Identity theft is a serious crime that can result in financial harm and tremendous disruption of the lives of its victims.  In 2007 the  Federal Trade Commission (FTC) enacted regulations called the Red Flags Rule and the Card Issuers Rule that required banks, credit card companies and others to take steps to detect, prevent and mitigate identity theft.  Now the FTC is reviewing those regulations and determining whether they should be maintained or changed.  A group of 31 state attorneys general have sent a letter to the FTC in which they urge the FTC to not only continue the rules, but make them stronger.  Among the changes, the attorneys general are suggesting is that knowledge based authentication questions to access your bank account, such as “what is your mother’s maiden name” be updated because the information to answer these questions is so readily available to a determined identity thief.


I am in full agreement with the 31 state attorneys general that the rules should not only be kept, but that they should be updated putting more responsibility on the part of banks, credit card companies and others to detect, prevent and mitigate identity theft.  However, I also believe that ultimately, the best place to find a helping hand when it comes to preventing identity theft is at the end of your own arm.  You can find many tips for protecting yourself from identity theft in my book “Identity Theft Alert” which can be ordered from Amazon by clicking on the link on the front page of, however here are a few steps that everyone can and should take.

You should have a unique, strong password for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked.  Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

An easy solution to the problem of the answers to knowledge based authentication security questions being too readily available on the Internet is to make the answer to your security question nonsensical. For instance, if your security question is what is your mother’s maiden name, you can pick something ridiculous, such as “firetruck” as the answer. No hacker will ever be able to find the answer to this security question online and it is so silly that you will remember it.

Also, with your email address commonly known by many scammers, you can expect to receive more and more phishing and more dangerous, specifically targeted spear phishing emails that attempt to lure you into clicking on links containing malware or try to convince you to provide personal information that can be used to make you a victim of identity theft.  Never click on links or provide personal information in response to an email or text message unless you are absolutely sure that the email or text message is legitimate.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”