Identity theft is a serious crime that can result in financial harm and tremendous disruption of the lives of its victims. We are presently in an era of constant major data breaches so no matter how careful you are about protecting your personal information, you are only as safe as the security at the companies and government agencies that have your personal information. While often people are less concerned when data breaches do not result in the theft of their Social Security number or credit card number, a data breach in which merely your email address and password were compromised can result in major problems. If, as many people do you use your email address as your user name for all of your accounts and you also use the same password for all of your accounts, you are in serious jeopardy if a data breach occurs which results in that information becoming known to criminals. Criminals use “checking” software which will search the Internet to find companies, banks and other institutions where you have used your email address as your username. Once they find these companies, they will try to log in using the password that was obtained through a data breach. If that other account is an account such as your bank account, you are in serious trouble. It is for this reason that it is important to use unique passwords for each of your online accounts.
In 2007 the Federal Trade Commission (FTC) enacted regulations called the Red Flags Rule and the Card Issuers Rule that required banks, credit card companies and others to take steps to detect, prevent and mitigate identity theft. Now the FTC is reviewing those regulations and determining whether they should be maintained or changed. Earlier this year a group of 31 state attorneys general sent a letter to the FTC in which they urged the FTC to not only continue the rules, but make them stronger. Among the changes, the attorneys general suggested is that knowledge based authentication questions to access your bank account, such as “what is your mother’s maiden name” be updated because the information to answer these questions is so readily available to a determined identity thief.
I am in full agreement with the 31 state attorneys general that the rules should not only be kept, but that they should be updated putting more responsibility on the part of banks, credit card companies and others to detect, prevent and mitigate identity theft. However, I also believe that ultimately, the best place to find a helping hand when it comes to preventing identity theft is at the end of your own arm. You can find many tips for protecting yourself from identity theft in my book “Identity Theft Alert” which can be ordered from Amazon by clicking on the link on the front page of www.scamicide.com, however here are a few steps that everyone can and should take.
You should have a unique, strong password for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked. Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
Whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account. For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.
An easy solution to the problem of the answers to knowledge based authentication security questions being too readily available on the Internet is to make the answer to your security question nonsensical. For instance, if your security question is what is your mother’s maiden name, you can pick something ridiculous, such as “firetruck” as the answer. No hacker will ever be able to find the answer to this security question online and it is so silly that you will remember it.
Also, with your email address commonly known by many scammers, you can expect to receive more and more phishing and more dangerous, specifically targeted spear phishing emails that attempt to lure you into clicking on links containing malware or try to convince you to provide personal information that can be used to make you a victim of identity theft. Never click on links or provide personal information in response to an email or text message unless you are absolutely sure that the email or text message is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”