• OUCH! Newsletter: Identity Theft

    From Northern Realms@618:500/23 to All on Sat Mar 20 20:55:19 2021
    What is Identity Theft?

    Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits,
    tax refunds, or a new loan or credit card in your name. If you don't take precautions, you may end up paying for products or services that you didn't
    buy and dealing with the stress and financial heartache that follows identity theft.

    Your personal information exists in numerous places all over the internet. Every time you browse or purchase something online, watch a video, buy groceries, visit your doctor, or use an app on your smartphone, information about you is being collected. That information is often legally sold or shared with other companies. Even if just one of these gets hacked, the criminals can gain access to your personal information. Assume that some information about you is already available to criminals and consider what you can do to slow down or detect the use of your information for fraud.

    How to detect it

    * Review your financial cards and other accounts regularly for any charges or
    payments you did not make. An easy way to do this is to sign up for email,
    text messages, or phone app notifications for payments and other
    transactions. Monitor them for fraud.

    * Investigate situations when merchants decline your credit or debit cards.
    Look into letters or phone calls from debt collectors for overdue payments
    for credit cards, medical bills, or loans that you know are not yours.

    * Pay attention to letters that inform you about unemployment or other
    government benefit claims for which you never applied.

    * If available in your area, review your credit reports at least once a year.
    For example, in the United States, you can request free reports from
    annualcreditreport.com.

    What to do when it happens

    * Contact the organization that is involved in the fraud. For example, if a
    criminal opened a credit card in your name, call that credit card company
    to notify it about the fraud. If someone filed for a tax refund or
    unemployment benefits in your name, contact the corresponding government
    organization.

    * File a report with law enforcement to create an official record of identity
    theft. You can often do this online. For example, in the United States you
    can report at identitytheft.gov. Follow the site's instructions for any
    additional steps you may need to take.

    * When responding to fraud, keep records of your interactions with your
    financial institutions and law enforcement, as well as the costs you incur
    due to identity theft in case these details will be needed later.

    * Notify your insurance company; you may have identity theft protection
    included in one of your policies.

    How to defend against it

    Here are some simple steps you can take to decrease the chance of identity fraud happening:

    * Limit how much information you share about yourself with online services
    and websites.

    * Use a unique strong password for all of your online accounts and enable
    two-factor authentication as additional protection for your most important
    accounts.

    * If applicable in your location, restrict who can get access to your credit
    reports. For example, in the United States freeze your credit score so that
    anyone who tries to get a credit card or loan in your name has to first
    temporarily unfreeze it.

    * Consider getting insurance coverage, either through a dedicated policy or
    as part of your existing insurance plan, that covers the costs of dealing
    with identity theft.

    Guest Editor Lenny Zeltser is the CISO at Axonius, a cybersecurity asset management company. He also teaches malware combat and writing at the SANS Institute. Lenny is active on Twitter as @lennyzeltser and writes a security blog at zeltser.com.

    OUCH! Is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute
    this newsletter as long as you do not sell or modify it.

    (C) SANS Institute 2021
    www.sans.org/security-awareness

    ---
    * Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (618:500/23)