October 3, 2015
Jackie here. Today’s computers are smarter and faster than ever before, but even with all the technology we have, it often seems impossible to completely protect personal information. Quantum mechanics, a complex branch of physics, may hold some of the keys to enhanced protection.
Some researchers worry that quantum computers (currently theoretical, but could be a reality in the coming years) could put an end to current data protection practices. These computers calculate differently than a modern PC and are believed to be able to quickly break in to public key encryption systems.
While most experts think quantum computers are probably 10+ years away from becoming a reality, researchers have begun looking for ways to protect information from attacks with these devices. The NSA is warning that quantum computers could become a problem when it comes to protecting information.
One solution may be to use quantum mechanics in the fight against quantum computers. Researchers hope that by transmitting data using quantum principles, they will be better able to tell when information has been compromised. Some even say that the system will be un-hackable if done properly.
An un-hackable password may be waiting in the future, but before we can use it, we’ll need to change the way data is transmitted. Current systems use 0s and 1s to electronically send a signal. The quantum theory would use protons, or bits of light. The process is very complex and would require major changes in infrastructure.
While this particular threat, and its potential solution, are years away, it is a good reminder that protecting your identity should be an ongoing effort. New threats and new ways to protect your identity crop up frequently.
October 1, 2015
Jackie here. In a connected world, keeping information private can be difficult. All too often, companies share or sell consumer information without their permission or knowledge. When it happens to you, you are now able to do something about it. The FTC has a new complaint tool that you can use to report privacy violations.
What Types of Violations Can I Report?
This tool is perfect for reporting specific instances when your information was shared without permission. For example, if you start getting targeted advertising in the mail (like ads for maternity clothes or formula samples when you are pregnant and haven’t signed up for them, etc.) and know what company gave up your information. Any time your personal information is shared in a manner that you didn’t expect or didn’t give permission for (and you know where the problem originated), you can report it. This tool isn’t for reporting ID theft, just privacy violations.
How Do I Report Privacy Violations?
If you see a privacy violation, report it using the FTC’s Complaint Assistant. You’ll see an alert near the top of the page that says, “Concerned about how a company is handling your personal information? Click here to report privacy concerns.” Click and fill out the form on the next page.
You’ll be asked for the company’s name, address, email address, phone number, website, etc., so have this information handy. Don’t worry if you don’t know all the information requested. The FTC says,
“Not all fields may apply to your complaint.” You can skip fields if needed.
After you fill in information about the company, you’ll be asked to provide your information and comments on your reason for reporting a company. Be specific. The FTC wants to know why you have a complaint, not just with whom.
Speaking up is a great first step in letting companies and the FTC know how you want your information shared. If you find your privacy has been violated, report it.
September 28, 2015
Jackie here. Job hunting is stressful on its own, and identity thieves often try to cash in on eagerness find a job. This latest job-hunting scam might look like a promising job opportunity, but is really a way to obtain your password and gain access to other accounts. Here’s how to protect yourself.
Job Offers Aren’t Always as They Seem
You get an email that appears to be from a human resources department. They claim they found your info on LinkedIn. You’ve been searching for jobs and this seems like an answer to your hunt. The email looks legitimate. It often contains a company letterhead, a signature block, seemingly official email addresses, etc. The company asks you to click on a link to open a Google Docs file and share your information.
Don’t Click the Link
If you see this email, don’t click the link. It is actually a phishing attempt. The scammers have created public folder on Drive. When you click the link, you are directed to enter your password (as often happens when using Drive), but this time it isn’t Google asking, it’s the scammers and when you enter your password, they have it.
How to Protect Yourself
If you want to avoid this scam and others like it, I’ve got a simple piece of advice for you: don’t click on unknown links. If you receive an unsolicited email containing links or attachments, don’t click. You can find more advice for avoiding this scam from the BBB.
September 25, 2015
“AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.”
As experts and advocates in the cybersecurity space gear up to host National Cybersecurity Awareness Month in a few short weeks, there’s no time like the present to take a closer look at some statistics regarding identity theft. One of the most comprehensive looks at the impact that this type of crime has on its victims is the Identity Theft Resource Center’s annual Aftermath report, which follows up with victims who’ve reached out to their center for support.
The 2014 report, which compiled all of the information over the course of the 2013 calendar year, offered some key findings for the cybersecurity community:
• Age, race, location, and income level had very little to do with rates of victimization.
• Utility and cell phone accounts are highly lucrative for identity thieves.
• Criminal, Government, and Medical identity theft are on the rise.
• Most victims reported less than satisfactory experiences in working with law enforcement to clear up this crime.
• 94.2% of the victims reported that they are still highly engaged on the internet and through their mobile devices, despite having their identities stolen.
One of the more telling findings about the annual survey has been the change in behavior that many of the victims experienced. Even though almost all of the victims have said they’re still highly engaged online, approximately half of them have adopted some new habits as a result. One of the most important habits is the routine perusal of their credit reports, something that many people overlook as a preventative measure.
Other proactive behaviors can prevent issues with some of the increasingly common forms of identity theft. The survey found that the majority of Medical identity theft victims—whose identities were used to acquire medical services—only discovered their identities had been used fraudulently after they were billed for medical services. At the same time, of the 40% of victims who reported they’d suffered Government identity theft—when a thief had used their identities to apply for benefits, commit tax return fraud, or other related behaviors—the majority of victims typically find out their identities have been stolen after their legitimate documents or applications (such as a tax return) are rejected for being duplicates.
The results of this year’s Aftermath Survey will be released on October 15th as part of National Cyber Security Awareness Month. It is the ITRC’s hope that the findings will encourage the public to take steps to protect their data and monitor their identities before a thief has a chance to use them, we can reduce the number of victims and minimize the damage. Next month, when NCSAM is in full swing, be sure to follow up on the educational and informative content that can help stop identity theft and turn these proactive behaviors into good habits.
September 18, 2015
Jackie here. Plain and simple, smart devices are vulnerable to hacking. Many people, however, don’t think of cars as smart devices, but they are becoming increasingly automated and connected to other devices and systems. Here’s what you need to know when you get behind the wheel of your connected car.
Are Cars Hackable?
Are cars hackable? Technically yes, but in reality the answer is a lot more complex. Some cars aren’t hackable at all. If you drive an older model car that doesn’t connect to the internet, it likely can’t be hacked. Newer cars may be able to be hacked, but the process is complicated and isn’t something everyone has the knowledge to do.
Researchers have successfully hacked multiple cars, but the process is difficult. In one instance the researchers had to have physical access to components under the dash to be able to change the software to enable remote operation. This means that while possible, your car won’t be hacked by a random stranger in a faraway location. To be successful, the hacker would need physical access to your car and the mechanics inside. Hacking a car isn’t a simple feat. In another “hack”, the researchers damaged the vehicle multiple times, requiring repair, before they were successful.
