Equifax Data Breach Protection Tips

How to Protect Yourself from the Equifax Data Breach

Equifax, one of the three major consumer credit reporting agencies disclosed that hackers compromised Social Security and driver’s license numbers as well as names, birthdates, addresses and some credit cards on more than 143 million Americans. If you have a credit profile, you were probably affected.

Credit reporting companies collect and sell vast troves of consumer data from your buying habits to your credit worthiness, making this quite possibly the most destructive data security breach in history. By hacking Equifax, the criminals were able to get all of your personally identifying information in a one-stop shop. This is the third major cybersecurity breach at Equifax since 2015, demonstrating that they continue to place profits over consumer protection. Ultimately, their negligence will erode their margins, their credibility and their position as one of the big three.

But that isn’t your concern – your concern is protecting yourself and your family from the abuse of that stolen information that will happen over the next 3 years.

Minimize Your Risk from the Equifax Data Breach

  1. Assume that your identity has been compromised. Don’t take a chance that you are one of the very few adult American’s that aren’t affected. It’s not time to panic, it’s time to act.
  2. If you want to see the spin that Equifax is putting on the story, visit their website. Here’s how the story usually develops: 1. They announce the breach and say that fraud hasn’t been detected 2. A few days later when you aren’t paying attention, they retract that statement because fraud is happening, 3. Sometime after that they admit that more people, more identity and more fraud took place than originally thought. They encourage you to sign up for their free monitoring (which you should do), but it does nothing to actually prevent identity theft, it just might help you catch it when it happens.
  3. I recommend placing a verbal password on all of your bank accounts and credit cards so that criminals can’t use the information they have from the breach to socially engineer their way into your accounts. Call your banks and credit card companies and request a “call-in” password be placed on your account.
  4. Begin monitoring your bank, credit card and credit accounts on a regular basis. Consider watching this video and then setting up account alerts to make this process easier.
  5. Visit AnnualCreditReport.com to get your credit report from the three credit reporting bureaus to see if there are any newly established, fraudulent accounts set up. DON’T JUST CHECK EQUIFAX, AS THE CRIMINALS HAVE ENOUGH OF YOUR DATA TO ABUSE YOUR CREDIT THROUGH ALL THREE BUREAUS.
  6. MOST IMPORTANTLY, FREEZE YOUR CREDIT. The video above walks you through why this is such an important step. Some websites and cybersecurity experts will tell you to simply place a fraud alert on your three credit profiles. I am telling you that this isn’t strong enough to protect your credit. Freezing your credit puts a password on your credit profile, so that criminals can’t apply for credit in your name (unless they steal your password too). Here are the credit freeze websites and phone numbers for each bureau. Equifax is being overwhelmed by requests, so be patient and keep trying. Even if it doesn’t happen today, you need to Freeze Your Credit!

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

John Sileo is an an award-winning author and keynote speaker on cybersecurity. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

7 Steps to Prevent Identity Theft

Click the image below for a PDF of 7 Steps to Preventing Identity Theft

 

Protecting your personal identity doesn’t need to be difficult. But it does take a bit of effort to minimize your digital footprint. The following action items are among the first you should take to protect yourself and your family. From there, we can go into greater detail on protecting the smartphones, laptops and Internet accounts that are increasingly being targeted.

Summary of ID Theft Protection Action Items

  1. Opt out of financial junk mail by registering at www.OptOutPreScreen.com.
  2. Shred any paper documents that would go in the trash with a durable and safe confetti document shredder.
  3. Freeze your credit with ExperianEquifax, and TransUnion.
  4. Use Identity Monitoring to track your data.
  5. Lock your identity documents in a bolted-down, fire-resistant document safe.
  6. Protect your computer with security software, a firewall, secure Wi-Fi, encryption and strong passwords.
  7. Track your credit report 3 times per year for FREE at www.AnnualCreditReport.com.
  8. For further tools, purchase a copy of Privacy Means Profit.

Detailed Explanations

  1. Opt Out of Financial Junk Mail

Problem: Your private data is bought and sold by junk-mailers without your knowledge.
Solution: Opt out by calling 1-888-567-8688 or visiting www.OptOutPreScreen.com.

There are complete industries built around collecting, massaging and selling your data – your name, phone number, address, spending patterns, net worth, the age of your children, the magazines you buy, etc. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase.

To minimize the amount of your personal information bought and sold on the data market, begin “opting out”. Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-Approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers.

