Top
News
« Understanding Beneficial Ownership Information (BOI) Reporting Requirements | Main | What’s Going on in the Markets August 6, 2024 »
Tuesday
Sep032024

Protecting Yourself When Your Data is in Danger

DateTuesday, September 3, 2024 at 6:33PM

It’s been exactly one year since I published my article “Protecting Yourself from the Latest Cyber Scams.” It’s time to update that article, given that not a week goes by without hearing about another corporate data breach, which makes our personal data and information available for anyone to see or exploit.

National Public Data, a consumer data broker, confirmed last week that a hacker had targeted the company in December 2023, "with potential leaks of specific data in April 2024 and summer 2024.” (1)

Other reports indicate that this leaked data had already been found on the dark web and could include millions of Americans' names, addresses, phone numbers, and Social Security numbers. (2)

A data breach of this magnitude is especially worrisome and is the latest in a string of major data breaches this year. (3)

If you're wondering what you can do to help protect yourself against the growing threat of identity theft and related scams, here are some steps to consider.

Consider Fraud Alerts and Credit Freezes

One way to reduce your risk after a data breach is to place a fraud alert or a credit freeze on your credit report. Both are free tools that can help you prevent fraud but work somewhat differently.

A fraud alert is a notice placed on your credit report that warns potential creditors that your identity has been compromised. It allows them to check your credit but requires them to take extra steps to verify your identity before issuing new credit in your name.  You can place a fraud alert by contacting one of the three major credit bureaus (Equifax, Experian, and TransUnion), and that agency will notify the others. An initial alert will last for one year but can be extended to seven years if you have become an actual, rather than potential, victim of fraud.

A credit freeze (sometimes called a security freeze) may also help protect you if you suspect your personal information was stolen, but it's more stringent. Once you have a credit freeze in place, potential creditors won't be able to access your credit report or credit score (there are some exceptions.) This helps prevent identity thieves from opening fraudulent accounts in your name. You must contact each of the three major credit reporting agencies to request a credit freeze. The credit freeze will stay in place until you decide to lift it, which you must do at least temporarily before applying for credit.

Following each credit bureau's instructions, you can set up a fraud alert or credit freeze online, by phone, or by mail. This may also be an excellent time to request a free credit report to check recent credit activity. Here are the three major credit bureaus' website addresses and phone numbers:

·       Equifax at Equifax.com 888-298-0045

·       Experian at Experian.com 888-397-3742

·       TransUnion at Transunion.com 800-916-8800

Monitor Your Personal and Financial Information and Implement Technology Controls

·       If you need extended support, consider subscribing to a credit monitoring service. These services come at a cost, but they may bundle credit report monitoring, credit report locks, scans of the dark web, help recovering from identity theft, and insurance.

·       Periodically review your credit reports to spot suspicious activity. You can receive free weekly online reports from all three credit bureaus at the official site, annualcreditreport.com.

·       Sign up for alerts for your bank, financial, and credit card accounts. These alerts notify you when an unusual transaction occurs, or someone has signed into your account. Check your accounts frequently and review your statements monthly.

·       Pick strong passwords that are different for each account and change them periodically. For an extra layer of protection, use a password manager that generates strong, unique passwords you control through a single master password.

·       Enable multifactor authentication when offered. For example, in addition to providing a password, you may be required to enter a code sent to your phone or email, answer a security question, use a physical security key, or sign in using a facial or fingerprint scan.

·       Keep your device and security software up to date. Operating system and software updates may include security fixes. Turning on automatic updates is an easy way to do this.

·       Add security software to your smartphones and tablets, just like your computer or laptop.

·       Beware of phishing (e-mail), vishing (phone), and smishing (SMS) attempts from scammers who want to obtain passwords or financial information. Always maintain a healthy dose of skepticism.

·       Be cautious if you receive a link or attachment in your email or via social media. Don’t click on it until you verify it's legitimate.

·       Warnings of overdue invoices, failed delivery attempts, and order confirmations in e-mails and texts look surprisingly genuine these days. Overseas scammers are now adept at using spelling and grammar checkers, so those old tell-tale signs may no longer exist.

·       Leave unsolicited/unknown phone calls to voicemail and double-check phone numbers, even if they appear familiar or appear to originate from a company you usually do business with. Cloning and spoofing of known and “safe” caller ID information is commonplace, so you can’t always trust it.

·       With artificial intelligence, voice replication software, and deep fakes, you can’t always trust what you hear or see. A tiny snippet of your voice, picture, or video on the web (or from a phone call) can be exploited to allow imposters to create near-perfect replicas of your voice, your loved ones’ voice, or video images and trick you into acting quickly out of fear.

·       Beware of humans or robocalls looking for a simple “yes” or “no” answer to a seemingly innocent question. They may attempt to steal your voice “print” to use in future scams they have planned.

Human Controls & Constant Vigilance

Be aware that after a significant data breach, scammers may step up impersonation attempts, even if they don't have access to stolen data. That might be an impersonation of a loved one in distress (or perhaps hurt) or a government official.

In all cases, they prey upon your fear and your natural inclination to act irrationally while you’re fearful. They may demand you to send money or gift cards, or they’ll share your personal information on the dark web. Chances are, if they have it, it’s already on the web, and they’ll probably share it with others even if you pay up.

For example, someone allegedly from the Social Security Administration or IRS might contact you and ask you to verify your Social Security number or provide or update your personal information. However, government agencies will never email you or call you to ask for this information. Don't respond, and promptly contact the appropriate government agency to report an identity theft attempt.

Whenever a stranger contacts you with a request for money, make it a personal practice to allow yourself 5-10 minutes to think about what’s happening before acting. Be especially skeptical if they advise you not to discuss the matter with a spouse or loved one.

If your data has been compromised or your computer has been hacked, they may offer to help you avoid or recover from identity theft or help secure your computer. They’ll do neither and only try to get you to pay up. Never believe or accept their offers of help, even if they say they’re from Norton Security, Microsoft, or Apple. By dangling information about you that few people know (harvested perhaps by hacking into your e-mail account), they convince you they’re legitimate (they’re not) and scare you into acting or paying up.

Hang up or shut down your computer immediately, and take the time to think about your next steps. Contact your closest tech geek to help you determine if your computer or e-mail account has been compromised and to sweep it for possible malware. Change your e-mail password immediately and turn on multi-factor authentication.

If you believe a loved one is in trouble, call them directly before doing anything (like sending money or even answering seemingly innocent questions) to confirm if they’re OK independently. Setting up a safe word or phrase with loved ones in advance can save you from heartache and a lighter wallet.

For more information about how to report and recover from identity theft, visit the Federal Trade Commission's website IdentityTheft.gov.

If you suspect fraud, you can file a complaint with the Federal Trade Commission at reportfraud.ftc.gov.

If you would like to review your current investment portfolio or discuss any other financial planning matters, please don’t hesitate to contact us or visit our website at http://www.ydfs.com. We are a fee-only fiduciary financial planning firm that always puts your interests first.  If you are not a client, an initial consultation is complimentary, and there is never any pressure or hidden sales pitch. We start with a specific assessment of your personal situation. There is no rush and no cookie-cutter approach. Each client and your financial plan and investment objectives are different.

(1) National Public Data, August 2024

 (2) KrebsonSecurity.com, August 15, 2024

(3) Identity Theft Resource Center, 2024

AuthorYDream Financial Services, Inc | CommentPost a Comment | Reference8 References |
in

References (8)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.