case- A laptop doesn’t have to live in a laptop case. Storing it in other, more discreet cases may be a bit safer. Consider stowing your laptop in a small padded cover inside of a backpack instead of the traditional case.

Alarm It- If you use a laptop often, you may want to invest in a laptop alarm or lock. These can help you keep an eye on your laptop even when you have to momentarily look away.

Pay Attention- If your laptop is out, pay attention. Be aware of your surroundings. Thieves don’t have to physically take your laptop to capitalize on your information. Looking over your shoulder can yield usernames, passwords, account numbers, and more if you’re not watching.

Use Anti-Virus Software- Don’t connect to the internet without up to date anti-virus software. Since laptops aren’t always turned on (like a home computer) they can easily get behind in their updates. It’s a good idea to pull out your laptop and manually update software before a big trip out of town or some other occasion where you will be frequently connecting to public wi-fi.

Be Careful with Wi-Fi- It’s always safer to avoid entering personal information over a public Wi-Fi network. If you’re using your laptop out and about, you’ll need to have a plan to use Wi-Fi safely. These tips from Microsoft may help you as you create your plan.

Turn Off Your Wi-Fi Connection When Not In Use- Turn off your Wi-Fi connection when you aren’t using the internet.

Now that you’ve got some tips, try your hand at this fun laptop security game from the FTC and see how you do.

Tags:

Tips: The Legal System and ID Theft

March 14, 2015

Jackie here. In most instances, identity theft is considered a crime and that means that your local courts and legal system may be able to offer some assistance in identity theft resolution. The availability will vary greatly depending on where you live, but here are a few resources from the Identity Theft Resource Center.

Your Local District Attorney’s Office

Many district attorney’s offices offer some sort of victim assistance for ID theft. Contact your local DA’s office and ask what programs are available. Your local office may have group meetings, victim counselors, packets of local resources, helplines, or informative websites to provide information.

File for Restitution

If you want to file for civil restitution after ID theft (especially common when the perpetrator was local), your local court is the place to start. Restitution can help cover expenses related to the theft (including postage, time off work, photocopies, faxes, etc.). In order to file a claim, you’ll need to keep detailed records and save receipts.

Get Your Credit Report

As an identity theft victim, you’re entitled to free copies of your credit report during the resolution process. Your police report and records of other legal filings can be used to prove that you’re entitled to these free reports. Just a note, under the Fair Credit Reporting Act, each of the 3 credit bureaus is required to provide you with a free copy of your credit report, at your request, once every 12 months. Visit www.annualcreditreport.com or call 1-877-322-8228 to request your copy.

Letter of Clearance

If you’re a victim of criminal identity theft and are struggling with mistaken identity, a letter of clearance from the court can be used to prove your identity to law enforcement and help you avoid jail stays due to your identity theft.

For more tips about using the legal system to your advantage after identity theft, check out this great tip sheet from the ITRC.

Tags: , ,

New Plastc Card Might Increase Your Security

March 3, 2015

Jackie here. How many credit cards are in your wallet? A new service called Plastc hopes to replace your many cards with just one. They offer a high tech credit card alternative that stores all of your card information in one place. Let’s take a look at some of the features.

What is Plastc?

Plastc is a one card solution to all of your cards. It can be programed to act as a credit card, debit card, security access card, gift card, and loyalty card. Once your cards are entered into the device (it can currently hold 20 cards), you can access them using the touchscreen display. The card has a magnetic stripe (like your credit card) and a barcode display. It also has NFC and Chip and PIN capabilities. It can be used with all credit cards including Visa, Mastercard, and American Express. Plastc also tracks account balances and spending.

Plastc isn’t just convenient. The creators hope to increase the security of your cards as well. The card uses a secure PIN entry to unlock the card before purchasing. Proximity alerts let you know if you ever leave your card behind. If the card is lost, it can be remotely wiped to protect all of your information.
Cards are available on pre-order right now and cost about $150 each.

Plastc is a neat idea and we’re excited to see how it works out. There is no guarantee it will boost your credit card security but the possibilities are promising. Would you be open to using such a card if it meant enhanced security?

Tags:

5 Simple Steps for a Safer Identity

February 26, 2015

Jackie here. ITRC president Eva Velasquez recently shared some ID theft tips we can all take advantage of. Often it’s the little things you do that make the biggest difference in keeping your identity safe.

Password Protect Your Phone- Is your phone password protected? If you haven’t taken the time yet to set up this simple, but essential identity protection, stop reading and go do it. Setting up a password just takes a few minutes and can keep your personal information safe should your phone be lost or stolen.

Keep Your SSN to Yourself- When companies ask for your Social Security Number, ask them why. In many instances, they don’t actually need it. What should you do when asked for your SSN? Eva Velasquez offers a simple solution, “You are free to tell the company that you do not give out your Social Security number, and that you’ll be happy to provide different information, such as your phone number or address.” In certain instances, however, companies do need you SSN to provide you the services you request.

Take Your Mail to the Post Office- Don’t drop that tax form or check into the mailbox outside of your house. Take it to the Post Office instead. If you’re mailing anything that contains personal information (including checks, health insurance statements, and tax documents), send it directly from the Post Office.

Change Your Password- Change your passwords often and while you’re at it, make sure you’re choosing strong ones. Hint: your birthdate or address is not a good choice.

File Your Taxes Early- We’ve told you before and we’ll tell you again, file your taxes as soon as possible. If you’re waiting to file, remember that the thieves are not. “If a thief gets there first, your legitimate return will be rejected for having a return already filed under your Social Security number.”

Take these 5 simple steps today for a safer identity.

Tags: , ,

Online Job Hunting and ID Theft

February 20, 2015

Jackie here. Is your job hunt putting you at risk for ID theft? The internet has certainly changed the way we find and apply for jobs, both for the good and potentially the bad. The convenience of being able to submit applications online also gives thieves a convenient way to steal information. What can you do? Keep reading for some identity protecting job search tips from the Identity Theft Resource Center.

Carefully Screen Opportunities

In job hunting as well as in life, “If it seems too good to be true, it probably is.” If you see a job offer that offers great pay with little to no effort, its likely a scam. Some thieves use fake job postings to solicit identity information (like name, address, Social Security Number, etc.). If you see a suspicious job posting, contact the company doing the hiring directly and make sure the job is legitimate before you put in an application.

Don’t Provide Bank Information

Never provide your bank account information as part of the job interview process (even after hiring, your employer only needs this information to set up direct deposit if you plan to use it). Jobs that promise to pay you for cashing checks or managing money transfers through your own accounts are almost always scams; avoid them.

Offer First, SSN Second

Be very careful when providing your Social Security Number to a potential employer. You don’t need to provide it with the initial application. If a SSN is needed (for a background check or paperwork after hiring), provide it only after you have a job offer (or conditional offer).

Good luck on your job hunt! May your searches be identity theft and scam free.

Tags: , , ,