Protecting Yourself and Loved Ones from Identity Theft May be Easier than You Think

A well-dressed woman driving a BMW pulls up to your neighbor’s mailbox. The “For Sale” signs that are clearly visible in the back seat of her car identify her as a real estate agent. What is less evident as she goes into the mailbox is that she’s not putting something in it – she’s taking something out. You just witnessed an identity thief at work.

Initially, she may only have a name and address. But next comes the bait. The thief casts her net with a phishing campaign designed to lure your neighbor into providing more information—a phone number, an email address. Before you know it, a credit card is issued and is being used by someone other than your neighbor. This true story is about a convicted felon in Tiburon, CA, guilty of 22 counts related to identity theft.

Could this happen to you?
According to the Tiburon Police Department, one of the largest identity scams they came across involved people posing as long lost relatives and friends. The perpetrators targeted senior citizens, getting them to reveal personal information which was used in a variety of ways to access bank accounts and open lines of credit in their names.

According to the Identity Theft Resource Center, a non-profit organization providing consumer education and victim assistance, identify theft continues to be one of the fastest growing crimes in the United States today. While protecting yourself can seem daunting, there are a number of simple ways you can begin to protect yourself and loved ones today, at no cost to you.

The following provides information, guidelines, tools and steps for preventing identity theft, protecting yourself and loved ones, and taking action should you find yourself the victim of this growing crime.

Recognizing the scam: the most common types of identity theft
Identity thieves employ a wide variety of methods to obtain your personal and financial information. Here are some of the most common scams being used today:

• Traditional Theft: someone steals your wallet or recovers a lost wallet.
• Dumpster Diving: a thief rummages through your trash looking for any documents with identifiable and personal information.
• Mail Theft: virtually any piece of mail (including junk mail and magazines) can be used by a thief to piece together your identity.  Any incoming or outgoing mail can be at risk to theft.
• Phone Scams: one of the prevalent tactics used to steal senior citizens’ identity. Callers commonly pose as long lost relatives or friends, government representatives, or creditors asking for sensitive information. In the course of the conversation they get their target to reveal personal information. Other types of phone scams include automated messages asking you to input bank or credit card account information or a Social Security number.
• Shoulder Surfing:  Someone looks over your shoulder while you complete a form, log in to your laptop or enter your PIN at an ATM, or when using your debit card at a store or gas station.

As e-commerce continues to grow, providing increasingly convenient ways for consumers to transact business via the internet, it has also become more convenient than ever for identity thieves to collect a broad range of your personal information. Here are some common internet-based identity theft scams you will want to be aware of:

• Phishing (email and text):  thieves send an email or text message that appears to be from a bank, credit card company or social media site, urging you to click on a link and provide your personal account and/or other identifying information.
• Lookalike Websites: these are not secure and have been known to model other web sites to get you to reveal personal information; a fake bank site will try to get you to enter your account information.
• Quizzes/Survey/Social Media: if you are prompted to answer a quiz or survey, or participate in a contest or sweepstakes from a website, it’s important to understand that you are providing information from your I.P. or web address (automatically captured), as well as any identifying information you type in or authorize.
• Peer-to-Peer File Sharing: scammers search for users who accidentally configured their software to share sensitive financial documents stored on their computers.
• Malware/Viruses: your computer can become infected if a scammer convinces you to open a link or an attachment.

How can you protect yourself?
The continual rise in the number of identity theft incidents and victims each year has given birth to a relatively new industry: identity theft protection monitoring and insurance. A number of companies now offer services and insurance designed to help their customers protect personal information and recoup their losses should they fall victim. Typically, these companies will help monitor your credit scores, alert you to suspicious activity and provide other services aimed at keeping your most sensitive information secure. Below is a chart comparing some of the features and services commonly offered by identity theft service providers versus the do-it-yourself approach to identity theft protection.

Services listed below will vary by provider and do not represent a complete list of available services. 

Services, cost, insurance coverage and frequency of monitoring and reporting will vary by service provider. Not all services listed are available through each of the major service providers. Cost of insurance and coverage amounts vary by provider. Organizations including the Consumer Federation of American and www.IDProtectionguide.net offer online comparisons, articles, blogs and other information about identity protection service providers.

Should you consider identity theft insurance?
As more and more companies and individuals fall victim to some form of identity theft or information security breach, many people are wondering if they should purchase insurance to protect them in the event their data is compromised or stolen. To put identity theft insurance in perspective, it’s important remember that no identity theft protection plan is foolproof. The reality behind identity theft insurance is that fees are covered only after the crime has been committed.

