What is identity theft?

You may already know what it is, but in case you do not, identity theft is when someone steals your personal information to impersonate you or to commit fraud. Once malicious individuals have your personal information, they can do a number of things, including draining your bank accounts, running up charges on your credit cards, opening new utility accounts, using your medical insurance information to obtain treatment, or even filing a tax refund in your name and receiving your refund.

Why should I care?

As I noted in the previous section, identity theft can cause us harm in multiple ways. Broadly speaking, identity theft can result in:

• Damage to your reputation;
• Damage to your credit scores;
• Loss of our money and/or financial assets;
• Loss of time and energy investigating, remediating, and recovering from an identity theft incident; and
• A restriction on our ability to make financial decisions while an identity theft incident is being investigated.

If you are reading this, then it is quite likely that your personal information has been compromised in at least one security incident. As these types of incidents continue to increase, there is a lot we can all do to help protect ourselves from the risk of identity theft and to make recovery from cybersecurity incidents quicker and less painful.

What can I do?

Oversight of your personal credit reports

Federal law requires each of the three nationwide consumer credit reporting companies - Equifax, Experian, and TransUnion - to give you a free credit report every 12 months if you ask for it.

• How to Request a Credit Report: See the Federal Trade Commission’s “Free Credit Reports” website for information on obtaining a free credit report.
  • As a tip, you can better keep an eye on your credit all year by spacing out your credit report requests and requesting a report from a different consumer credit reporting company every four months.
• When reviewing your credit reports, make sure there is nothing inaccurate in those reports, and file for correction if needed.
• After your review, if you do not anticipate needing your credit checked in the immediate future, you can initiate a credit freeze at each of the consumer credit reporting companies. This enables you to restrict access to your credit score and report, making it more difficult for new accounts or loans to be established in your name without your explicit permission. Don’t worry, the freezes can be thawed when needed.
  • You can contact each of the nationwide credit reporting agencies to place a freeze on your credit reports (duration and related costs may vary):
    • Equifax
      P.O. Box 740241
      Atlanta, GA 30374-0241
      equifax.com
      866-349-5191
    • Experian
      P.O. Box 9554
      Allen, TX 75013
      experian.com
      (888) 397-3742
    • TransUnion
      P.O. Box 2000
      Chester, PA 19016
      transunion.com
      (800) 680-7289

Practice good digital hygiene.

Just as you lock your front door when you leave home and your car when you park it, make sure your digital world is secured. This means:

• Keep your operating systems up to date, whether on your personal computer or mobile device. When operating system updates are released, they fix errors and vulnerabilities that could lead to someone getting access to your device.
• Do the same for the software you use. Web browsers, plug-ins, email clients, office software, anti-virus/anti-malware, and every other type of software has flaws. When those flaws are fixed, installing those updates can help protect you before someone uses those flaws against you. Most compromises leverage vulnerabilities that have a fix already available.
• Think before you click. See the links I have included above? Make sure you hover over links to see if it matches where you expect to go, especially when a website’s address is not spelled out like it is above. If a link seems suspicious to you, avoid clicking on it. You can also type the web address into a web browser to avoid clicking on the link.
• Question requests for personal information. Before you disclose personal information online or over the phone, make sure you can identify with whom you are speaking. An unexpected call, email, or website requesting your personal information, like credit card or social security numbers, should raise red flags for you.
• Think before you share on social media sites. Some of those fun-to-share-with-your-friends quizzes and games ask questions that have a disturbing similarity to "security questions" that can be used to recover your account. Do you want the answers to your security questions to be published to the world?
• Keep a strong, unique password for every site or service you use and consider using a password manager. That way a compromise on one site will not open you up to fraud at other sites.
• Back. It. Up. What do you do if you are hit with a ransomware attack where someone locks your device in exchange for money? Or a run-of-the-mill hard drive failure? If you have a recent off-line backup, your data becomes safer and you can recover your data without even thinking about paying a ransom.
• Lock your device and full disk encryption is your friend. If your device is left unattended or is stolen, it will be a lot harder for a thief to access your data.
• Check all your accounts statements regularly. Paperless statements are convenient in the digital age, but it is easy to forget to check infrequently used accounts. Make a recurring calendar reminder to check every account for activity that you don't recognize.
• Manage your paper documents. Have bank statements, explanation of benefits, or other types of documents that may have personal or sensitive information on it? Don't just throw them in the trash or the recycle bin. Destroy them securely, such as shredding them with a cross-cut shredder. Data stolen from a dumpster are just as useful as data stolen from a website.

Reporting Identity Theft

If you believe you’ve become a victim of identity theft, you should take the following actions as soon as possible:

• Contact banks, organizations, or companies where you believe identity theft has occurred and inform them of the fraudulent activity;
• Contact the consumer credit reporting agencies listed above to request a current copy of your credit report and then place a fraud alert (the credit bureau you contact must tell the other two, and all three will place an alert on their versions of your report) and/or request a security credit freeze with each agency. You may request a new fraud alert when the previous alert expires.
• Report suspected identity theft to the Federal Trade Commission (FTC) by filing a complaint at ftc.gov.
• Report the identity theft to the police, both where you live and where the crime occurred, if known. Make sure you keep a copy of the police report in a safe place.
• Ask the banks, organizations, or companies where the suspected identity theft occurred to provide you with information about transactions made in your name.
• Continue to monitor your credit reports and your financial and billing statements for additional fraudulent activity.

Recovering from Identity Theft

• Work to with banks, organization, or companies to close fraudulent accounts established in your name and remove fraudulent charges from your existing accounts;
• Work with credit monitoring agencies to remove fraudulent accounts from credit reports; and
• Visit the Federal Trade Commission’s  Identity Theft Recovery Steps for a more detailed list of steps to take.

NEOMED takes identity theft seriously and aims to prevent identity theft through its use of administrative, technical, and physical privacy controls. The steps and controls outlined here may help you take more command of how your personal information is used, and ultimately, help reduce your risk of identity theft and improve your digital hygiene.

-Submitted by Jonathan Wagner