While some vulnerabilities have been discovered (allowing the researchers to successfully hack cars), many of these have been corrected. That’s not to say there aren’t others, but as problems are found, they are often corrected by the manufacturer.
Technology is changing how we think about security. Hacking was once only a worry for computers, but now it is something to consider with almost every device you buy.
September 16, 2015
Jackie here. How many Facebook friends do you have? Do you know them all? I recently read an article about how Facebook friends could impact your creditworthiness. It sounded too creepy to be true, so I did a bit of digging. Here’s what I found out.
Facebook Friends and Creditworthiness… What’s the Link?
Several years ago, Facebook started exploring the possibilities of using social media connections to determine creditworthiness. The idea has been touted as a tool to check credit on those without a credit score. But it doesn’t end there. According to some reports lenders may use your profile to check out friends, to share information should you go into default, to determine your odds of repayment, and more.
Facebook even filed patent paperwork that could potentially be used for this purpose. According to CNN Money, “Here’s how it would work: You apply for a loan and your would-be lender somehow examines the credit ratings of your Facebook friends. If the average credit rating of these members is at least a minimum credit score, the lender continues to process the loan application. Otherwise, the loan application is rejected.”
Would this work? The CNN Money article author has their doubts, “It’s not clear if Facebook would ever try to use the patent for lending, or how exactly it would work. How practical is it for a lender to try to access all the necessary information it needs from your Facebook friends?”
The questions remain, but one thing we do know is that social media may have larger implications than one would initially expect. Be careful what you share. Choose your friends with caution and be sure to check those privacy settings.
September 15, 2015
Karen Taylor for AllClear ID
Brand resilience is a new strategic initiative for risk professionals, says Forrester Research in a new report for security and risk professionals.
Brand reputation and customer loyalty are intangible assets that are rarely viewed as risk categories. Yet, risk teams should be involved in protecting them to help strengthen a company’s brand resilience, stated Forrester Research in a new report, Brand Resilience: Understanding Risk Managers’ Key Role in Protecting Company Reputation.
Brand resilience is “the ability of the brand experience to live up to and remain consistent with the brand promise, maintaining its integrity even in the face of damaging interactions, events, or circumstances.”
Brand resilience is reinforced when companies forge a tight alignment between its values and the perceptions that people actually have of the brand, said Forrester.
When there is a gap between the brand promise and the brand experience, brands “become more susceptible to breaches that violate customers’ trust, and customers form brand impressions that are incongruent with the values and image that the company tries to represent.” This could result in significant risks from which companies “may never fully recover.”
While brand resilience is not itself a risk category, it is the result of any risk event. According to the report, risk professionals should be more active in protecting brand value.
Reputation Risk is a Growing Concern
In today’s uncertain business climate, consumer trust and loyalty are critical, but vulnerable, company assets. Worse, once compromised, the damage is difficult to repair. In fact, any breach of customer loyalty heightens the impact — as well as the probability — of damage from any other risk event, no matter the source, says Forrester.
Yet, they reported that “risk pros are failing to address growing risks to their firms’ reputations.” This is a mistake, because “in the age of the customer, reputational risk has become a major issue for business leaders.”
Today corporate reputation has even eclipsed other more traditional risk categories, like finance, regulatory, and the supply chain.
Risk’s Role in Brand Resilience
Risk professionals may wonder why a company’s reputation management should fall under their job responsibilities. After all, marketing is typically in charge of brand-related issues.
Forrester found three leading reasons why risk pros should get involved in brand-related issues:
1. Empowered Consumers.
Risk pros overlook the impact of empowered customers on their risk environments, including disrupting markets, upending competitive advantages, and determining companies’ success.
Today “customers’ perceptions and views matter,” noted Forrester. “Yet, risk teams remain focused on financial controls, change management, and IT compliance issues instead of adjusting their priorities to mitigate the customer-facing risks that consume greater amounts of companies’ resources, strategic plans, and innovation.”
2. Marketing Lacks Risk Experience.
While brand and marketing professionals are often put in charge of reputational risk, they are usually ill-equipped to appropriately track and evaluate risk, which leaves organizations exposed.
What’s more, corporate reputation often extends into areas far beyond the purview of marketers. Marketing teams have little control or impact on risks like data security breaches, workplace safety, and product quality issues. Risk professionals could supply the missing links.
“To strengthen their relevance in the organization, risk pros should complement their marketing team by helping them build brand resilience and customers’ trust,” stated Forrester.
3. Siloing Brand Risk.
Risk professionals typically miscategorize brand reputation risk. They often relegate it to its own risk category, thereby diminishing the impact of reputation damage on other risk categories. Instead, risk professionals should view the entire company-wide impact of any brand reputation breach — such as a personal data breach, which will impact many departments.
In recent months, we’ve seen the impact that a mismanaged data breach response can have on brand reputation. For risk professionals to successfully safeguard brand risk, they must begin to think of data breach preparation as a critical component of their traditional risk mitigation role. An effective response to a data breach can help repair relationships with customers and preserve brand loyalty after a data breach event. Planning and training in advance of an incident will minimize mistakes and costly missteps.
September 8, 2015
Jackie here. We talk a lot about passwords being the key to your accounts, but what happens you lose that key? Security questions to the rescue! These little questions are just as important as your password. How do you choose a good one? What should you avoid?
What Makes a Good Security Question?
Let’s start by taking a little quiz. I’ll list a few security questions below. Which questions do you think are strong?
• In what city were you born?
• What was the name of your favorite elementary school teacher?
• What is the name of your pet?
• Who is your favorite historical figure?
• What did you eat for dinner last night?
If you weren’t sure if the above questions are strong or not, here are some tips for picking the better questions. A good security question needs several key components. It should be impossible to guess or research, unchanging, memorable, simple, and have many potential answers (but only one answer to you). The key to a good question is an answer you’ll know, but no one else will.
Let’s look at the questions above and determine which questions are the better options on the list.
In what city were you born?- This question is problematic as it is easily researched. It may be public record and it is even an answer people may list on their Facebook profiles. Not a good choice for a security question.
What was the name of your favorite elementary school teacher?- This question is better. Few people probably know your favorite teacher in elementary school, but this is a question you’re likely to remember, especially if a specific teacher had a big impact on you.
What is the name of your pet?- If you frequently post online about your pet, this question is not the one to choose. This answer would be well known by anyone that knows you and is probably easily found on your Facebook profile.
Who is your favorite historical figure?- This is a good security question, provided you remember the answer. If you choose a question like this, make sure you choose a memorable answer.
What did you eat for dinner last night?- Although hard to guess, this question is constantly changing and will be impossible to remember. Not a good option for a security question.
While security questions are often pre-selected, you generally have a choice of options. Look for the best possible questions and choose answers that you will remember, but that others cannot easily figure out. If you can’t choose a unique question, consider creating a unique answer. You don’t have to answer with the actual correct answer if you’ll remember something else.
What Do I Do If I Forget My Answer?