There are some companies that offer restoration services to victims, but insurance companies do not supply this service.  Although many companies advertise a “$1 million” insurance protection guarantee, it pays to read the fine print. There tend to be a numerous caveats with this type of insurance. Below are several situations that are commonly not covered:

• Most insurance policies carry a deductible ($500 is not unreasonable), so if the cost to repair the damage is less than the deductible, you may still be responsible for paying all of the damages. 
• The insurance policy may offer recovery of lost wages or reimbursement for legal fees, but this usually includes certain limitations and required preapprovals. Also keep in mind that an attorney is usually not required to resolve most instances of identity theft, so this service is seldom used.
• It is important to understand that identity theft insurance doesn’t reimburse you for money that is stolen from you.
• A major factor in identity theft recovery is time – the hours spent making the appropriate reports and necessary phone calls. Even with a protection service, much of the time and hassle to rectify the situation falls on you. This is because banks and creditors usually insist on dealing directly with you, and not a service provider representing your interests. Before purchasing identity theft insurance protection, always ask if the insurance company helps with any of the recovery work.
• Another interesting point to note about identity theft insurance policies is that they do not pay for damages if the crime is committed between family members.  This is problematic because a significant number of identity theft incidents involve a relative of the victim.

Identity theft insurance policies may be worth the cost if you are a frequent traveler or have a large number of accounts with different companies. The more accounts you have, the more documents and databases with your personal information, putting you at potentially greater risk for identity theft.

The bottom line is that the companies offering protection cannot prevent identity theft from occurring, but may be able to aid in the process after the fact. The services are a convenience for those too busy to track their information on their own. However, they generally don’t provide any service you cannot perform yourself for free or at a minimal cost. 

What steps can you take to safeguard your identity?
The bottom line is that no service provider can offer 100% protection. So the best way to protect yourself from identity theft is to be proactive and safeguard your information before it can ever be used to hurt you. 

Below is a list of some generally recommended practices you can initiate on your own that may significantly increase the security of your personal information. Although this is not an exhaustive list, it showcases a common-sense approach that can be applied to other aspects of protecting your identity.

1.  Ask for a free credit report.  By law, each of the three major credit reporting companies must provide you a free report once a year upon your request. Consider obtaining your free annual report from one of the three companies every four months. Staggering reports  enables you to review your credit activity more frequently. To order your free annual report from one or all of the national consumer reporting companies, visit www.annualcreditreport.com or call 877.322.8228 toll-free.

2.  Never give out all or part of your SSN, mother’s maiden name or account numbers to strangers over the phone.  If you believe someone who says they are calling from your bank or a creditor is not a legitimate representative, call the bank or creditor back at the number listed on your account statement, not the number the caller provided. 

• Register for Do Not Call: register a personal phone number at www.donotcall.gov or call 1-888-382-1222. Registration is free. Organizations that you have an established business relationship are permitted to contact you even if you are registered. You cannot register a business phone number.

3.  Invest in a cross-cutting shredder. A cross-cutting shredder prevents thieves from re-assembling the strips that are produced by ordinary shredders. You are strongly advised to shred documents that contain any of the following pieces of information:

• Account Numbers
• Passwords
• PINs
• Signatures
• Social Security Numbers
• Date of Birth
• Mother’s Maiden Name

     To a lesser extent, you should shred documents that have any of the following information, even though this information is generally available through public records. However, since identity thieves usually collect data from multiple sources, even a simple piece of junk mail can be combined with other data to compromise your identity.

• Name
• Address
• Email
• Phone Number

     When to shred your documents:

• Junk Mail: immediately

• Credit Card Receipts: immediately after checked for errors

• Tax Documents: keep in a secure location for a minimum of 7 years, assuming you file a return every year

• Mortgage: retain documents for 6 years following the sale of the property

• Pay Stubs: 1 year or until they agree with your W-2

• Medical Records: 1 year minimum

• Credit Union/Bank Statements: 1 year

• Insurance: Life of policy plus 5 years

• Receipts: shred immediatelyUtility Bills: immediately after bill is paid (unless you have tax-deductible expenses such as a home office and need to retain these for tax purposes)

     Disposing of shredded documents depends on the type of shredding. There are two types of shredders: strip-cut and cross-cut. Cross-cutting is more effective since the remains are harder to piece back together. However, cross-cut shredders are generally more expensive than strip-cut shredders. Also, cross-cut shredding is not as recyclable as strip-cut shredding and therefore not all recycling centers take cross-cut paper shreds. If that is the case, you can always contact a local document shredding company if you want to ensure your shredded documents are disposed of properly or find other means to recycle the paper.