Pre-approved credit offers (also called pre-screened or pre-qualified credit offers) are possible because credit reporting bureaus (Experian, Equifax and Trans Union – companies that collect and sell financial data on nearly every American) make a great deal of money selling your identity (i.e., name, address, phone number, age, credit score) to credit card, loan and insurance companies. But it is your right to stop the sale of your information. To opt out of pre-approved credit offers with the three main credit reporting bureaus, call 1-888-567-8688 or visit www.OptOutPreScreen.com. There is no cost to you for opting out.

Once you’ve completed this step, begin opting out of ALL information sharing on every account you have (bank, brokerage, mortgage, utilities, phone, etc.) as well as with the Direct Marketing Association.

  1. Shred Your Paper Trash

Problem: We throw away private information every day. This is where dumpster divers begin.
Solution: Buy a high-quality document shredder.

Assume that any document you throw out will end up in the hands of an identity thief. Get in the habit of either chopping or locking documents and disks that contain identity (name, phone number, address, social security number, account numbers, passwords, PIN numbers, phone numbers, client information, children’s’ information, etc.).
When buying a paper shredder, I recommend the following features:

  • Cross-cut confetti shredding
  • 10+ pages of simultaneous feeding capacity
  • Allows shredding of stapled documents, credit cards and CDs

The shredders I like best are made by Fellowes. I like Fellowes because of their SafeSense technology, which turns the shredder off if your fingers (or your kids’ fingers) get too close to the shredding device. This adds a great deal of peace-of-mind to an already effective product. They also have anti-jamming technology that makes them less frustrating than other brands and they don’t seem to break down as frequently. Convenience is key! Make sure you place a confetti shredder next to ALL of the places that you handle identity (where you open your mail, your home office, your desk at work) and shred everything possible. Don’t skimp here – if you don’t make it convenient for yourself and your employees, it won’t get done. If a document has identity of any sort on it, shred it, even if it isn’t your information. Don’t forget to destroy digital files as well, like those that live on a hard disk when you donate your computer. If you can’t shred it, lock it up in a fire-safe (see below).

  1. Freeze Your Credit File

Problem: If a thief gains access to your credit file, they can spend everything you’re worth.
Solution: Freeze your credit with ExperianEquifax, and TransUnion.

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file, which is maintained by companies like Experian, Equifax and TransUnion. The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit (i.e., spend your net worth) in your name.

A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.

Don’t let anyone talk you out of freezing your credit. It is the number one thing you can do to prevent credit fraud. To learn more about freezing your credit, visit the three credit bureau credit-freeze sites here: ExperianEquifax, and TransUnion.

  1. Use Surveillance to Monitor Your Online Identity

Problem: Your private information is floating around on the Internet and exposing you to risk.
Solution: Monitor your online identity conveniently with sophisticated identity surveillance.

When my audiences learn that only about 25% of identity theft can be caught by monitoring their credit report, they often ask me to evaluate the more sophisticated identity theft monitoring and protection services in the market place. Not all identity monitoring services are created equal. I recommend an identity surveillance service that monitors the following aspects of your identity:

  • 24/7 monitoring of your credit file (most services provide only this – nothing more)
  • Non-credit loans (pay-day loans, etc)
  • Government records
  • Public records disclosure (court cases, real estate transactions, etc.)
  • Nation-wide criminal databases
  • Cyber-trafficking of your private information over the internet
  • The better services will also offer recovery services and identity theft insurance

I choose a particular identity theft monitoring company because of the quality and volume of monitoring they provide, the convenience of their service, and the safety of their data centers. Here’s how it works. Rather than waste hours monitoring all of the potential sources of identity theft myself, the product does it for me, automatically. Every month, a report shows up in my email inbox letting me know if there are any areas that I should be concerned about. That way, I only have to think about it when necessary. Again, convenience is crucial – if we make it easy to be safe, we will be safe! You should expect to spend approximately $200 per year for a good service (far less than you probably spend to insure your car and home, which are worth far less than your identity).

  1. Lock Up Identity Documents

Problem: Identity documents that are left unlocked in our homes and offices open up profitable opportunities for identity thieves.
Solution: Purchase a fire-resistant document safe to securely store all of your identity documents.

A majority of our most valuable identity documents (passports, birth and death certificates, wills, trusts, deeds, brokerage information, passwords, health records, customer data, employee records, etc.) are exposed to identity theft (and natural disasters, such as fire and floods) as they sit in unlocked filing cabinets, bankers boxes, office drawers or out in the open, on our desks. To complicate matters, the problem of data theft goes beyond paper documents to digital media. More than ever we need to be concerned with the physical protection of hard drives, cell phones, thumb drives, CDs and DVDs with sensitive personal or business data on them.

