OUCH! Newsletter: Identity Theft
From
Northern Realms@618:500/23 to
All on Sat Mar 20 20:55:19 2021
What is Identity Theft?
Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits,
tax refunds, or a new loan or credit card in your name. If you don't take precautions, you may end up paying for products or services that you didn't
buy and dealing with the stress and financial heartache that follows identity theft.
Your personal information exists in numerous places all over the internet. Every time you browse or purchase something online, watch a video, buy groceries, visit your doctor, or use an app on your smartphone, information about you is being collected. That information is often legally sold or shared with other companies. Even if just one of these gets hacked, the criminals can gain access to your personal information. Assume that some information about you is already available to criminals and consider what you can do to slow down or detect the use of your information for fraud.
How to detect it
* Review your financial cards and other accounts regularly for any charges or
payments you did not make. An easy way to do this is to sign up for email,
text messages, or phone app notifications for payments and other
transactions. Monitor them for fraud.
* Investigate situations when merchants decline your credit or debit cards.
Look into letters or phone calls from debt collectors for overdue payments
for credit cards, medical bills, or loans that you know are not yours.
* Pay attention to letters that inform you about unemployment or other
government benefit claims for which you never applied.
* If available in your area, review your credit reports at least once a year.
For example, in the United States, you can request free reports from
annualcreditreport.com.
What to do when it happens
* Contact the organization that is involved in the fraud. For example, if a
criminal opened a credit card in your name, call that credit card company
to notify it about the fraud. If someone filed for a tax refund or
unemployment benefits in your name, contact the corresponding government
organization.
* File a report with law enforcement to create an official record of identity
theft. You can often do this online. For example, in the United States you
can report at identitytheft.gov. Follow the site's instructions for any
additional steps you may need to take.
* When responding to fraud, keep records of your interactions with your
financial institutions and law enforcement, as well as the costs you incur
due to identity theft in case these details will be needed later.
* Notify your insurance company; you may have identity theft protection
included in one of your policies.
How to defend against it
Here are some simple steps you can take to decrease the chance of identity fraud happening:
* Limit how much information you share about yourself with online services
and websites.
* Use a unique strong password for all of your online accounts and enable
two-factor authentication as additional protection for your most important
accounts.
* If applicable in your location, restrict who can get access to your credit
reports. For example, in the United States freeze your credit score so that
anyone who tries to get a credit card or loan in your name has to first
temporarily unfreeze it.
* Consider getting insurance coverage, either through a dedicated policy or
as part of your existing insurance plan, that covers the costs of dealing
with identity theft.
Guest Editor Lenny Zeltser is the CISO at Axonius, a cybersecurity asset management company. He also teaches malware combat and writing at the SANS Institute. Lenny is active on Twitter as @lennyzeltser and writes a security blog at zeltser.com.
OUCH! Is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute
this newsletter as long as you do not sell or modify it.
(C) SANS Institute 2021
www.sans.org/security-awareness
---
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (618:500/23)