4.  Ensure that any business conducted electronically or online is done through secure websites and legitimate companies. First, check to see if the website address begins with “https://”. The “s” at the end of “http” indicates you are connected to a secure web server. If you enter personal information on a non-secure or “http” web server, someone actively or randomly surveying your interaction on the website can capture sensitive and personal information. On an “https” website, only your computer and the website you are communicating with can view that information. Never enter credit card or password information on a website beginning with “http”. However, this isn't always the best indicator since scammers can also have https websites. The key is to know who you are dealing with on the internet at all times. This may require researching the company or website you are dealing with. Another useful indicator is if a website has “lock” next to the URL (the site address that appears in your browser) or at the bottom of the page (depending on the browser you are using). You can click on “lock” to view the certificate of the webpage and specific details about the site. This may include the origin of the certificate, its expiration date and any other information to prove that the remote server communicating with the site is safe. 

• The best way to protect yourself from unsafe websites is to verify the link with trusted and reliable online services. Google Safe Browsing lets users enter links to check if the site has hosted malware in the past 90 days. If you want more in-depth information, hpHosts offers the same service, but provides even more detail. Norton Safe Web and Unmasked Parasites are also good services for checking websites. 
• Similar to URL checkers, you can add security suites that have browser add-ons to check links automatically on search pages. AVG LinkScanner is a free add-on that is both PC and Mac compatible and even works for Android devices. 
• If you have children that use the home computer, make sure they know not to give out ANY information without your consent. It is very easy for an identity thief to pose as a friendly stranger and ask for what seems like routine information to a child or teenager. Monitor you children while they are online and instruct them about the dangers of internet scams. Ask your Internet Service Provider for parental control features for more protection if necessary.  

5.  Pay bills at the post office or online. As described in the Tiburon example, a thief can take your mail and use it to access your accounts. If you are mailing a bill, someone can steal your check to obtain the routing information from it. Regardless of what you are sending, a thief can take your name and address and piece together the rest of your information from other documents and phishing scams. Having a locked mailbox or P.O. box can also help reduce the risk of stolen letters, checks or bills.

6.  Make sure nobody is standing right behind you when you’re using an ATM machine. He or she may be trying to photograph your card number and password with a camera cell phone. Always shield your hand and the screen, even if no one is right behind you.

7.  Be vigilant about your passwords – commit them to memory and use multiple passwords. Never write passwords down or have them on your person. If you forget a password, the company can usually issue a new password with a simple identification question or email a link to your email address of record. Mix up your passwords rather than having one universal login and be sure to include a combination of upper and lower case letters and numbers. In the event that you fall victim to a phishing scam and your password is stolen from a website, the thief has easy access to all of your other accounts that use the same password.

8.  Pay attention to your creditor’s billing and statement cycles. You need to be aware if a bill or statement does not arrive, it may be that an identity thief has changed the billing address.

9.  Consider using a dedicated credit card for online shopping. If you see an unauthorized charge appear on this card you can immediately report it as ‘lost or stolen’ without disrupting your normal use of your bill-pay or other credit cards.

10.  Check account statements for charges that you did not authorize. Do scrutinize the small charges; fraudulent 'micro charges’ that show up every month often go under the radar and will not be refunded by the credit card company if not reported within their reporting window.

11.  Do shred “convenience checks” and prescreened offers. Better yet, phone the number on the back of your offer and ask the company to stop sending them. With credit offers, your best option is to contact the website operated by the major consumer reporting companies (Equifax etc.) www.optoutprescreen.com and you can stop the offers from coming. If you prefer to use the phone you can contact them at 1-888-5OPT-OUT (1-888-567-8688).”

Steps to take in the event that your identity is stolen

1.  Contact the toll-free fraud number for any of the three consumer reporting companies below to place a fraud alert or a credit freeze on your credit report. You only need to contact one of the three companies to place an alert. The company you call is required to contact the other two, which will place an alert on their versions of your report, too. If you do not receive a confirmation from a company, you should contact that company directly to place a fraud alert. If you need to place a credit freeze, you need to contact each of the three credit monitoring bureaus individually:
-TransUnion: 1-800-680-7289; www.transunion.com
-Equifax: 1-800-525-6285; www.equifax.com
-Experian: 1-888-EXPERIAN (397-3742); www.experian.com

     What is a fraud alert? In order to place or remove a fraud alert on your credit report, you must provide proof of identity, including your Social Security number, name, address, and other requested information. There are two different types of fraud alerts, an initial alert and an extended alert that are appropriate under certain instances of theft.  When to use either alert is outlined below:

     -Initial fraud alert – remains on your credit report for a minimum of 90 days.  Appropriate if your wallet has been stolen or if you’ve been the victim of a “phishing” scam. Potential creditors use “reasonable policies and procedures” to verify identity before issuing credit, but the steps they take may not always alert them that you are the applicant. You are entitled to one free credit report from each of the consumer reporting companies and may opt to have only the last four digits of your Social Security number on your credit reports.

