How Women Can Prevent Identity Theft

Identity TheftThe Internet and access to the World Wide Web makes women’s lives easier by enabling online shopping, online banking and even ordering pizza on a Friday night. These benefits are convenient and save lots of time but also open doors to identity thieves to steal personal information and access financial accounts. Many single women are on a limited or fixed income and are vulnerable to scammers and unscrupulous characters. The bad guys have no problem stealing your life savings right out from under your nose. That’s why I’d like to share some ideas on how women can prevent identity theft.

Knowing about the problem is only half the battle, the next step is to implement some preventative measures that limit your risk of identity theft. Here are 8 suggestions for women to consider.

1. Remove personal information from social networking sites

It is advised to limit the amount of information listed on your Facebook profile. This social media network was meant to be a way to stay in touch with friends and family, but it seems that thieves have started using it to find new victims. They collect whatever information about you that is available and then try to find previous addresses, phone numbers and use them to open accounts in your name. Women generally spend more time on social networking sites than men and like to share what is going on in their lives.

2. Opt for paperless billing

Not only does paperless billing save trees, but it limits access to financial information by someone looking through your mail or your trash. You might not realize it but those old bills, pre-approved credit cards and other junk mail you throw in the trash can be used to open other accounts by someone using your name, address, and account number listed on the bill. In some instances, your birth date and social security number may be listed for medical or insurance billing. For services that do not have paperless billing you should invest in a paper shredder rather than throwing them out.

3. Avoid using your phone or laptop on WiFi hotspots

Another tip is to avoid doing any personal business such as online banking at places that offer free, unsecured WiFi. These access points are unrestricted, and hackers use them to try and gain access to personal data being exchanged on unsecured websites.

4. Check your credit report frequently

Every consumer is entitled to a free credit report once per year. You should check your credit report frequently for suspicious activity and report any discrepancies immediately. Credit monitoring services may be of help to keep track of your credit score, alert you to any errors in your file or number of inquiries on your account. You can get your free credit report at AnnualCreditReport.com.

5. Use credit instead of debit cards whenever possible

Credit cards that have the Visa or MasterCard logo carry theft protection if they are lost or stolen and limit the cardholder’s liability for fraudulent charges. A debit card is linked directly to your bank account which does not have the same type of protection. When using your cards at a ATM or in line at the grocery store, be sure to block other shopper’s view of your transaction to avoid someone looking over your shoulder or taking a picture with their cell phone. Photos can be enlarged to show name, card number and expiration date.

6.  Keep personal info at home

A stolen wallet or purse can give thieves access to all your personal, private information. Information contained on your driver’s license, social security card and credit cards can be used to open fraudulent accounts, rack up thousands of dollars worth of debt and ruin your credit history. It is better to carry only what is necessary and leave sensitive information at home.

7. Never give out information over the phone

Scammers are getting very good at fooling people into revealing information over the phone. They are very convincing, and what they say might sound reasonable. They often pose as bill collectors, insurance agents and agencies offering deals or specials on vacation packages. Be wary and remember, there’s no such thing as a free lunch.

8. Order takeout online

When ordering food online, use the company website with a SSL encryption for credit card orders or pay with cash if making a phone order.

9. Look Around to Prevent Identity Theft

While processing a credit card or an ATM card, make sure no one else is close enough to watch you. Don’t let anyone else see you typing your passwords or PINs. Additionally, when conducting transactions through online-banking systems, be sure to use a secure Internet connection. Avoid using public or office networks, as these are much less reliable for financial transactions. Public and office Internet connections usually have servers monitoring your online activity, which cyber criminals could access more easily.

Whenever possible, use your personal Internet connection for financial transactions. It’s also wise to use your personal computer or laptop for financial purposes, since many office computers have software installed that may save your typing history as well. These records could be accessed and manipulated to your financial detriment. In an emergency, contact your bank or credit agency for help with any immediate problem.

10. Delete History

Temporary files, bugs, and browser history can also allow cyber criminals to access your information. Many people save their user names and passwords on their computers for convenience when using regularly visited sites. However, this little ease can pose more trouble than it’s worth. To remedy this problem, Google Chrome has developed a new Incognito bar that prevents your browsing history from being saved and that deletes all temporary files. Try switching to a browser with an incognito function for all financial transactions. Please be aware that simply using the incognito mode does not hide your information from the server or IPS. As a result, you should still only use your personal computer when accessing any personal information.

