Last year around this time, I told the said story about how some bad guys tried to steal my identity and open up credit cards and car loans in my name.
Bottom line: An ordeal that burned up a bunch of my time and caused plenty of angst … but, no serious damage (that I know of).
A friend just got had his identity hacked. Somebody filed an IRS 1040 under his name and social security number, hoping to bag a refund check. Fortunately, the IRS flagged the return as suspicious and didn’t pay-off against the fraudulent return.
Now, as a public service, here’s what I learned that may help you …
Remember, I’m not a cyber crimes expert … just a victim with a bit of experience navigating the system.
Here are the takeaways from my experience:
1. Take this privacy stuff and ID theft seriously. If it happened to me, it can happen to you. My view: not a matter of “if”, it’s a matter of when. This is an instance when an ounce of prevention really is worth a pound of cure.
2. Tighten-up user IDs and passwords. If you use common User IDs (e.g. your name), it’s like shooting fish in a barrel for hackers. Similarly, simple passwords are easy to crack. Use letters & numbers, caps & lower case, special characters. Be as random as possible – e.g. don’t just cap the first letter. Strong passwords aren’t unbreakable to pros, but can hinder the amateurs.
If you’re not yet a believer, see Gotcha: How long does it take to hack a 16-character password?
3. Hold the phone. Mobile is the weakest link in the security system … by its general nature … and because people are lax re: cell security. My take: Any and all mobile transactions open you up to trouble. Do your banking via your smart phone and you’re asking for trouble.
4. Subscribe to an ID theft tracking service. They’re a relatively cheap insurance policy. They don’t catch everything, but I’ve been impressed with what they detect and how quickly they report what they find – essentially real-time. And, while they don’t fix the problem, they can usually point you in the right direction.
5. If hacked, immediately place a fraud alert with the credit bureaus (Equifax, TransUnion, Experian). Easy to do online – just go to any of their sites – if you notify one, they notify the others. Fraud alert lasts for 90 days. During that time, there are extra levels of scrutiny – including a phone call to you – if somebody tries to dink with your accounts or apply for credit in your name. Extra bonus: when you place a fraud alert, you get a free copy of your credit report. Note: you can place a 90-day fraud alert proactively … even if you haven’t been subject to suspicious activity.
6. File a police report. Just call a local station and ask how to do it. In my case, an officer was promptly dispatched to my house. He was courteous, and efficient. The entire process took only a few minutes. Armed with a police report number, you have the option to extend the fraud alert for years, not just months.
7. Every month, verify that your account statement — especially bank acount statement — is available on line. If banks suspect some hanky panky — e.g. if a mailed statement is returned by the post office — the bank “suppresses” your statements — i.e. stops sending them and stops making them available online. That’s a red flag that shoiuld be checked into.
8.Read your account statements. Don’t just glance at them and throw them on a stack. Scan for unusual transactions, and check your credit max and current balance – if either move unexpectedly, figure out why. Note: Sometimes crooks will hack in and simply shift your credit line to a different (new) card within the account.
9. Heads-up when you complete a big, extraordinary transaction. I don’t know how or when the bad guys got my info, but I have some suspicions.
- Last year, I e-filed my Federal taxes for the first time – and all my deep personal info went across the grid. Soon thereafter, the bad stuff started happening.
- This year, I sold a house. Lots of folks got a look-see at a lot of my personal info – buy-side & sell-side-realtors, mortgage lenders, appraisers, etc. – with much of the processing done by low level clerks. Soon thereafter, another flurry of bad stuff.
- Occasionally, I have mail forwarded from my primary address … bad stuff seems to happen when the forwarding starts.
All these things – e-filing, house sale, forwarded mail –may just be coincidental, but the timing makes me a bit suspicious.
If you have any security ideas for me and other HomaFiles readers, please send them in …