Choosing a security question with a memorable answer is important, but what happens if you do forget? Every company handles this situation differently, but many will allow you to reset your questions with either a rescue email address (online) or a call in to verify your identity with a customer service representative. It is typically much easier to reset a password than a security question so make sure your answers are ones you’ll remember.
Do you have any tips for choosing good security questions and answers?
September 2, 2015
Jackie here. You’ve got a question… what do you do? If you’re like me, you turn to the internet. I often believe that I can find the answer to anything online. That’s what’s makes this new scam so scary. Scammers are using our urge to find information online to set up unsuspecting victims. They are setting up fake websites and customer service lines that seem to be associated with big name companies.
Here’s how you can avoid this scam:
Start with the URL (if you can)- If you know a company’s official web address, start your search for phone numbers and information there. Look for a “Contact Us” page or something similar. If you can’t find a link on the main page, scroll to the bottom and look in the fine print. You may also be able to locate contact details using a site map if one’s available. It might take time to find contact details from the main company website, but it is a lot safer than calling a random number you find using a search.
First Isn’t Always Best- How do you find the right website for a particular company? Hint: it isn’t always the first web address you find. Scammers may use familiar looking variations of a company’s name or website address. The first phone number or website you find might not be legitimate, as these placements are often for sale on search engines.
There Isn’t Always a Phone Number- Some of us like to call companies with our problems, but as more and more companies embrace the internet, this isn’t always an option. Be aware that there may not be a toll free number available. Some companies choose to limit their communications to online chats, emails, etc. Others ask consumers to enter a phone number to receive a call back.
Keep Your Credit Card to Yourself- If you do call a number you find online, be cautious with your card information. Once they have you on the line, scammers will try to lower your defenses so you provide personal information or credit card details. Keep the information you share to a minimum.
Things you find online aren’t always true. Be careful when searching to avoid scams like this one.
August 24, 2015
Jackie here. If you have trouble remembering passwords, it might be tempting to save them in your browser for easy entry the next time around. I’ve got a warning for you… it might be easy, but it isn’t worth it. Don’t save your passwords in your browser. Here’s why.
With a Bit of Technical Know-How You Can Retrieve Passwords
In most cases, this isn’t something the average person can do, but with a bit of technical skill it is possible to retrieve saved passwords. You might think, “No big deal. I’m not ever away from computer much. Nothing will happen.” However, this isn’t limited to being able to log in to one particular account on a particular computer, but your actual password can be uncovered and then used anywhere. Even worse, it only takes a few seconds. And for those of you that reuse passwords, this poses an even bigger security risk as one password will let hackers into multiple accounts.
If you want to know the ins and outs of how it’s done, check out this article from Business Insider. In the meantime, don’t save your passwords in your browser. If it has been a while since you’ve created new ones, change your passwords. More tips on password safety can be found here.
August 20, 2015
Jackie here. Before you know it, school will be back in session (for some of you, it has already happened). Let’s do a quick refresher on ID theft protection for back to school. These tips are perfect for any student, regardless of age.
Limit Use of SSNs
If your school, preschool, or daycare is asking for a SSN, ask why. Often, the number isn’t necessary and another identifier can be used. If it turns out to be necessary, ask how it will be protected. Another option is to simply skip the number when filling out the forms; you may not be asked for it later.
Give the Information Directly to the Source
When filling out forms with sensitive information, do your best to get them directly to their final destination. This can help to limit the number of eyes that see this personal information. Don’t clip your child’s form to a clipboard and pass it along, see the teacher or coach at a later time and turn it in directly.
Teach Your Child About ID Theft
Does your child know the basics of protecting against ID theft? While the information your child needs will vary depending on their age, even youngsters can benefit from a few basics. Send your child off to school prepared with these tips:
Shred- Every college student should have access to a shredder. Send one with your student when they head off to the dorms.
Lock Up Sensitive Paperwork- Your college student may need sensitive paperwork like their Social Security card or birth certificate with them at school (jobs, financial aid, etc.), but they do need to protect them. A small locking safe is a great investment.
Review Bank Statements- Teach your child to check bank statements and how to report fraud should it occur. They should also check their credit report often.
Be Careful When Signing Up for Cards- College students are often faced with their first credit card applications. Before they leave, help them opt-out of prescreened offers. Teach them the importance of using and choosing credit carefully.
Lock Your Phone and Computer- Phones and computers should always have a password
Advocate for Your Child
Child ID theft is a problem, so educate yourself and keep your child safe. This fact sheet from the Identity Theft Resource Center has some valuable tips every parent needs to know.
Help keep your kids safe this school year by talking to them about ID theft.
July 31, 2015
Jackie here. Are you having trouble with Flash lately? I’ve been having a few issues and this article from Yahoo! Tech explains why. If you use Flash, you need to read this.
The Problem with Flash
Flash is great for streaming video and running games inside of web pages, but that isn’t all it is good for. Thieves and scammers love the platform too. The fact that Flash can run complex scripts right inside of your browser creates vulnerabilities that thieves can exploit. Scripts can be created to access your computer and make changes to it, without your knowledge or consent. This allows for complex spying operations, etc. The very things that make Flash so useful also make it very dangerous.
In 2010 Apple said that Flash was a primary cause of Mac crashes. Flash has many vulnerabilities and more constantly being discovered. According to the Yahoo! article, in June 2015 alone there were 38 fixes for various Flash vulnerabilities.
What Can I Do?
Flash is problematic and many big companies want you to stop using it. Facebook, Google, Apple, and Mozilla have all spoken out against the software. The latest Firefox update even launched with Flash blocked (although this has been reversed) and Chrome disables Flash by default. While these companies see the problems with Flash, it is still used by some websites and applications. (If you’re curious if you have Flash, visit this webpage from Adobe.)
Are you willing to stop using Flash? Many websites have switched platforms so it shouldn’t impact your browsing experience much, but can really enhance your online security. Unless you need Flash for a specific website or use, it is best to disable it. You can have it installed, but disabled, and only enable it when you need it. Get detailed instructions here.
July 30, 2015
Karen Taylor for AllClear ID
California was the first state to enact breach-notification legislation in 2003. So it’s perhaps apropos that now, in 2015, California is the first state to openly oppose the federal government’s national Data Security and Breach Notification Act of 2015, which is currently under consideration by the House Energy and Commerce Committee.
California’s primary concern is, if passed into legislation, the new bill will undermine the state’s own laws, including the many updates and amplifications it has made to its laws over the years. The state says it has consumer protections that go beyond anything Congress is considering.
In a letter to the House Energy and Commerce Committee, California Attorney General Kamala Harris wrote: “I urge you to recognize the important role that states play in developing innovative approaches to consumer protection, and to reject a one-size-fits-all law that establishes a ceiling rather than a floor on data security and data breach notification and consumer protection.”
Six consumers groups also wrote letters supporting California’s stance, urging the members of Congress to defeat the proposed federal bill, including Privacy Rights Clearinghouse, Consumer Federation of California, Consumer Watchdog, World Privacy Forum, The Utility Reform Network (TURN), and Consumer Action.