To store them securely, purchase a fire-resistant safe. Think of it this way. Your identity is probably worth something close to $300,000 (even if your credit is poor), not to mention the value of any business data for which you are responsible (customer records, employee information, intellectual capital). Spending a few hundred dollars to lock up the keys to your identity is simple.
Look for a fire safe that meets these requirements:

  • Able to withstand 1500° F for 30 minutes
  • Lockable by key or combination
  • Able to be secured to the foundation of your home (to prevent safe theft)
  • Preferably waterproof (where there’s fire, there’s water)

I recommend fire-resistant stackable filing cabinets because they are nearly indestructible, inexpensive and protect your data from both fires and theft. They also allow you to expand your storage capacity as you protect more and more of your identity.

One important note: increasingly, thieves are breaking into homes and businesses in order to steal identity documents. By placing them all in a central location (such as a fire safe), you are making it easier for them to steal everything at once. I suggest that you have your fire safe bolted into the foundation of your home or business. This small expense could save you hundreds of thousands of dollars. It’s no more expensive than putting dead-bolt locks on your doors.

  1. Protect Your PC

Problem: The information stored on your computer can be compromised if left unprotected.
Solution: Follow the 7 Steps to a System Lock-down listed below.

In order to protect all of the identity documents stored on our home and work computers, it is important to close all of the potential data leaks. The following suggestions will get you started, but please hire a computer security professionally to help you protect this very valuable asset in the fight against identity theft.

  1. Create strong, alphanumeric passwords. Read your copy of Privacy Means Profit for further details.
  2. Employ a highly-rated security software suite on every computer you own. It should include: anti-virus and anti-spyware scanners; password protection, phishing and pharming filters and a firewall.
  3. Configure your Windows systems for automatic security updates. Apple computers do this by default.
  4. Utilize encryption software (for professional-level protection). Encryption is more complicated than I can explain in a bullet-point, so please read for details in Privacy Means Profit.
  5. Physically lock-down your computers (especially if you use a laptop or hand-held). Desktop computers and workstations should be locked in your office, both at work and at home. More private data disappears because of stolen laptops, tablets and mobile phones than any other source.
  6. Secure your wireless network. Make sure that the connection is not open to anyone with a wireless device and that you use WPA2 encryption or better, NOT WEP. For additional security, enable SSID Masking, MAC-specific addressing and VPN tunneling (see PMP for more details).
  7. Secure your Mobile Data Devices (iPhones, Androids, BlackBerrys, Thumb Drives, Laptop Computers) using all of the tools above. Just because they are small doesn’t mean that the data on them isn’t worth a mint.
  1. Monitor your credit report three times per year.

Problem: Scammers can be using your credit and you don’t even know it.
Solution: Monitor your credit report for free, 3 times per year at AnnualCreditReport.com.

A credit report records a history of how you repay money you borrow from others. When an identity thief or credit fraudster uses your Social Security number to set up new credit accounts, you will never know it… unless you actively monitor your credit bureau accounts. By law, you are entitled to a free report every year from each of the three credit reporting agencies, Equifax, Experian and TransUnion. Details on how to read your report and detect and rectify fraud can be found in Privacy Means Profit.

Naturally, these steps will get you started down the road to protecting yourself from identity theft and cyber fraud. But there are many more suggestions than the ones above to continue protecting your identity. For a detailed plan of action, consult your copy of Privacy Means Profit or visit my blog at www.Sileo.com. To bring me in to speak to your group about identity theft, cyber security, online privacy or social engineering, contact me directly on 303.777.3221.

 

Safe Online Shopping on Cyber Monday

It’s almost Cyber Monday, so tell me something – why do you shop online? Because it’s super convenient? Or because you get better pricing? Maybe it’s because you’re allergic to hand-to-hand combat on Black Friday? I’m a huge fan of shopping online to save time, money and brain cells. But if you have bad surfing hygiene, you’re just asking identity thieves to go on a shopping spree with your money. And it’s so easy to avoid if you know how. Which you’re about to.

Thanks for joining me here on Sileo on Security, where we believe there’s no need to fear online shopping if you surf wisely. I want to share nine habits with you over the next three episodes that will keep your digital shopping cart safer than the real thing.

The first habit is just common sense. Please, stick to reputable websites with a proven track record. If you haven’t used the site in the past or if it isn’t a recognizable brand like Amazon, research before you buy! If you shop there in person, you’re probably safe online. When you buy only based on price, you generally get what you pay for. Cheap products, shipping charges, MALWARE! Also be careful about imposter websites with URLs that look almost exactly like the real one.

