Identity Protection

Prevention of identity theft and fraud begins by paying extra attention to the details, remaining aware of potential ;warning signs, and making it more difficult for scammers and thieves to access your information.

General Best Practices

Slightly adjusting your everyday routines or taking a few moments to prepare can help you protect yourself from identity theft.

• Lock up your financial documents and records in a safe place at home.
• Limit what you carry with you to only the identification, credit and debit cards you need.
• Leave your Social Security and Medicare cards at home or in a secure place.
• Be careful with your mail and take outgoing mail to a post office collection box, promptly remove mail from your mailbox, and request a vacation hold on your mail from the post office when you’ll be away.
• Consider opting out of pre-screened offers of credit and insurance by mail for five years by calling (888) 567-8688 or visiting optoutprescreen.com. 
• Shred sensitive documents like receipts, credit offers, insurance forms, expired charge cards, and similar documents before putting them in your trash.
• Protect your medical information and destroy prescription bottle labels before you throw them out.
• Exercise your curiosity by asking your workplace, a business, your child’s school or a doctor’s office how your information will be handled and who will have access before you share it with them.

Identity Theft Awareness

Keeping a close eye on all aspects of your finances can help you stay on top of suspicious activity. For example, you may be a victim of identity theft or fraud if:

• You see unexplained withdrawals from your bank account
• Merchants refuse your checks
• You don't get your bills or other mail as expected
• Debt collectors call you about debts that aren't yours
• You find unfamiliar accounts on your credit report
• Medical providers bill you for services you didn't use
• Your health plan rejects your legitimate medical claim because records show you've reached your benefits limit
• The Internal Revenue Service (IRS) notifies you that more than one tax return was filed in your name or you have income from an employer for which you haven't worked. For more information on protecting yourself from tax fraud, read this recent blog post.

Your Credit Report

Your credit report may show the first signs that someone has misused your information, so it's important to check your report a few times a year.

• You have the right to request a free copy of your credit report every 12 months from each of the three nationwide credit reporting companies. Visit www.annualcreditreport.com or call (877) 322-8228 to order your report(s) or learn more about how you can receive your free report.
• Credit reporting companies may charge you a fee for an additional copy of your report within a 12-month period. To buy a copy of your report, visit Equifax.com, Experian.com or Transunion.com.
• If you see errors on your credit report, like accounts you didn't open or debts you didn't incur, contact the credit reporting companies and the fraud department of each business that reported an error.
• Credit reporting companies must block identity theft-related information from appearing on a victim's credit report, but you must request this block from each of the credit bureaus.
• You may request a credit freeze on your credit file. This means potential creditors cannot get to your credit report. The length of time a freeze can stay in place and the cost to place and lift a freeze depends on state law. Find your state's Attorney General's office at naag.org to determine applicable fees and how long the credit freeze lasts.

---

Cybersecurity

The explosion of cybercrime presents unique challenges for protecting yourself from identity theft and fraud, but there are some steps you can take to make stealing your information more difficult for scammers and thieves.

Best Practices

• Use unique and hard-to-guess passwords that combine letters (both upper and lower case), numbers, and symbols, and change passwords regularly. Avoid using personal information specifically, the last 4 digits of your SSN or your date of birth in your password.
• Install security patches and software updates as soon as they are released by verified sources. 
• Sign up for security alerts to be sent to your mobile phone or email account. Set up alerts to be notified of changes to your account, personal information, or suspicious activity taking place on the account (like unauthorized card-not-present transactions). The most common method for fraudsters to take over a victim's account is by changing the physical address.
• Avoid using unencrypted public Wi-Fi. SSL offers little or no protection when using unencrypted Wi-Fi hot spots. Read our blog post on the "Internet of Things" to learn more about safely managing connections..
• Look for a padlock symbol, the word "secure" or a web address that begins with "https://" in your URL window to ensure that a website is secure before entering any personal or financial information on a site.
• Be aware of impersonators. Never respond directly to requests for personal or account information via email, over the phone, or through a mobile device--including text message.
  

Phishing

Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go "phishing."

Phishing is a high-tech scam that uses electronic means (like email, text messages or even low-tech phone calls) to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), the nation's consumer protection agency, phishers will claim to be from a business or organization that you may deal with. For example, an Internet service provider (ISP), bank, online payment service, or even a government agency. They may ask you to "update," "validate," or "confirm" your account information. Some threaten a dire consequence if you don't respond.

Some links within emails or text messages may direct you to a website that looks just like a legitimate organization's site. However, sometimes it's really a bogus site with the sole purpose of tricking you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

For additional information about protecting yourself from phishing scams, check out our "Don't Be Lured In By Phishing Email Scans" blog post. If you believe you're being scammed, file your complaint with the Federal Trade Commission at ftc.gov.

A newer twist on the phishing scam is ransomware, a form of virus or malware that encrypts all of the files on your computer system until you pay a fee for the cybercriminal to give you access to them. Ransomware emails are getting more and more sophisticated and realistic, and have fooled employees of large corporations and government agencies into clicking a link or opening an attachment, in turn releasing the malware into the computer network.

The best way to protect yourself from ransomware is to be extremely diligent about opening attachments and links within emails. If anything looks suspicious, or you weren't expecting an email from the sender, simply delete the email.

Because some ransomware attempts to infiltrate your system through vulnerabilities in your operating system or programs (like these cited in a recent Bank Independent blog post), always accept and install system updates immediately when they become available.