The data breach recently announced by Equifax reminds us that staying up-to-date about cyber security vulnerabilities and available protection options is critical if digital communication is an integral part of your life. Private companies and government agencies that hold personal information are responsible for protecting that data, but even the most vigilant organization can be vulnerable. Moreover, once a breach has occurred, the aftershocks can last for years as cyber thieves exploit stolen information. *This information is provided as a service by The Martin Worley Group and is neither a legal interpretation nor a statement of policy.
Consider these tips to help you protect your digital identity and review the attached documents for more detail:
Use strong passwords with security questions and two-step authentication options.
Set up credit card purchase alerts and notify your financial institution immediately of any suspicious charges or changes.
Think before you click. Never click on a link in an email or text unless you know the sender and have a clear idea where the link will take you.
Protect your tax documentation, Social Security number and health insurance ID card as you would a credit card.
Prior to engaging in any wire transaction, call the intended recipient to confirm important details.
Consider signing your children up for Identity Protection Programs that may be offered through your state.
Consider applying a credit freeze to your credit file, a freeze may stop thieves from opening new accounts in your name.
When using a card reader terminal, be aware of anything that looks amiss, such as colors that don't match or arrows that don't line up.
Attachments:
Equifax Data Breach –Details on the breach and steps to take to see if you have been affected and monitoring options provided by Equifax. We also found this article by security journalist Brian Krebs to contain some good guidance: https://krebsonsecurity.com/2017/09/the-equifax-breach-what-you-should-know/
Cyber Security Trends and Steps – An overview of current cyber security trends and steps to take to help protect your digital identity.
Victim of Identity Theft – Steps the SEC recommends if you have been a victim of identity theft.
Below is an overview of current cyber security trends and steps you can take to help protect your identity and personal accounts.
Passwords and Security Questions
Among stolen passwords the most common password was 123456. Many of the other top passwords were simple combinations of numbers or letters that could be cracked in seconds by dictionary-based hacking software.
What can you do? A strong password should be at least eight characters long (NIST’s recent guidelines recommend 16+and use a combination of lower-case letters, upper-case letters, numbers, and symbols. Avoid dictionary words and personal information such as your name and address. You should have a separate password for each account or website, and change passwords if there is suspicion of a breach. Consider using a password manager, a program that generates strong, unique passwords that you control through a single master password. Keep in mind that security questions can be used to unlock data by thieves who claim to have lost a password. Consider creating answers that are fictional or cannot be discovered by others.
Don’t forget: Two-step authentication, such as a text or email code along with your password, could help protect your sensitive data. Before data breaches became an all-too-common occurrence, a lot of people relied on single factor authentication (SFA), such as a password, to protect digital accounts. With a two-step verification process, each time anyone attempts to log into your account through an unrecognized device (a device you have not previously authorized on the account), your financial institution sends a unique code by e-mail, text or phone. Before anyone can gain access to your account, they must enter this code and your password. Using authentication applications or tokens that generate one-time codes provide an even more secure option.2 Activating this added layer of security may help reduce the risk of unauthorized access to your accounts by identity thieves.
Credit Card Technology
The transition to credit cards and debit cards with embedded computer chips utilizing EMV (Europay, MasterCard, and Visa) technology has reduced fraud at checkout terminals in brick and mortar stores. The EMV rollout has been slow, and cyber security experts predict more widespread use of sophisticated skimmers inserted into a card reader to steal information from magnetic strip cards.3 Gas stations, a favorite target for skimmers, are required to install EMV terminals by October 2017.
What can you do? When using a card reader terminal, particularly in a standalone location, be aware of anything that looks amiss, such as colors that don't match or arrows that don't line up. If you are suspicious, do not use the terminal and report the issue immediately.
Don’t forget: Consumers should set up credit card purchase alerts allowing them to spot suspicious purchases and notify their financial institution immediately. Look out for any changes to your account information that you do not recognize (e.g., a change to your address, phone number, e-mail address, account number, or external banking information). Early notification not only can stop the thief but may limit your financial liability and damage to your credit report.
Online and Mobile Payments
The United States has been slow to adopt mobile payment technology, but 2016 represented a big step forward. Almost 40 million Americans made a "proximity payment" using their mobile phones at the point of sale, and more than 45 million transferred funds with a mobile payment peer-to-peer application.4
What can you do? Paying with your smartphone could be safer than paying with plastic as long as you take the same security precautions you would on your computer and utilize security enhancements such as fingerprint access.
Don’t forget: Think before you click. Never click on a link in an email or text unless you know the sender and have a clear idea where the link will take you. When shopping online, look for the secure lock symbol in the address bar and the letters https: (as opposed to http:) in the URL.
IRS, Real Estate and Health-Care Attacks
For consumers, stolen medical information can lead to fraudulent and expensive claims and collateral damage as thieves use personal data in electronic medical records to open other accounts. Tax documents in the wrong hands can be used to file fraudulent tax returns. A new wire-related fraud activity is emerging, which targets individuals involved in real estate transactions at the time of closing.
What can you do? Protect your tax documentation and health insurance ID card as you would a credit card, and monitor explanations of benefits (EOBs) from your insurance company and payment records from health savings accounts. Prior to engaging in any cash or wire transaction, call the intended recipient to confirm important details.
Don’t forget: Provide only as much information as necessary for your purpose. If you are suspicious of any request for information, don't provide it. Email should never be considered entirely secure. If you are going to discuss important financial matters through email always verify the specifics via phone call or in person prior to completing the transaction. Protect your Security Number. Do not carry your card in your wallet and never provide your number online unless you are on a secure IRS or Social Security Administration website.
Additional Protection Options
Got Kids? Consider signing your children up for Identity Protection Programs that may be offered through your state. Utah’s program is quick and easy to add, requiring only your own driver's license number and expiration and the child's name & SSN. This preventative program is not an actual credit freeze, but some states do allow a parent to place a credit freeze on credit reports if you’re willing to follow the process to prove your authority and recognize that it only lasts until they are age 17.
Should you Freeze your credit? A credit freeze stops any new creditors from accessing your credit file until you remove the credit freeze from your credit file. Since most businesses will not open new credit accounts without checking your credit report, a freeze can stop identity thieves from opening new accounts in your name, but it does not stop them from taking over existing accounts. There is an expense charged by the credit agencies, but it is much cheaper than credit reporting and reporting doesn't really prevent anything. Follow the link below to a timely article from USA today on the specifics of credit freezes: https://www.usatoday.com/story/money/2017/09/13/how-freeze-your-credit-protect-your-identity/657304001/ For additional information on extended fraud alerts and credit freezes, please visit the Federal Trade Commission's (FTC) identity theft website at www.identitytheft.gov.
Additional Resources
Experian – www.experian.com – 1-888-397-3742
Transunion – www.transunion.com – 1-800-680-7289
Equifax – www.equifax.com – 1-800-525-6285
http://www.sec.gov/litigation/admin/2015/ia-4204.pdf
SEC Investor Bulletin: "Protecting Your Online Brokerage Accounts from Fraud"
SEC Publication: "Online Brokerage Accounts: What You Can Do to Safeguard Your Money and Your Personal Information"
FINRA Investor Alert: "ProtectYourOnlineBrokerageAccount:SafetyShouldComeFirstWhen LoggingIn and Out"
FTC OnGuardOnline.gov webpage: "Tipsfor Using Public Wi-Fi Networks"