Delete your temporary files regularly, since they may retain traces of important financial or personal information. Be sure to delete these files permanently, especially after conducting any financial transactions, and don’t just leave them in your computer’s recycle bin. In addition to these small and cost-effective steps, schedule a comprehensive clean-up of your laptop every three to four months.

11. Use Spam Filters to Avoid Identity Theft

Hackers and Spammers are a constant concern in our current age of Internet technology. Malwares, Trojan Horses, viruses, and other kinds of bugs are unleashed through spam emails and decoy websites. One of the most common tricks used by these hackers is through dating sites. Dating websites usually require financial information like your credit-card number, swift code, and the card’s expiration date. These vicious sites often draw many unsuspecting young people.

Spam emails are another area of concern. These emails attempt to convince you to conduct some transaction online. Once you open these emails and give them your account number, your personal information is under threat. Spam emails routinely trap many people. To avoid this form of spamming, use strict filtration setting in your email accounts to ensure all spam emails go to a designated folder. If messages are directed to this folder, you can delete all the contents of the folder without having to open any of the individual emails.

When accessing your email and bank accounts, always use a two-step verification method. For the second step of verification, indicate that you want to use your personal cell-phone number for short-messaging services or direct calls. Avoid using email service as a means of verification, as this can be compromised more easily than your cell phone. Using cellular services for your second step of security verification allows you to monitor your notifications more easily and can alert you to any unwarranted attempts to access your information.

12. Communicate Regularly With Your Bank

If you fail to implement these steps on a regular basis, ask your bank to contact you for any online transaction. Many banks provide call services to its clients before authorizing any online transaction. Whenever you talk with a bank agent, ask to keep in touch with him or her in the future when processing an online transaction. This fraud alert can reduce the chances of any misuse of your credit card of debit card.

Please be aware that using automated teller machines cannot prevent unauthorized transactions. If a criminal has access to your debit card and password, he or she can conduct transactions at an ATM. In this case, most likely practitioners can be your friends or family members. Therefore, keep your passwords with you. Try to give cheques to people with whom you are engaged in financial transactions.

13. Freeze Your Credit

pad lock on doorIf you are a victim of any fraudulent practices and feel vulnerable to future violations, you could put a “freeze” on your credit reports. For a small monthly or yearly fee, a credit-freezing agency can bring you peace of mind by acting as a watchdog over your financial data. For example, Equifax provides Credit Monitoring and ID Theft services, with monthly fees ranging from $20-$30 per month. Privacy monitoring and Protection provides you with a snapshot of all your online information that could be hacked. In addition, this service, alerts you to any changes  in your credit-data files in Equifax, TransUnion, and Experian credit files. An Equifax membership allows you to protect your credit information by giving you monitoring abilities through wireless alerts and financial notifications for your existing bank accounts. You could also use a service such as Lifelock to do this for you, but I don’t think it’s worth the money.

Most lenders nowadays rely on credit score to decide whether to offer you credit. As a result, these complex functions that protect your financial information are protected by security-freezing agencies. A security-freezing service restricts others from sharing your personal credit information. However, the freeze will remain intact until you authorize an “unfreeze.” When there is a security freeze on your credit, ID thieves can apply in your name but would be unsuccessful in their attempt, as it would be difficult for them to proceed with further inquiries. These agencies also report score protection after every credit inquiry.

Freezing your credit requires you to contact your credit bureau and inform them that you want to put a freeze on your credit file. This is simple to request. Most often, you can request a credit freeze online. In many instances, however, you will be asked to contact the bureau in person or by telephone. After implementing a credit freeze, you will receive a unique identification number commonly known as a PIN. This PIN can be used to unfreeze your credit file for any future needs.

To put a freeze on your credit, you need to pay a monthly fee to the credit bureau for their services. This fee is worth the expense, as the credit-freezing services will save you much hassle and worry. Currently, many credit bureaus provide these services, such as Experian, Equifax, and Trans Union.

