It’s Halloween, and you doze off in your comfy chair with a bowl full of goodies, waiting for trick-or-treaters to arrive.
The bell rings, and you open up the door to see the masked faces of your visitors. There’s one with an Edvard Munch “The Scream” mask – a classic. There’s one with a Nixon mask – probably passed down from his parents. And what’s that other one? It looks familiar. Now that it’s in the light, you yell in terror as you recognize the face: it’s YOU!
Fortunately, your own scream wakes you up and you realize that you’ve just experienced an identity theft nightmare.
The nightmare of identity theft affects tens of millions of people every year. It disrupts lives, damages reputations, creates financial loss, and provides a cloak of anonymity to criminals.
The 2014 Unisys security index shows that identity theft is the #1 personal concern in 5 of the 12 surveyed countries and the #2 concern in five more. Identity theft was also the top personal concern reported in the 2013 and 2012 survey results. These concerns mirror the frightening statistics reported by Javelin Strategy & Research, including the finding that the year 2013 saw “1 incident of identity fraud every 3 seconds.”
Protecting yourself from identity theft is a challenge that pits you against an unknown collection of criminals. Some work alone, but many are part of organized gangs whose attacks range from straightforward to sophisticated. My previous blog about social engineering, Word of the Day: Social Engineer, pointed out some of the more straightforward ways that criminals try to gather information that they can use to steal your identity. The simplest is to ask: “Hello, Mr. Jones. I’m an auditor from your bank, and we believe someone else might be using your credit card. Can you please tell me your card number and security code so we can compare it with the one that was reported?”
If you fall for that one, you need to take a course in Skepticism 101.
Guarding the more sophisticated attacks requires you to take preventive measures, and in some cases make changes to habits you’ve developed over the years.
In his blog, 5 Tips for Consumers for Online Safety, Nick Evans gives some advice to get you started in your quest to protect yourself against criminals who gather bits of your identity through your social media, banking transactions, discarded receipts, purchases – both online and at brick-and-mortar stores, and a variety of other means.
To get a quick idea of how well you’ve protected yourself against identity theft, let’s consider Nick’s 5th tip: “Have your personal ‘BC/DR’ plan ready to go ahead of time”. Yes, it’s true that by the time you need the plan, your identity has already been stolen, but your personal disaster recovery plan can enable your personal business continuance by limiting the extent of the damage. Take a minute now and find your list of important numbers to call in the event of identity theft and your list of credit card numbers. If you can’t find it, there’s a good chance that you need to take some time to implement other protections as well.
Your DR plan should also include knowing what actions to take when you discover you’ve been victimized. When your emotions are high with worry, you may find it hard to think clearly, so keep the Federal Trade Commission’s recommendations with your credit card information. The FTC recommends starting by placing an initial fraud alert, and their advice goes into more depth about that step and the follow-ons.
Of course, you don’t want it to get that far, but as the Privacy Rights Clearinghouse points out, you can’t completely prevent identity theft. However, you can take steps to reduce your risk. Some of their 45 suggestions would be in the syllabus of that mythical Skepticism 101 course, such as “Never respond to ‘phishing’ email messages.” Others, such as “shield your hand when using a bank ATM machine,” ask you to learn new behaviors, and still others, such as “Reduce the number of credit and debit cards you carry in your wallet,” ask you to modify old behaviors.
Curiously, none of the identity theft advice goes so far as to recommend, “Don’t open your door to small strangers wearing masks,” but that’s one for you to apply based on context.