Next, always LOOK for the LOCK. If your browser doesn’t show a padlock in the URL bar and doesn’t start with the address HTTPS://, don’t fill out ANY forms or send ANY information via that website. The S in the address stands for secure, and everything else is just faking it! [No “S”, No $]

Third – you may get sick of hearing me say this one, but it’s so important to use strong passwords on all of your internet accounts. The easiest way for a hacker to spend your money is to crack your account because your password is your dog’s name, a word in the dictionary or something thieves can find on your MySpace profile. You don’t still have a MySpace profile?

Your One-Minute Mission today is quick and easy. Log in to the ecommerce websites you shop on most often – so for me, in order, I’d go to Amazon, Zappos, DaintyCandles.com, PayPal – you know, the usual suspects. Once you login, make your password longer and stronger than it already is. Just doing this, occasionally changing your passwords, makes thieves work a whole lot harder for those candles.

And then, as you always do, make sure that you tune in for the next episode of SOS, where I’ll give you intermediate steps to protect your online identity.

All of us at The Sileo Group wish you a happy and healthy holiday season!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Identity Theft Services: Is ID Theft Monitoring Worth the $$$?

Product Review: Are identity theft monitoring services worth it?

Yes, identity theft services can be well worth the investment, especially if you ever become a victim. Imagine that your Social Security number is part of a national breach like Anthem or the Office of Personnel Management. Or it’s stolen out of your tax preparer’s office, scavenged from your trash or skimmed from your iPad as you surf on a free Wi-Fi connection. In most cases, you have no idea that your digital identity has fallen into unethical hands, usually those of organized crime, who replicate and resell it in seconds.

Next, your identity is used by an undocumented worker to get a job, and now you owe taxes on their earnings. A second user applies for credit in your name and skips town, leaving behind your decimated credit score. Another uses your SSN to drain your health insurance benefits and append the wrong blood type to your medical file. You have no idea that any of this is taking place behind the scenes until the day that the tax bill arrives in the mail, you are denied medical coverage and a collection agency shows up at your door. Because the discovery process doesn’t happen for an average of 18 months after the initial theft, your losses are substantial and your innocence difficult to prove. Obviously, I’ve combined many forms of ID theft here into a single scenario, but everyone of them is real and common.

If I told you that there are ways to automatically detect the exposure of  your SSN online (allowing you to request its removal), to prevent the trafficking of your ID on the dark side of the web and to be notified about even the smallest use of your credit profile by criminals, would you be interested?

Every one of these preventative measures is possible, and detecting the abuse of your identity is made much more convenient and less time consuming by identity theft services that monitor your ID online. Are they a perfect solution? There is no such thing as a perfect solution, and if someone says there is, they are working too hard to sell you something. The key to protecting your identity is to layer on many forms of prevention and detection, thus persuading the criminal to move on to another target. One key layer is provided by identity monitoring services.

Monitoring your identity is much like installing a burglar alarm to protect your home – it’s a no-brainer if you are willing to invest a little to attain much more peace of mind. The most common question I get asked after my speaking engagements is which service I use personally. I have to say, despite their clever marketing, I am not a huge fan of the most popular providers, because they promise too much and deliver fewer tools than some of the better options. The identity theft services provided by the credit card companies are even more limited and less effective. I recommend doing your homework and comparing the different features of the various services.

Here are some features you’ll want your identity theft service to include:

  1. Convenience: The identity theft monitoring service should email you any time a red flag appears (changes to your credit, mailing address, bank accounts, loans, etc.) , so that you don’t have to do any extra work to keep track of your identity.
  2. Depth of Monitoring: Utilize a company that monitors your credit report at all three credit reporting bureaus (a tri-bureau report), which is vital, because the bureaus often don’t share information as much as they claim to share.
  3. Cyber-Agent Scanning: If you are worried about your private information being circulated in criminal chat rooms, carding sites, newsgroups and other digital venues where cyber criminals buy, sell and trade your data, make sure your product scans known rogue sites and alerts you to problems.
  4. Breadth of Reporting: Your identity monitoring service should also scan non-credit loan applications in case someone is using your identity to run a pay-day loan scheme.
  5. Public Document Surveillance: Your service should monitor your public records on the internet (court documents, legal agency filings) in case your information is published for any reason by the government or your Social Security number is found in public records.
  6. Restoration Services: It is vital that the identity theft monitoring service you choose provides restoration and repair if your identity is stolen. In fact, this is probably the most useful and effective part of the monitoring services, as it makes it much easier to recover from ID theft if you are a victim.
  7. Dashboard Access: I like the services that provide one easy to monitor dashboard across all aspects of your identity – that way, if something is a threat, you see it with a big red warning sign.