In their response, they stated: “It is among the strongest such laws in the country, and offers Californians significant consumer protections. It has served as a model for legislation enacted on dozens of states.”
They point out that the proposed federal legislation will upend many aspects of California’s breach notification laws such as:
• The California requirement that a breached entity provide notice to the California Attorney General.
• The right of security breach victims to sue to recover damages.
• The state’s requirement for breached entities to provide identity theft prevention and mitigation services to residents whose private information has been hacked or exposed.
• California’s Song-Beverly Credit Card Act, which makes it illegal to record a credit card holder’s personal identification information during a transaction.
California also pointed out that it has updated many of its laws over the years in direct response to emerging threats and rapidly changing technology. “For example, in 2008, in response to burgeoning medical identity theft and its life-threatening impact for California residents, medical and health insurance information were added to the personal information covered by the law.
“In 2013, with evidence that criminal organizations were targeting online account credentials, the law was amended, expanding the scope of personal information subject to existing security breach disclosure requirements to include a user name or email address, in combination with a password or security question and answer that permits access to an online account.”
California isn’t the only state to oppose the bill. Others are beginning to voice their opinions, as well.
Meanwhile, many businesses have lent their support for the bill. In January, the National Retail Federation announced its support, stating: “We urge you to adopt a framework for a federal law that applies to all entities handling sensitive personal information and that would establish uniform, nationwide standards to ensure clear, concise, and consistent notices to all affected consumers whenever or wherever a breach occurs.”
Forbes journalist, Adam Levin, recently wrote about the issue. “We need a strong federal law, but … any proposed bill that threatens to weaken existing laws has to be challenged, quickly and without equivocation.”
It remains to be seen how the proposed federal bill will fare in Congress, and what the implications will be for the future of breach notification. Regardless of the outcome, businesses should prepare today to respond effectively and rapidly to data breach events — because customers, regulators, and the media expect it.
July 27, 2015
Jackie here. Many of us love to take selfies, and one company is seeking to take advantage of that selfie love to make online transactions more secure. The Mastercard pilot program uses a binary code created from a selfie to authorize transactions instead of a typed password. The program is currently rather small, but if it works, you might be using your face to verify your payments soon.
How Does It Work?
The selfie identification program is only in the works for Mastercard users at the moment. It is part of a special service known as “Paying with Mastercard Identity Check”, and seeks to reduce fraud with an extra layer of security at the time of payment. The full details of the program won’t be unveiled until it is out of the testing phase, but right now we know that the selfie program is expected to be a part of the company’s smartphone app. Users will have the choice of a facial scan (done via selfie) or a fingerprint for identification.
What Can I Do Now?
The selfie program is currently just in the testing phase, so it isn’t yet available to regular users. In the meantime, how can you protect yourself from credit card fraud? Your best option is to be vigilant. Check your statements often and report any suspicious activity immediately. Credit card fraud might be a pain, but you’re not liable for fraudulent purchases, provided you report them.
Would you take a selfie to verify your identity?
July 24, 2015
Jackie here. Hitting the road? Make sure you let your bank or credit card company know. This one simple step can keep your bank from freezing your card, a big hassle when you’re out traveling. Informing your bank before any trip out of town is a good idea, but it is even more important if you’ll be traveling internationally.
Why do you need to inform your bank before a big trip? Keeping your bank informed of your travel patterns helps them to know where you’ll be and to spot unfamiliar activity quickly. Often, banks put cards on hold when unfamiliar purchasing patterns appear (can be a sign of fraud). Since you’re in a different location and buying different things when you’re on a trip, getting your card shut down is a common occurrence.
If you do forget and your card does stop working, call your bank immediately. Often they can turn your card back on when you verify the purchases in question are actually yours.
Do you have any other summer travel tips you’d like to share?
June 19, 2015
“AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.”
One of the fastest growing forms of identity theft-related crime is tax refund fraud, which occurs when a thief files a false tax return using your personally identifiable information. This crime, which some experts estimate costs the IRS over $4 billion a year in faulty refunds, often goes undiscovered until the victim attempts to file his or her legitimate tax return and has it flagged as a duplicate.
Unfortunately, once someone has discovered that they are a victim of tax identity theft, they will struggle with the issue for many years to come. So just how does someone who has been victimized prepare for tax time? While the old “ounce of prevention” saying applies in so many different situations, this is truly one of those events that offer the victim almost no recourse other than keeping a thief from filing in the first place.
The most important thing you can do is to file your tax return early, literally in order to beat a thief to it. If anyone is going to find out that a return has already been filed in your name, you really want it to be the thief, not you. If you prepare your documentation in December, you’ll be ready to file after January 1st, the moment all of the paperwork is in order. There’s no reason to wait until April 15th, especially not when your tax refund is at stake. You will want to make sure that your employer is aware of your situation so that they can get your tax documents to you as soon as possible to enable early filing.
One of the tools that tax identity theft victims often overlook is using the resources of the IRS itself. While many victims are understandably disgruntled with the tax giant, you can be assured that the IRS dislikes identity theft as much as you do. Fighting identity theft has been an ongoing battle, and they are working to provide help to victims. Tax identity theft victims should contact the IRS Identity Protection Specialized Unit (IPSU) at 1-800-908-4490 as soon as they are aware of any problems or if they have questions or issues related to their filing. If you have contacted the IPSU and have not had a resolution to your case, you should contact the Taxpayer Advocate Service toll-free at 877-777-4778.
An important step to minimize the time spent on your identity theft case is being well organized. You should have filed a police report when you first found out you were a victim of identity theft. Keep a copy of this police report in a central, protected location. Along with this document, you should have a copy of any communication you have had with the IRS, including your IRS Fraud Affidavit. Just as you keep records of past tax returns, receipts and other documentation you need to file, hold on and protect these items.
Victims of tax identity theft must also remember that if your return was filed by a thief, that thief has your information and could easily have used it for other purposes. As soon as you learn of the false return, you should take steps to ascertain whether other aspects of your identity have been compromised. These steps include ordering a copy of their credit reports, closely reviewing financial statements, and even health insurance benefit statements.
If you are currently in the process of resolving tax-related identity theft, keep these resources in mind. As you look to the next tax season, try to start planning early to be sure you are able to file as early as possible. December is only six months away, so the time to prepare will be here before you know it.
June 17, 2015
Jackie here. We talk a lot about checking your credit report and bank statements for signs of ID theft, but making fraudulent charges on your accounts isn’t the only way thieves can use your identity. Thieves also love using not-so-well-known methods for theft as they can often avoid detection for much longer. Which of these types of identity fraud were you aware of?
Medical care can be expensive, making health insurance a gold mine for thieves. Thieves can steal your insurance information and pretend to be you at the doctor or pharmacy. This isn’t just a financial nightmare; it can also lead to serious medical problems including cancelled insurance and conflicting medical records (which can lead to treatment difficulties).
