By Gail MarksJarvis
Chicago Tribune
WWR Article Summary (tl;dr) Security experts say that in light of the Equifax security breach, it’s just a matter of time before the crimes show up. However, there are things you can do to better protect yourself.
Chicago Tribune
When your Social Security number has been exposed, you’re vulnerable.
When the bad guys know your address, driver’s license number and age along with your Social Security number, the risk is even worse.
Now that a massive data breach at Equifax has compromised that data for nearly half of Americans, essentially giving away the keys to their identities, some individuals and businesses could have money stolen from their accounts, according to security experts.
It’s just a matter of time before the crimes show up.
“This is a new era,” said Neal O’Farrell, executive director of the Identity Theft Council. Because the data stolen from Equifax was so massive and extensive, “now you must assume the bad guys have everything.”
There are steps consumers can take to protect their identities and their financial accounts. Chief among them: reviewing the security measures on the financial accounts you hold.
Here’s one way to know if your accounts are vulnerable: When you access your bank statement, brokerage account, medical records or even when you file your taxes, are you asked to verify your identity by providing your Social Security number or the last four digits of your Social Security number?
“If so, you are extremely vulnerable, because the thieves have the Social Security numbers,” O’Farrell said.
Consumers also need to be more attentive to the layers of authentication and the passwords they use for their online accounts. Although many consumers hate the multistep authentication processes and the hassle of remembering passwords, such practices are now essential, he said.
This means you should expect banks to send messages to your phone and email to confirm your identity each time you want to withdraw or transfer funds, O’Farrell said. At some banks, this is standard procedure, but if it’s optional, you should still take advantage of the service.
By requesting that verification come to both your phone and email, you are protecting yourself from criminals who may already have one of those pieces of information, O’Farrell said.
When selecting passwords, avoid using names and information thieves may be able to discover about you by stalking you on social media or hacking into your email account.
This means not using names of pets, relatives or anything that could be traced back to items you’ve posted on social media. When setting up answers to the security questions you’ll use to verify your identity when accessing online accounts, lie about the answers.
Consumers should also brace for a wave of phishing scams.
O’Farrell said one of the biggest risks in the wake of the Equifax breach is that criminals know consumers are fixated on credit monitoring and freezes. He expects criminals to capitalize on that by sending emails that appear to be from Equifax or financial institutions.
The emails will look legitimate, but will direct consumers to a fraudulent website or otherwise convince them to divulge personal financial information. With that data, criminals could fill in the gaps left in the trove collected in the Equifax breach, and get more information that will allow them to get into your accounts.
“These criminals are smart people,” O’Farrell said. “They know that a lot of people now are signing up for credit monitoring services, so they may wait for a year.” Then they will send phony emails that look like they are legitimately selling an extension of the monitoring services.
If you receive a suspicious email, don’t call the phone number provided in the message. Instead, look up the number and directly call the bank or credit card company the email purports to be from to see if there is a legitimate fraud concern.
Clicking on the links in some fraudulent emails could also expose you to spying software, known as malware, that can penetrate your passwords and make it easier for thieves to gain entry to your accounts. As protection from malware, O’Farrell suggests buying an extra computer to use only for banking; not for the email accounts you regularly use for fun and work.
There is no need to shut down your existing accounts if you think your identity has been stolen. Unfortunately, with breaches common, this makes little sense unless you know someone has attempted to tap a particular account.
Instead, the smart approach is to watch activity in all your accounts, said Adam Levin, chairman and co-founder of the identity protection firm CyberScout. Each week, if not daily, you should look at the activity in your bank, brokerage and credit card accounts.
Set up alerts so that your bank sends a message to your phone, emails you or calls you instantly if someone is using your ATM card, making a sizable purchase or transferring money out of your account. Alerts are offered free by many financial institutions, but you must request them. If you spot an illegitimate transaction, immediately let your bank know.
Keep in mind that fraudsters often try to slide under the radar by making numerous small purchases instead of one big, eye-catching one, so don’t ignore any.
As time goes by, you may become more vulnerable rather than less, as the criminals expect you to let down your guard, O’Farrell said.
Your risks won’t disappear unless the Equifax breach serves as a wake-up call and businesses and government agencies start using ways other than your Social Security number to identify you.
Some institutions have made changes in recent years to guard against identity theft by tightening up their authentication methods.
For example, Medicare cards are about to be changed so they no longer display Social Security numbers. And the new iPhone X being introduced this fall will let users identify themselves by sending banks and other businesses a view of their face, although businesses will have to be equipped to take such an ID and consumers will have to be willing to spend $999 on the device. Still, widespread changes in authentication methods are expensive and probably a long way off.
Meanwhile, stay vigilant.
___
ABOUT THE WRITER
Gail MarksJarvis is a personal finance columnist for the Chicago Tribune and author of “Saving for Retirement Without Living Like a Pauper or Winning the Lottery.”