If a company promises you identity theft services or credit monitoring for free, run the other direction. Like anything else, identity theft services are an investment, and paying nothing means you are getting nothing other than having your name and valuable information sold to other marketers. Remember, you are protecting a digital asset (your identity) that is worth more than all of your bank accounts, mortgages, investments and net worth combined. Spending a little to save a lot is like immunizing yourself against the disease of identity theft before it strikes.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Going on Vacation? How to Keep Travel Identity Theft from Ruining Your Trip!

Click Here for a Downloadable and Printable
25 Point Travel Safety Checklist (PDF)

Here are the same tips in text format

Before you go:

  • Only book through a legitimate agency or website, as there are many travel scams out there. Read the fine print before signing.
  • Pay for your travel arrangements with a credit card – it gives you some control in disputing charges.
  • Stop your mail before leaving so that data thieves aren’t opening your financial mail for you.
  • Turn on automatic account alerts on your credit card to easily monitor all transaction (via smartphone) without having to look at statements.
  • Turn on remote tracking and wiping software on your phone so that if it is lost, you can locate and/or wipe the data off from anywhere.
  • Make sure that your laptop computer has long, strong, alpha-numeric password encryption (BitLocker for Windows, FileVault for Mac).
  • Leave most of your identity at home, especially checkbooks, Social Security cards and excess credit and debit cards.
  • Take your passport (if international), driver’s license (use this for ID, not your passport), credit card and a dedicated ATM/debit card with enough money in the account to cover your trip. I recommend these as backup and cash as your main form of payment. This limits your exposure to exactly how much you have on you.
  • Make a photocopy of those items, front and back, in case of loss. Take the photocopy with you (store separately) in case you lose your ID.
  • Request a nameless, travel-only ATM/debit card with a 4-digit PIN from your bank.
  • Never post on social network sites that you are leaving (it let’s robbers know you aren’t home) and refrain from posting pictures on the road until you return. Secure your home as much as possible with lights, locks and alarms.

On the road:

  • Protect your identity and small devices in a travel wallet or secure pocket. Pickpockets can open backpacks and purses without your ever knowing.
  • Free Wi-Fi hotspots are simple for thieves to eavesdrop on. Instead, surf on your cellular data plan (call your provider for international data plans and “tethering” instructions).
  • Never type anything sensitive on a public computer (hotel, cafe, library) as your data is probably being recorded and possibly exploited.
  • Be obsessive about keeping control of your smartphone, as it’s a mobile computer connected to your wealth. Turn on the passcode, enable remote tracking and never leave it lying around or loan it out, especially in public.
  • At ATMs, make sure that there isn’t a skimming device attached by wiggling anything that sticks out from the machine. Shield your PIN# from those behind you and never let anyone help you get money out, pay for tickets, etc.
  • Lock your digital devices, valuables and traveling papers in your hotel room safe when you don’t need them.
  • For added protection, put the privacy sign on your door and let housekeeping know that you don’t want service. Unmade beds are better than stolen documents or devices.
  • Never give credit card or other information over the phone in your hotel – many scams look like the front desk calling for your information.

Back home:

  • Review credit card statements for any fraudulent charges that happen after the fact (common).
  • Turn off your dedicated ATM/debit card.
  • Restart your mail and make sure no critical statements are missing.
  • Turn off your international data plan.

See our whole series on Travel Safety Tips to Prevent Identity Theft!

John Sileo is an an award-winning author and keynote speaker on identity theft and cyber security. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Travel Safety Tips Part 4

You’ve made it home safely after braving gastronomic adventures at greasy spoons, drinking from questionable water sources, and surviving white-knuckled taxi rides.  Now, post those vacation pictures on social media and wrap up the loose ends of protecting your identity.

Monitor Your Accounts: Shortly after you return from your travels, pay special attention to your account statements to make sure that nothing out of the ordinary appears. If a credit card number or bank account number was stolen during your trip, this is how you will catch it early and keep it from becoming a major nightmare. Contact your provider and alert them to the breach immediately.

Get a credit report: Hopefully you’ve monitored your accounts throughout the trip.  When you get home, request a report at www.annualcreditreport.com.  Check your credit report for any suspicious activity. Even if you don’t see any unfamiliar transactions, that still doesn’t mean you’re safe.Identity thieves are known to take their time and act when you least expect it, so continue monitoring!

Rotate Your Account Numbers: If you feel like your identity might have been compromised (e.g., your credit card number stolen), call your financial institution and have them issue a new card. This makes the old number obsolete, should anyone try to use it in the future.  Also, turn off your dedicated travel ATM/debit card.