Medical ID theft is surprisingly common. It is estimated that at least 2.3 million American adults have fallen victim to medical ID theft and the number continues to grow. Resolution is difficult too. Only 10% of respondents in a Ponemon survey had satisfactorily resolved their problem.
Some thieves commit criminal ID theft by giving another person’s name, driver’s license number, or SSN during a criminal investigation. This can lead to arrest warrants in your name for crimes you didn’t commit. Although this type of ID theft is concerning, it is luckily rather uncommon. Here are some tips if you do find yourself in trouble.
Social Media Accounts
Your social media accounts are vulnerable to hacking. Thieves can gain control of your accounts and use them to solicit money from friends and to spread malware and other harmful links. Hacking your actual accounts isn’t the only way thieves take advantage of your identity on social media; some thieves create secondary accounts using your name and your pictures to trick friends into “friending” you so the scammers can attempt to take advantage of them.
Tax ID theft topped the list of FTC consumer complaints in 2014, with the problem only expected to continue growing. Tax ID theft occurs when thieves file taxes in your name and take your refund. One of the best ways to fight this problem is to be sure you file early.
Are identity thieves lurking in your computer? Thieves use malware, ransomware, and other types of malicious software to take over your computer. Thieves can track your typing to obtain your login credentials, lock up your computer until you pay a fee, and redirect you to their websites when you browse the web. Antivirus software is essential, as is keeping up on your updates. Here are some more tips for keeping your computer ID theft free.
While the methods listed above are some of the larger problems when it comes to lesser known types of ID theft, they aren’t the only things to watch out for. Thieves may also take advantage of your frequent flier miles, hotel points, gift cards, chat programs, etc. If it’s valuable, odds are thieves have found a way to take advantage.
June 12, 2015
Jackie here. What secrets does Google know about you? Your internet search history is packed with information you might not like the world to know. For a quick lesson in privacy, take a look at your search history and see what you’ve been inadvertently sharing. This simple exercise is very revealing of how much information we actually share online and how important protecting privacy actually is. What does your search history reveal about you?
Finding Your Google Search History
To access your Google Search history, head to the Google Web History page, click on the gear and select “Download” (detailed instructions here). You’ll need to log in to your Google account and accept a few authorizations. Google will then prepare your archive and send you a link when it’s ready. Then, you can download your history to Google Drive and take a peak. The file will be zipped so you’ll need to unzip it. Files will be arranged by date.
Just so you know, the files are JSON files which can be difficult to decipher, but if you use the search feature to find “query_text” you’ll be directed right to your search history. If you’ve turned the Web History feature off previously, you won’t be able to access your results.
What Can You Do?
If your results are a bit shocking (or a little embarrassing), there isn’t much you can do (short of revising what you search for in the future), but you can tweak a few settings.
Turn off Search History- You can turn off the Search History feature in Google from your Account History page. This will keep your searches from impacting the results of future searches (and will keep you from getting any results the next time you download your history), but won’t keep Google from having access your search information for internal purposes. While you’re there, you may want to tweak a few of the other privacy settings there (like location mapping). Be aware that turning off Search History will mean less personalized, and possibly less relevant results.
June 9, 2015
Karen Taylor for AllClear ID
On April 15, 2015, the House Energy and Commerce Committee approved the Data Security and Breach Notification Act by a 29-20 vote. If passed, the proposed act would be the first federal law that would require uniform regulations governing consumer notification of data breaches.
Over the past several years, the majority of U.S. states have created their own regulations around disclosure and notification after data breaches. But this federal bill could make them all moot if passed into law — thereby, replacing all existing state laws with a single standard for compliance. As can be expected, there are pros and cons to this proposed legislative shake up.
Experts say the uniformity of the bill is its biggest strength and greatest weakness. The key negative expressed by industry professionals is that many existing state laws are more comprehensive, specific, and potent than the general federal bill. But, according to proponents, one of the biggest advantages of having one uniform federal law is that it simplifies a complex and confusing state-based regulatory landscape.
“Varied state data breach notification laws create a complicated patchwork of requirements,” wrote Reid J. Schar and Kathleen W. Gibbons, of Jenner & Block, in an article on Bloomberg BNA. “As (U.S.) states amend their laws, the landscape continues to shift. Companies that do business in multiple jurisdictions are at significant risk of failing to comply with one or more state notification statutes should a breach occur.”
The pending bill is not the first such measure introduced, but others “have all failed”. “However, given the number of individuals affected by, or likely to be affected by, a data breach and the fact that identity theft has topped the Federal Trade Commission’s ranking of consumer complaints for the fifteenth consecutive year, support for a national data breach notification law has never been stronger.”
Here are a few of the ways in which the pending federal breach notification bill might affect state laws:
Sets a national uniform breach notification timeframe.
The bill proposes that notification of a breach be provided to consumers within 30 days from when the scale of the breach was determined and once security has been restored. In contrast, existing state laws’ notification time varies (e.g., 10, 30, 45 days).
Reduces the scope of breach incidents that require notification to only those that cause potential “financial harm.”
This prerequisite “significantly narrows the basis for required notification in 33 states and D.C. The new language seeks to reduce the exposure to noncompliance that often compels organizations to either adhere to a ‘highest standard’ practice or risk costly violations,” according to Anne Peterson of Reed Smith. This means that depending on the type of data compromised by the breach, organizations will be left to decide whether the breach is considered severe enough to be reported.
Adjusts the definition of “personal information.”
The bill defines personal information as data tied to ID theft and/or payment fraud, such as: SS numbers; financial account credentials; other account credentials; driver’s license and other government-issued unique identification numbers; and more.
Gives enforcement authority almost exclusively to the FTC.
Critics of the bill oppose the expanded enforcement authority of the FTC, saying it restricts state attorneys general actions, as well as eliminates consumers’ private rights of action, which currently exist in 10 states.
Generalizes companies’ requirement to maintain ongoing security measurement and practice standards.
“The [bill] eliminates state data security laws with an unclear standard that surely will be litigated and left to judicial interpretation,” said New Jersey Democratic Rep. Frank Pallone.
It remains to be seen how this new development will play out. Before further action can be taken, the bill must be formally introduced into the House of Representatives. No matter which direction it goes, the fact remains that every company will need its own internal breach response plan to carry out in the event of a breach, according to national or state laws and regulations, as well as their own internal corporate policies surrounding consumer data security.
According to Schar and Gibbons, “It is critically important that companies maintain a comprehensive and regularly updated data breach response plan.”
June 7, 2015
Karen Taylor for AllClear ID
This is the first in a three-part series on the new “Verizon 2015 Data Breach Investigations Report.” The series shares highlights including: (1) updates on nine incident breach patterns, (2) security best-practice suggestions, and (3) “before and beyond the breach” insights.