     -An extended fraud alert stays on your credit report for seven years.  An extended alert can be placed on your credit report if you’ve been a victim of ID theft and provide an Identity Theft Report. This requires any potential creditors to contact you or meet you in person before issuing credit in your name. You are entitled to two free credit reports within the ensuing twelve month period. In addition, the consumer reporting companies remove your name from marketing lists for pre-screened credit offers for five years unless you instruct them to replace your name on the list.

     -Fraud alerts are not solutions to every type of ID theft. They do not protect against the use of existing credit cards or prevent the opening of certain types of new accounts (including phone, wireless, bank accounts). However, fraud alerts are extremely useful in stopping identity theft involving the opening of a new line of credit.

     What is a credit freeze? - A credit freeze is a way to block your credit reports to make it a lot tougher for an identity thief to get a loan or open a credit account in your name. While a freeze is in place, no one can open an account in your name, not even you, and persons performing background checks cannot access your credit file.  Although stronger than a fraud alert, the drawback with a credit freeze is that it lengthens the time for you to get a loan or a new line of credit. In order to get a freeze lifted, you have to provide the bureaus with a specially issued personal identification number and several days notice. 

2.  Immediately report the crime to your banks and creditors. Contact your credit card issuers, close your existing accounts and get replacement cards with new account numbers. Make sure you request that the old account reflect that it was "closed at consumer's request" for credit report purposes.  If your Social Security number has been used, notify the Social Security Administration's Office of Inspector General.

     What steps should you take if you find fraudulent debit card transactions on your account? 
     1.  Contact your debit card provider and report the illegitimate transaction(s). This should be done as soon as you discover the false charge
     2.  Write a letter/email confirming you reported the problem; save/copy the letter and if mailed, ask for a return receipt 
     3.  Update your files to reflect when you made calls/sent letters; keep copies of all correspondence

     -The timeframe in which you respond to debit card fraud may limit losses. If you respond within two business days, your maximum loss is generally $50.  However, if more than 60 business days pass before you alert your debit card provider, you risk all of the money from your debit account being taken and your credit line maxed. Whether or not you will be reimbursed for all or a portion of losses is determined by the financial institution. Your institution’s policy can usually be obtained at the company’s website, by calling customer service or on your debit card account agreement. Financial institutions must adhere to certain mandatory deadlines when completing fraud investigations and inform you of the results and any actions they plan to take in regard to your account.

     What steps should you take if you find fraudulent credit card transactions on your account?
     -Contact your credit card provider and report the illegitimate transaction. If you haven’t received a statement on time, contact your credit card company – an identity thief may have changed your mailing address of record. You may be required to:
        A.  Write to the credit card company within 60 days of the date you received a bill with fraudulent charges.
        B.  Write to the address specified for billing inquiries, not the payment address
        C.  Identity the amount/date of the billing error
        D.  Include your name, address, account number, and a copy of an ID Theft Report (if one has been filed) and other required proof of identity
        E.  Send the letter by certified mail with a return receipt
        F.  The company must acknowledge your complaint within 30 days of receiving your letter and must resolve the dispute within 2 billing cycles (less than 90 days) after receiving your complaint.

2.  Update your files to reflect when you made calls/sent letters; keep copies of all correspondence.

3.  The next step is to report the crime to the police/sheriff’s office in the area where it occurred. Identity theft is a felony and charges may be filed against the thief.  Make sure to make a copy of the report and send it to the credit bureaus – this will help correct information on your credit report.

4.  Send a copy of the police report to the three major consumer reporting agencies.  Once the three consumer reporting agencies receive the police report and a request from you, they are required to block any adverse information on your credit reports resulting from the crime.

5.  Ask businesses to provide you with information about transactions made in your name.  By law, businesses must give you this information, but may require proof of your identity - including a copy of the police report and your fingerprints. To obtain your fingerprints, contact your local law enforcement. You generally will pay a fee for this service and will have to wait for processing before you receive a letter notifying you that your fingerprints are on file. Businesses refusing to provide information to you may be subject to actual damages and/or fines, based on local state laws governing willful violations.
6.  Contact the Federal Trade Commission’s Identity Theft Hotline, 1-877-438-4338.  You can also visit the FTC’s ID Theft web site at www.ftc.gov/idtheft.  Among other things, the FTC site provides a uniform ID Theft Affidavit that is accepted and endorsed by many businesses.

We hope you found this information helpful and will share it with family and friends who may also find it useful. At Pharaoh Financial Group, our goal is to help you plan to live life well by helping to protect and preserve the wealth you have built. For more information or to contact Jacques Bolivar, call (510) 704-9500 or email at jacques@pharaohfinancial.com.