If you have used your international data plan, be sure to turn it off.

Pick Up the Mail: Don’t leave it in anyone else’s hands any longer than necessary. Make sure you shred any mail that you no longer need.

(Click here if you missed the first three posts: “Planning Your Trip”, “Before you go” or “On the Road”.)

I know this may seem like a LOT to do, but the peace of mind you will have knowing you’ve done all you can to protect yourself will make your vacation just that much more enjoyable.  Happy trails!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Travel Safety Tips Part 3

Welcome to the third (and longest!) part of our four-part series on travel safety. We’ve covered “Planning Your Trip” and what to do “Before You Go” Today we’ll go through the many important things to consider while you’re “On the Road”.  Be sure to check back tomorrow for our final installment of what to do “When You Return”.

Travel Light:  If you don’t have to take it with you, increase your safety and leave it at home.  This includes:

Checkbooks: Do not carry checks or take only one or two for an emergency, placing them with your cash in your money belt. Checking account takeover is one of the simplest crimes to commit and one of the most devastating types of financial fraud from which to recover. The easy alternative? Use a credit card or cash.

Debit cards: You can reduce your vulnerability to having your checking account plundered while on vacation by leaving all debit cards (check cards) at home. Don’t be fooled into thinking that Debit/ATM cards are safe just because they have a PIN or password. Be aware, too, that debit cards don’t have the same financial fraud protections as most credit cards.

The Solution?  Actually, you have two!  You can get a nameless, travel-only ATM/debit card with a 4 digit pin from your bank.  Or you can ask your bank for an ATM-Only debit card (it won’t work in stores, only at an ATM) and make sure your password isn’t seen by roaming eyes when you are at the ATM.

Better yet, use a credit card or cash.  The exception to this is when you are traveling in a foreign country and your debit card is the most efficient way of obtaining cash from an ATM.

Excess credit cards:  Every piece of identity you take with you creates more avenues for potential fraud. I recommend that if you are traveling with another adult, you each take one credit card. (If possible, take cards from two different credit card companies. That way, you each carry only one card that can be lost or stolen, but you have a backup card if the other person’s card is lost, stolen or shut down because of fraud).  Make sure that your credit card company knows the dates and places you are traveling so that they don’t shut it down when charges are made out of town. Also, make sure you have a large enough credit line to cover your purchases while traveling. You can ask for a phone number you can call from overseas if your card doesn’t list one. The 800 number on the back of your card might not work outside the U.S.

Social Security card: It is not necessary to have your Social Security card while traveling (or at any time other than your first day of work with a new employer), so leave it locked up at home.

Bills: Don’t try to take bills to pay while traveling.
 Instead, schedule all payments before you go.

Identity Documents: Leave birth certificates, passports (unless travelling internationally), library cards, receipts, etc. at home while you travel. Anything you don’t absolutely need should be left at home locked in a fire safe. If you can travel with only a credit card, driver’s license and health insurance card (as long as it doesn’t have your SSN on it), you will be much safer.  Also, don’t put all of your info on your luggage.  A last name and phone number will suffice.

Boarding Passes: Tear up and throw away used boarding passes (or shred if you can). Those boarding passes so many of us leave behind in airplanes or hotels often contain full names and other personal information.

Excess digital gadgets: The more gadgets you bring, the more potential for theft.  Keep it simple.

Guard your devices

Passcodes: Smartphones and tablets carry as much information as laptops. Turn on the auto-lock passcode to keep others out of your data.  Also make sure that your laptop computer has long, strong, alpha-numeric password encryption(BitLocker for Windows, FileVault for Mac).

Public Access Internet Facilities: While using your laptop to access online banking or other password-protected services from Wi-Fi networks, be sure the Wi-Fi hotspots are secure. If you’re using a public computer in hotel business centers or cyber-cafes, never access any sensitive information.  Key-loggers (software that can track your keystrokes) may be tracking you.
 Better yet, install tethering between your mobile phone and tablet or laptop so that you are surfing securely.

Ask for Privacy: Instead of leaving oodles of data exposed in your hotel room (a major source of theft), hang your privacy sign on the door and let house cleaning know that you do not want to be disturbed. Lowering traffic lowers risk.

Have a plan for a stolen phone: Enable your phone’s GPS locator and “wipe” function (if available). Many phones have a setting you can switch on that helps you locate the phone via GPS if it’s stolen. Similarly, the “wipe” feature will let you wipe your data clean if it’s stolen.

Social Media:  Turn off your location settings and try to refrain from gloating about your glorious trip by posting pictures until you’ve returned safely home.