Verizon recently published its 2015 Data Breach Investigations Report. The report includes updates on its innovative nine breach incident patterns, best practice recommendations for all nine patterns, as well as eight insights on “before and beyond the breach,” among other observations.
We’ve highlighted some of Verizon’s updates to its nine breach incident patterns before you dive into the 70-page report — including stats on the frequency of each security incident and the percentage of incidents with confirmed data breaches.
Updates to 9 Breach Patterns
In its 2014 report, Verizon researchers hit on a unique way present security breach data when it found that “92% of all 100,000+ incidents collected over the last 10 years fell into nine basic patterns.” In its 2015 report, Verizon stated: “While we saw many changes in the threat landscape in the last 12 months, these patterns still covered the vast majority of incidents (96%).” Here are some updates to these patterns:
Frequency of incidents across all security incidents — 25.1%
Percentage of incidents with confirmed data breaches — 18.8%
Crimeware incidents are “predominantly opportunistic and financially motivated in nature,” noted Verizon. While not much changed from 2014, Verizon found: “Malware used to launch DDoS attacks jumped from #8 to #2 in threat action variety.”
2. Insider Misuse
Frequency of incidents across all security incidents — 20.6%
Percentage of incidents with confirmed data breaches — 10.6%
“As with prior years, the top action (55%) was privilege abuse … in virtually every industry,” says Verizon. What’s more, end-user-instigated incidents rose to the top position, over cashiers, to 37.6%. “This is disconcerting news, considering how many regular end users make up the population of any given organization.”
3. Physical Theft and Loss
Frequency of incidents across all security incidents — 15.3%
Percentage of incidents with confirmed data breaches — 3.3%
Verizon noted. “Like last year, most of the theft occurred within the victim’s work area (55%), but employee-owned vehicles (22%) are also a common location for thefts to occur.”
4. Web App Attacks
Frequency of incidents across all security incidents — 4.1%
Percentage of incidents with confirmed data breaches — 9.4%
“Organized crime became the most frequently seen threat actor for Web App Attacks, with financial gain being the most common of the primary motives,” stated the report. “Over 95% of these incidents involved harvesting creds from customer devices, then logging into web applications with them.”
5. Denial of Service
Frequency of incidents across all security incidents — 3.9%
Percentage of incidents with confirmed data breaches — 3.1%
“Distributed denial-of-service (DDoS) attacks got worse again this year with our reporting partners logging double the number of incidents from last year,” reported Verizon. “However, we also noticed an interesting pattern … we saw some indication that there may be two distinct tiers — or clusters — of DDoS attacks based on bandwidth, velocity, and duration.”
6. Cyber Espionage
Frequency of incidents across all security incidents — 0.8%
Percentage of incidents with confirmed data breaches — 18%
“The vector of malware installation is mostly through phishing, but was split between either attachments or links, and malware installed through web drive-by has made a stronger than normal appearance this year,” Verizon reported.
7. Point-of-Sale Intrusions
Frequency of incidents across all security incidents — 0.7%
Percentage of incidents with confirmed data breaches — 28.5%
Contrary to industry beliefs, point-of-sale intrusions are on the rise, the Verizon study finds. “The evolution of attacks against POS systems continued in 2014 with large organizations suffering breaches alongside the smaller retailers and restaurants.”
8. Payment Card Skimmers
Frequency of incidents across all security incidents — 0.1%
Percentage of incidents with confirmed data breaches — 3.1%
Card skimmers continue to innovate, reports Verizon. “This year’s improvements include the use of ridiculously thin and translucent skimmers that fit inside the card reader slot as well as direct tapping of the device electronics to capture the data with nary a trace of visibility.”
9. Miscellaneous Errors
Frequency of incidents across all security incidents — 29.4%
Percentage of incidents with confirmed data breaches — 8.1%
“As with years past, errors made by internal staff, especially system administrators who were the prime actors in over 60% of incidents, represent a significant volume of breaches,” reported Verizon.
One Breach Response Solution for All Breach Patterns
No matter which breach pattern penetrates your company’s security measures, there is only one way to ensure your response is swift and well-orchestrated — by creating a breach response plan before any attack or mistake occurs. When done right, breach response plans prepare your company to respond quickly, accurately, and with the best interest of your business and your customers front and center.
June 5, 2015
Jackie here. Summer’s coming, and that means everyone needs to be on the lookout for travel scams. Stay safe during your travels by brushing up on common scams before you hit the road. The Better Business Bureau has created an amazing infographic highlighting 40 of the most common travel scams. We’ll cover a few of the scams seen around the world below, but make sure you check out the complete list as well. Some of the scams are specific to a certain location so be sure to look for your summer destination on the list.
Fake Front Desk Call
You’re happily sleeping in your hotel room when the phone rings. It’s the front desk calling to verify some credit card information. Don’t share your info. The caller is actually an identity thief trying to get your card number. Instead, head down to the front desk and verify your information in person. This scam often occurs in the middle of the night to discourage guests from heading to the front desk. If you don’t want to get up in the middle of the night, surely they can wait until the morning.
You check into a hotel and grab the pizza flyer slipped under the door to order some dinner. Unfortunately, the flyer’s a fake. Dinner’s not coming and you just shared your card details with a thief. If you want to order takeout, look up the number online or in a phone book. Don’t trust fliers you find in your hotel room.
The Expensive Taxi
When you don’t know your way around a town, you don’t really know the quickest route from Point A to Point B. Some taxi drivers like to take advantage of this fact, taking unwitting riders on longer than necessary rides to rack up the charges. This one’s hard to avoid, but try to use licensed taxis if possible. Your hotel may have recommendations about which taxi service can be trusted.
Overly Helpful Locals
ATMs can be confusing in other countries, especially if you aren’t fluent in the language. In this scam, a helpful local will offer to help you navigate the cash machine, but really they are just memorizing your PIN. Later they’ll pickpocket your wallet or make off with your cash. Never use the ATM in the presence of a stranger. Cover the keypad when entering your PIN. A variation of this scam involves stealing your money as soon as it is dispensed.
May your summer be filled with fun, and scam-free travels.
May 29, 2015
Jackie here. How do you know when a scam comes calling? The Better Business Bureau has shared a recording of a real scammer calling a consumer. Head on over to their website and take a listen. While not every scam sounds the same, many of the call-in scams will sound similar. Knowing what to look for can help you stay protected from ID theft.
What Should You Do?
If you get a call like this one, what should you do? Here are some simple tips for dealing with scammers on the phone.
Hang Up- If it sounds like a scam, it probably is. Hang up the phone. You don’t need to be nice; just hang up. If you’re worried about missing crucial information from a company you do business with, call them back using a known phone number. Scammers often use popular companies to trick you into sharing information. Just because they say they are calling from Microsoft or your bank, doesn’t mean they actually are. Don’t engage with scammers like the caller in the BBB clip.
Report the Call- After a call, report it. Any information you have may help law enforcement to shut down the scam. The FTC Complaint Assistant is an easy way to report scam phone calls. It just takes a couple of minutes and can be done entirely online.