The fees for these credit bureaus varies from $10-$15 per month per bureau. When paying for the use of four bureaus, the maximum fee is $60. This variance in fee structure is due to the specific security steps you want the bureau to take on your behalf in case of any emergency. To expedite the process, you should take proper legal steps by providing the agency with a copy of the police report and a written affidavit that the filer is a victim of identity theft. In the majority of cases, a police report is available online; this can be provided for the filer as well as authenticated by the credit bureau.

In cases of fee-based security freezing, the fee will only cover the time-span while the freeze is kept intact. Moreover, the structuring of fees is not complicated. Each credit bureaus has a different plan for freezing your information. For example, Equifax details its reasonable breakdown for each plan, which can easily be calculated by any interested user. Detailed plans can be accessed here.

Separate facilities for getting credit reports and credit scores may also be available. The fee structure of this facility is also broken down in various ways. Your credit reports may be accessed at this site. The benefits of this service are delineated on official website:

  • Pull your 3-bureau credit report and scores once for one flat fee.
  • See your entire credit profile in a simple, consolidated view.
  • Understand what your credit profile means via a summary of positive and negative factors impacting your score.

After signing up for the Complete Report Plan, users will also receive a 25% discount.

I also suggest Credit Karma as a free alternative to check 2 of your 3 credit reports and access your credit score.

Follow these suggestions to protect yourself from identity theft. Once thieves have your information they can really make your financial life messy. Not only does this cost you money that you cannot afford, it could also damage your reputation or cause legal problems.

Many women have had their lives and credit histories blemished by identity theft. Knowledge is power, and now that you know how women can prevent identity theft you will be better able to protect yourself from becoming a victim.

In fact, I recently recorded a presentation with my friend and colleague, Bill Winterberg, CFP®, about identity theft and protecting your information online. Bill is a technology expert and consultant in the financial services industry, and he also happens to live in Atlanta, so we shot the following presentation in his home studio.

We were planning for this to be 30-35 minutes long, but as you’ll see below the presentation is 70 minutes long.

In the presentation above, Bill and I cover a lot of information, but we’re primarily focused on 4 main topics:

  1. Login Security
  2. Device Security
  3. Safe Data Sharing
  4. Social Engineering

And for those of you who prefer to read rather than watching a video, here’s some more on these 4 areas.

Login Security

Secure all of the mobiles devices and online services you use with strong passwords. Hackers will attempt to crack your passwords with brute force attacks using combinations of dictionary words, common number and letter substitution (@ for “a”), and pattern checking.

  • The illustration at https://xkcd.com/936/ demonstrates how many of us have been incorrectly led to believe that mixing case and performing character substitution increases password strength
  • The key to password strength is entropy or the measure of uncertainty in random variables
  • The more characters in a password, the higher its Clearly, length equals strength.
  • Passwords are like your underwear: Change them often, don’t share them, don’t leave them lying around, and keep them a mystery!
  • Use https://www.passwordmeter.com/ for password (or a close approximation) strength ratings
  • Many of us have dozens of passwords for all the various websites and services we Popular password manager software helps organize and secure passwords, including:
    • LastPass
    • RoboForm
    • Dashlane
    • 1Password
    • Meldium

In addition to strong passwords, use multi-factor authentication for greater security to your online logins. There are three types of authentication factors to verify your identity:

  • Something You Know, like your username, password, PIN, or finger gesture
  • Something You Have, like your ATM card, security token, smartcard, or mobile
  • Something You Are, like your fingerprint, retina, voice, or typing

Websites and services that support multi-factor authentication, typically using your mobile phone, include Google, Facebook, LastPass, Dropbox, Twitter, LinkedIn, Chase Bank and more.

When you use the Internet, be aware of your protection using security and encryption protocols.

  • Whenever possible, connect to websites using an https:// connection and Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Modern browsers will display secure certificate information in the address bar.
  • Enforce https:// connections with the HTTPS Everywhere browser plugin compatible with Firefox and Google Chrome
  • Attackers use programs like Firesheep and WiFi Pineapple to eavesdrop on unsecured https:// (no “s”) connections to capture your online credentials and gain access to your accounts

And if you’re interested in reading more on password security, check out this article and accompanying infographic from LastPass on “The Psychology of Passwords, Neglect is Helping Hackers Win.”

Device Security

Just as you secure your computers and online accounts with strong passwords, your mobile devices also need to have strong protection.