 Use the hotel safe

I can’t emphasize enough the importance of using the in-room safes that are now a part of almost every hotel room. They are easy to use and significantly increase traveling safety (decreasing theft by cleaning staff and other travelers). In addition to your traditional items such as jewelry or extra cash, use them for:

All important devices: your laptop, cell phone, tablet, iPod, thumb drive, etc.

Passports: Unless you are traveling in a country where you it is mandatory to keep your passport with you at all times, lock it up in the safe the whole time you are staying at the hotel.

Other Identity Documents: Store your plane tickets, receipts, and any other identity documents (birth certificates, extra credit cards, visa, etc.) in the safe when not in use.

Beware of scams

Hotel credit card scam: The way this typically works is that while you are sleeping, you receive a call “from the hotel’s front desk”.  The pleasant “night clerk” informs you their system has crashed and they need your credit card number to complete a night audit.  Do not give them your information over the phone.  If they don’t relent,  walk down to the desk!

Message about fraud: If you get a phone call or e-mail about suspicious activity on your card, call the customer service number on the back of your credit card instead of automatically calling back the number on the message.  That’s a common ploy by ID thieves to capture personal information. If the call was legitimate, you will be connected to the appropriate department.

Other Time-tested Tips

Mind the Lions at the Watering Hole: Increase your awareness in airports, hotels, conferences and restaurants.  Remember, where there is a crowd, there is a pickpocket, just waiting for you to be too busy with your camera or map to notice their activities. Be on the lookout also for untrustworthy passengers on the plane, especially shoulder surfers who watch you enter login credentials, PINs, credit card numbers and other personal data on your laptop, smartphone or tablet in the hopes of catching something they can use later to steal your identity.

Carry it Safely: I recommend carrying all of your identity documents (passport, credit card, driver’s license, tickets, etc.) in a travel pouch that fits around your neck or your waste (and inside of your clothing). It is a minor inconvenience, but it lowers instances of pick pocketing and unintentional misplacement. Thieves have unbelievably nimble fingers that can slip into your pocket or purse undetected so here’s an essential habit to cultivate: just before you leave your hotel room (especially in cities), verify that your money pouch is securely fastened around your waist or neck, under your clothes.

Use a Backpack: When possible, carry laptops and other large identity-storing items in a backpack that stays zipped and on your back at all times. It is easy to set down a purse, book bag or piece of luggage while at a ticket counter or retail store. Backpacks, on the other hand, are easy to keep on our person at all times, and are harder to break into without alerting the wearer.

Watch Your Cards: When paying with a credit card in a restaurant, try to keep your eye on the card. If the server removes it from sight, they may be able to create a “clone” by using a portable card skimmer that will copy the information from the card’s magnetic strip. Many restaurants are now able to process the card at your table or you can take it to the register and observe the transaction.

 ATM Machines: Use your “ATM Only” card (one that requires a PIN and does not contain a Visa or MasterCard logo) at ATM machines found at banks or credit unions that are in well-lit areas. Be sure to examine the ATM machine carefully for signs of tampering. Be on the lookout for anything that looks suspicious. Save all transaction receipts in a specific envelope to make it easy to reconcile your bank statement when you arrive home.

Use a Dedicated Travel E-mail Address: I shake my head every time when I see messages arrive from overseas via work e-mail accounts. If someone gets access to your work e-mail account, the amount of damage they could do to your livelihood is inestimable. Certainly there are times when you need to log in to your work account, but you will want to use caution in the extreme at those times.

My suggestion is to use a personal e-mail address when possible while traveling, one at which you store no sensitive information and at which a fake log-in won’t be disastrous, and communicate from that e-mail address exclusively. On occasion you will see addresses like johndoetravelemail@gmail.com; this travel-exclusive e-mail method can work quite well.

If you’re not using Bluetooth, turn it off: Some thieves can “hack” into your phone through Bluetooth, so if you’re not actively using it, turn it off!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Travel Safety Tips Part 2

This is part two of our four-part series on travel safety.  Yesterday we covered “Planning Your Trip” and in the next few days we’ll discuss “On the Road” and “When You Return”.  For today, we’ll look at steps to take after your trip is planned, but before you go.

Photocopy the contents of your wallet/documents: Or make a list of all the contents and all your travel documents to carry with you in a protected place as you travel. It’s also a good idea to leave a copy at home with a trustworthy person whom you can contact. It will save you hours of frustration if anything is lost or stolen.