Most Importantly…Don’t Share Any Personal Information- Don’t give the scammers any information they don’t already have. Don’t share any personal information including your name, address, Social Security number, bank information, account numbers, etc. Some scammers tell you they need your information to verify your identity. If you didn’t make the call yourself, don’t verify anything.
Have you ever received a scam phone call? Let us know what happened and how you knew it was a scam.
May 28, 2015
AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.
Just about everything is online these days. Many items that used to require going to a store to purchase can now be acquired from the comfort of your living room or on the go with your smartphone or tablet. Shopping isn’t the only thing that can be done online, either. It’s also possible to look for jobs, apartments, and service providers online. While the rise of online marketplaces has made shopping, job hunting, and apartment searches more convenient, it has also made us more vulnerable to scams and identity theft. Here are some tips to protect yourself while using online marketplaces.
Make sure that you do not give out your Personally Identifying Information (PII) until the right time. If a potential employer has not scheduled an in-person interview with you, but needs your Social Security number to run a background check, that’s a huge red flag. In addition, you should make sure that you have seen any housing you are looking at renting or buying before you offer up your PII or any type of deposit. You should do more than just drive by, as well. Just because a building is actually there doesn’t mean it is for rent, so do yourself a favor and ask questions of the landlord or manager and don’t be afraid to voice any concern you may have. Only once you are sure the property is legitimately available should you supply the information for a credit check needed to obtain the apartment.
Avoid alternative payment methods when transacting online. Wire transfers, specifically via Western Union, are often used in scams. While this may be an obvious red flag when you are buying or selling something online, this can also be used in employment or housing scams. A potential employer may state that they will pay you via Western Union, or ask that you pay your first month’s rent via wire transfer. These are most likely scams and should be avoided. Other forms of payment that can be a red flag for fraud are cashier’s checks, money grams, and personal checks. These can be made fraudulently and liability will be transferred to the person taking the payment if false funds are deposited into their bank account.
Most importantly, remember who is responsible for activities on online marketplaces. Most online marketplaces have a robust amount of information on avoiding scams while using their sites. Why do they do this? Because scammers are increasing their efforts to scam more and more people every day. You must remember, though, that online marketplaces ARE NOT, by law responsible for any nefarious activity taking place on their websites. Look at it this way – if you went into a department store and an employee ripped you off you could complain to the management of the department store and could reasonably expect for the situation to be resolved. This is not the case with sites such as Craigslist, eBay and others. The people you are doing transactions with, whether they be property managers, potential employers or merchants, are not associated with the site itself and therefore the site is not responsible for their actions. The bottom line is that if something does go wrong, there’s usually not going to be anyone to fix the problem for you.
All of these warnings make online marketplaces sound like risky places to conduct business. However, by being cautious with your information you can navigate your way through transactions to get what you need, when you need it. Keeping these tips in mind can help you avoid fraud, scams and identity theft.
May 18, 2015
Jackie here. These days, it may seem like almost any bit of personal information about you can be used by fraudsters to commit ID theft. While methods are evolving, there are some standard pieces of information that make it much easier to pose as another person. Let’s take a look at what information thieves need to capitalize on your identity.
You use it all the time. It’s on your name tag at work, proudly displayed across your social accounts, and something you share with the doctors, repair people, and even strangers at the grocery store. Your name is a big key to your identity. That doesn’t mean you should start keeping it a secret, though. Your name might be one key to your identity, but typically it must be paired with other information for ID theft to occur. What’s more, in some instances, ID thieves don’t use your real name at all, but instead pair other pieces of your identifying information with a different name.
Your Social Security Number
Who have you shared your SSN with lately? You might not openly tell this number to friends and family, but odds are you’ve given it to doctors, utility companies, and others more times than you realize over the years.
Your address isn’t typically a secret (friends, family, and neighbors all know it), but it is an important part of your identity. With a name and an address, thieves can often access accounts, sometimes even sensitive ones. Your address can also be used to redirect mail, giving identity thieves a treasure trove of personal information. While you can’t keep your address a complete secret, you can take steps to better protect it. Don’t share it openly on sites like Facebook or Twitter. LexisNexis found that a surprising 20% of consumers admit to sharing their addresses on social media.
Your Date of Birth
If your PIN for your bank account is the year of your birth, change it immediately. Every combination of 19XX make up the top 20% of most common PIN numbers. Your birthdate can also be the final piece of identifying information to unlock various accounts.
These four keys to your identity are things we share daily. In fact, the only thing on this list that you don’t share often is your SSN. Do your best to protect your information, but know that it is out there. Watch closely for the signs of ID theft so you can catch it quickly if it does occur.
May 15, 2015
Jackie here. Could a changing security code be the key to fighting credit card fraud? One card manufacturer hopes that their prototype credit card with a changing verification code (that 3 digit code sometimes called a CVV) will be in your wallet soon. Let’s take a quick look at this idea for fighting credit card fraud.
At first glance, the new card from Oberthur Technologies looks just like any other credit card. It is a standard size and just .76 millimeters thick. The main difference between this card and the ones you already have is the changing code on the back. The code changes every 40 to 60 minutes to a new randomized number. This number is displayed on a small, postage stamp sized screen. The small screen is battery powered and designed to last 3 years without a charge.
If your card information is written down, it won’t work later as the code will have changed. Without the new code, the card won’t work. One potential downside to this is you could not input the card information to make automatic payments for bills and other expenses, as the CVV changes so often.
A Better Solution?
This card is touted as a better solution to credit card fraud than the CHIP-enabled cards companies are now using. These cards have a specialized chip that discourages fraud when used with a special reader, but fraudsters will likely circumvent the chips by heading online where chip verification isn’t currently possible.
Since this card can be used both online and off, it may be a more comprehensive solution to credit card fraud. Only time will tell if this card becomes available to the masses and will really cut down on fraud.
May 12, 2015
Jackie here. Is your home smart? I spotted an alarming article on Yahoo about the potential vulnerabilities in smart homes. A majority of smart devices are hackable (one study found 7 out of 10 devices had some sort of vulnerability). While the threat isn’t big for now, it is likely that as smart homes – homes with smart devices that are increasingly connect to the internet and each other – become more common, hackings will become more common. What can you do?
Secure Your Router
The biggest thing you can do to protect your home is secure your router. This is the most common way that thieves gain access to home networks. The router basically acts as the door to your network and it’s a lot easier to walk through the door than crawl through a window. Securing this one point can greatly increase the security of your home network, even if you change nothing else.
Change Default Log-ins- When you set up your router make sure you change the default username and password. Since these credentials are typically the same on similar devices, they are very easy to crack. Choose a unique username and password combination. Consider enabling the guest function as well so visitors to your home can use your router without access to your primary password. Make sure your administrator password and your Wi-Fi password are different.