  • Enable the passcode login, activate the Auto-Lock timeout, and set the number of failed login attempts before device information is erased

“If unlocking your device isn’t a little inconvenient, it isn’t secure.”

  • Turn off the default four-digit passcode (iOS) or login pattern (Android) and replace it with a longer alphanumeric If unlocking your device isn’t a little inconvenient, it isn’t secure.
  • Be familiar with apps to locate and remotely wipe a lost or stolen For iOS, use Find My iPhone, Blackberry use BlackBerry Protect, Windows use Exchange ActiveSync, and Android use Android Device Manager. Third-party apps include Norton Mobile Security, Lookout Security, avast! Mobile Security, or an app supplied by your cellular carrier.
  • Enterprise mobile device management platforms include Symantec Mobile Management, AirWatch by VMWare, MobileIron, XenMobile by Citrix, and IBM MobileFirst are built to support the Bring-Your-Own-Device (BYOD) trend in the workplace

Safe Data Sharing

Would you mail a postcard containing a client’s social security number or birthdate? No way! But what about sending the same information via email? Email is not a secure way to communicate personal information. You can attach files to emails that are protected by a password but remember the entropy guidance earlier in this document.

Secure file exchange services are becoming popular methods to exchange confidential files. Services include ShareFile, Box, SecureDrawer, and SpiderOak.

Also, confirm that the networks you use for business are secure.

  • Contact a professional to review your hardware and software firewall Perform “leak testing” of existing devices and document test results for your internal files.
  • Secure your WiFi networks with WPA2 encryption. Require a strong access password (high entropy) for WiFi access, and turn oyour WiFi network when it is not needed, such as overnight.

Social Engineering

Attackers use social engineering techniques to manipulate people into divulging confidential information. Popular social engineering techniques include:

  • Phishing: Typically an email that is carefully crafted to appear like it came from a trusted source, but contains links to websites designed to capture your personal and confidential information.
  • Pretexting and Spoofing: Attackers impersonate a close friend, relative, or client in a ruse to get you to share personal information you would only provide to someone you know.
  • Reverse Social Engineering: Attackers contact you claiming to represent a software company and that your computer has a problem they detected. They offer to fix the problem with a software update, but the software update is malicious software (malware) designed to steal your information.
  • Curiosity: Attackers drop USB thumb drives with enticing labels (e.g. “Personal and Confidential,” “2014 Tax Returns”) in business parking lots, hoping people will pick them up and plug them into corporate computers to read their This allows attackers to deploy malware inside the corporate firewall.

Attackers create a false sense of urgency to pressure or scare you into doing something they want. They use fear tactics or temptation to compel you to act when you shouldn’t. Common sense strategies are often enough to defend against social engineering tactics.

  • Be Suspicious: Consider the context of communication. Is the message sudden and unexpected?
  • Stay Updated: Keeping the software you use updated reduces the chances attackers can exploit known vulnerabilities to steal your information.

“Attackers want you to act without thinking. If a situation doesn’t ‘feel’ right, pause and gather your thoughts.”

  • Resist Urgency: Attackers want you to act without If a situation doesn’t “feel” right, pause and gather your thoughts. Anxious attackers will give up quickly.
  • Authenticate and Verify: Ask to call back the alleged attacker impersonating a Challenge the caller with a security question, or send a verification code to their mobile phone.
  • Training: Conduct simulated phishing attacks in your business to identify vulnerable points of Solutions include Wombat Security, TraceSecurity, and ThreatSim.

If you believe you are a victim of an attack, contact the Internet Crime Complaint Center (IC3). The FTC Identity Theft Resource Center also has useful material.

And for my clients who have accounts at Fidelity Investments, please review their security page for advice on how to increase the security around your accounts. And this page covers the ways Fidelity safeguards your accounts through different types and layers of insurance coverage.

If you’d like to discuss identity theft prevention or I can help you align your financial resources to live your best life, please give me a call.

Thanks for reading. While you’re here, be sure to sign up for my weekly email newsletter where I share tips, advice, and stories about the intersection of money and our lives. Just click here to join the community.

Russ Thornton
Russ Thornton
Hi there! I'm Russ, and I help women in their 50s and 60s achieve and maintain their desired lifestyle leading up to and throughout their retirement years. Imagine being able to look forward to a comfortable and confident financial future...
Share
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Share on email
Email