Use WPA2- Most new routers are automatically configured to use WPA2, but be sure to check your router to confirm. This function encrypts data going in and out of your router and leads to enhanced security of the personal information you transmit over the router.
Stay on Top of Updates- Update, update, update. Vulnerabilities happen from time to time and updates are the best way to ensure your device is protected. As problems are discovered, updates to the firmware are created to correct them. Failing to update your firmware can leave your network very unsecure.
Consider a Second Network- Some people choose to use two networks: one for their computers and one for their smart devices. This ensures that should your smart devices be compromised, your more valuable information stays secure.
Smart devices are the way of the future. Learning how to use them wisely and increasing your knowledge about smart device security is essential to keeping your personal information secure.
May 5, 2015
Jackie here. Protecting your identity doesn’t have to cost a lot of money. Here are some free tools you can use to help keep your identity safe.
Free Yearly Credit Report
Under the Fair Credit Reporting Act, you’re entitled to a copy of your credit report from each of the credit bureaus once a year. You can take all three at once, or spread them out over the year. Get your free credit reports from annualcreditreport.com – this is the only website where you can pull your credit report for free under the FCRA. Your free reports won’t list a numerical credit score, but if you want to get an idea where you’re at, try the free FICO score estimator. Just answer a few questions using your credit reports and you’ll get a range that your score will likely fall into.
Are you at an increased risk for ID theft? A fraud alert makes it harder for identity thieves to open accounts in your name by requiring businesses to contact you before issuing credit. You can place one on your file by contacting one of the three credit bureaus (they will then contact the other two). This tool can protect you for 90 days and is especially useful if you’ve found unauthorized accounts on your credit. Keep in mind that putting a fraud alert on your account can also lengthen the process for you to open legitimate lines of credit, as businesses will need to contact you before issuing credit as well.
File for a fraud alert here. Remember, you only have to file with one of the three credit bureaus to get protection from all three:
Anti-virus software is a great first line defense against malware. You don’t have to spend a bundle to protect your computer from viruses and malware threats. Most free options have scaled back features when compared to the paid versions from the same company, but are good options to test out the service and for those on a budget. Here are some free anti-virus options:
For extra protection from malware (a big ID theft threat), try anti-malware software. Malwarebytes has a free version available.
Opt Out for Pre-Approved Credit
Those pre-approved credit card offers are a gold mine for identity thieves. Make sure you aren’t making it easy for someone to obtain credit in your name. Opt out of pre-approved credit offers by visiting OptOutPrescreen.com.
Which of these free identity protecting tools have you tried?
May 4, 2015
Jackie here. A weak password is a problem, but what’s the solution? Yahoo rolled out a new password system that generates an ever-changing password for their users. Best of all, this password comes on demand, so you don’t have to remember a thing (and its only 4 digits). Will this new idea become a viable alternative to the password?
A New Password Every Time
Do you have a hard time remembering your account passwords? Yahoo’s new system eliminates the need to remember a password by texting you one each time you want to log in. Simply activate the system, register your phone, and never remember your Yahoo password again.
If you have a Yahoo account and want to sign up, here’s what to do:
• Log In- use your existing password
• Enable On-Demand Passwords- You’ll find this option in the security settings.
• Register Your Phone- Follow the process to register your phone. You’ll need to use a phone that can receive text messages.
• Log In- The next time you go to log in, you won’t see a spot for a password, but rather a button that says, “Send My Password”. Click the button and a 4 digit password will be sent to your phone.
Yahoo hopes this system will provide a replacement to the password and will make their site more user-friendly and boost online security.
What do you think of Yahoo’s new password system? Will you try it?
April 30, 2015
Jackie here. We talk a great deal about protecting our personal information, but even with safe sharing practices, information is out there. With so much information posted online and in public records that are easily accessed, some information you can’t keep secret. There are even companies, called data brokers, that have created files on almost everyone and will share this information with others for a small fee. What can you do?
I recently read an article on AARP that talked about these information-packed files. The author ordered a report on himself (it cost just $33) that revealed information like past employers, places he’d lived, birth date, relatives, and more, all the information a scammer might need to trick him into a falling for a scam or to commit ID theft. These websites are perfectly legal, both to run and to use, and there is little you can do to keep your information off of them.
Since personal information is the key to identity theft, these websites are a bit disturbing, especially to those that value privacy. Here are some tips for protecting yourself in a world where personal information isn’t so personal.
Opt-Out When You Can- Some of these companies allow opt-outs, but know the process can be tricky and some companies charge a fee. You’ll find detailed information about some of the available opt-outs here.
Lock Down Social Media- Some of the information on data brokering sites may be gathered from public information on social media sites like Facebook and Twitter. If you haven’t done so already, double check those privacy settings today.
Be Scam Smart- Scammers are tricky, and when armed with personal information may be able to make a convincing case. Be extremely cautious when you’re contacted out of the blue with offers, prizes, etc. It is very easy to hang up and call a company back using a known number.
Choose Security Questions Wisely- Many of these files have information like the name of your former high school or elementary school. When choosing the answers to security questions, keep these files in mind. Some people like to use obscure answers they will remember, but that might not be technically correct. You can answer your security questions however you choose, so try to make them as secure as possible.
April 17, 2015
Jackie here. We’ve advised you not to share your Social Security number unless absolutely necessary, but the tricky part is knowing when you must share and when you can say no, especially when you head to the doctor’s office. There is often a space on their forms for a SSN. Do they really need it? Here’s what you need to know about sharing your Social Security number when you go to the doctor.
Does My Doctor Need My SSN?
There is no simple answer to the question, “Does my doctor need my SSN?” It really depends on your insurance. Some insurers use the SSN as an identifier. If your doctor doesn’t have yours, they won’t get paid. Does your insurance company need a SSN to pay claims? Call and ask to find out. If you have Medicare, a SSN is almost always needed. Other insurance companies including Medicaid, TRICARE, and CHIP used to use SSNs for patient identification, but have transitioned to a different system. If you have an old card that uses your SSN, call and ask for a new one.
How to Say No to Sharing Your SSN
If your insurance company doesn’t require an SSN, you can likely refuse to provide it at the doctor’s office. Be kind, but firm in your refusal. Remember, you can refuse, but they can also refuse to provide service. Staying calm will lead to better results than getting angry or frustrated. Try these tips:
Ask Questions- Before providing your SSN, find out how it will be used. Ask questions about why it is needed, how it will be protected, what happens if you refuse, and what your other options are.
Offer Alternatives- If a doctor’s office wants your SSN to get in touch should billing problems arise, offer alternatives like an email address or a cell phone number. Try to avoid providing things like your driver’s license number, as this too can be used to commit ID theft.
Find a Different Doctor- If your doctor insists and you really don’t want to provide your SSN, find a different provider. Unless your insurer requires your SSN for billing, you shouldn’t have to share it with your doctor.
It’s important to know when you are required to share personal medical information and when are may have another option. This will help you keep your information safer from medical identity theft. Find more tips from Consumer Reports here.