Protect your accounts: Place a travel alert on your credit card accounts so the bank will know why charges from some lovely resort are suddenly showing up.  You can also freeze your credit so no new accounts can be opened while you are away.   Finally, turn on automatic account alerts on your credit card to easily monitor all transaction (via smartphone) without having to look at statements.

Hold the Mail: Your mailbox is an identity jackpot. Before you leave, place a “postal hold” on your mail so that your mailbox isn’t susceptible while you are gone. Arrange with your post office that you (or your spouse) are the only people allowed to pick up your mail. Don’t have it “mass-delivered” the day after you return, as this puts everything at risk all at once. Instead, pick it up at the post office once you return.  (Hold your newspaper, too, so you’re not publicizing that no one is home.)

Social Networking Sites: Don’t post your “Going on Vacation” status on your social networking sites just as you wouldn’t tack a note about it to your front door. Broadcasting this news opens the door to criminals using that information while you are away. Think twice about anything you share on social networking sites.

Secure your home: Of course you will lock all your doors and secure your windows, but make sure you also check your office and other places where you might have identity-rich information sitting around. Store all important documents and items, maybe even your external hard drive with all of your files backed up on it, in a locked safe. 

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Travel Safety Tips Part 1

Today I begin a four-part series on travel safety to protect your identity before during and after your trip.  I’ve tried to make this series comprehensive for all stages of travel.  Today we’ll cover Planning Your Trip  , to be followed in days to come by:  Before You GoOn the Road and When You Return.

While you may be aware of the basics, the lists in these blogs show you how to think like the criminals think.  Be proactive and outwit them at their own game!

Use a legitimate agency: Verify the business you are booking your trip through. If you are going to use a travel agency or online booking company, make sure they are authentic first. Go online and do your research – if people have been swindled before by the company, the Internet is the first place they will go to vent. You can even ask the company for references so you can check up on some satisfied customers.  Also, investigate the travel companies with the Better Business Bureau (www.bbb.org) and the attorney general’s office in the state where the company does business. (www.naag.org).

Read everything carefully before you sign: Sometimes there are concealed fees or clauses where they can change the airport you are flying into or out of without telling you – even up to 100 miles away!  Make sure you know the airline and hotel before signing. This way you can confirm their legitimacy. Feel free to contact them and make sure that this is a great deal.

Always pay with a credit card: Reputable credit card companies allow you to dispute fraudulent charges so that you are not held liable for the money. If the company requires you to pay with cash or check or money order, GO SOMEPLACE ELSE! Legitimate travel companies will let you use a credit card.

Make sure you get EVERYTHING in writing: If your unbelievable deal does turn out to be a rip-off, you will need something to show the credit card company in order to dispute the charges.

If it sounds too good to be true, then it probably is: If they are offering you a flight to Mexico that is regularly $500 for $100, then chances are, it’s a scam. While there are great ways to book your hotel + flight + food + drink together to save money, most don’t offer an 80% discount!  Don’t be afraid to try a website like TripAdvisor.com to do some background investigation.

Buy directly from the companies themselves: This includes airline, hotel, transportation, tickets, etc. Many times the actual companies promise the cheapest possible fare on their own website (United does this, for example). Even if it does cost you a bit more, you will sleep better at night knowing that your trip is booked and confirmed.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Top Tips to Stop Tax-time Identity Theft – Part 1

“Tax Time ID Theft – Part 1″ href=”https://sileo.com/top-tips-for-tax-time-security-peace-of-mind-part-1/”>Part 1 – Tax Preparers | Part 2 – Protecting Computers | Part 3 – IRS & Tax Scams

Tax season can be a stressful time of year for individuals and business owners alike, especially those who fail to plan in advance and then sacrifice focus and performance as they race to meet the filing deadline. But that stress is nothing compared to the potential destruction of your financial reputation brought on by tax-time identity theft. And tax-related identity theft is on a precipitous rise.

An audit published on July 19, 2012 by the U.S. Treasury Department, found that the IRS paid fraudulent tax returns to identity thieves worth a total of $5 Billion in 2011. The study also predicted that the IRS (and therefore, you as a taxpayer) will lose an estimated $21 Billion in fraudulent claims over the next five years. Tax-related information is the Holy Grail of identity theft because it contains virtually every piece of information, including a Social Security number (SSN), which a fraudster needs to defraud you.

Tax-related identity theft affects individuals in a couple of ways:

  1. Refund fraud. In refund fraud, an identity thief illegally uses a taxpayer’s name and SSN to file for a tax refund, which the IRS discovers after the legitimate taxpayer files. The legitimate taxpayer is then forced to spend time and money proving her innocence, setting the record straight with the IRS and protesting fines and penalties assessed because a refund was given where taxes were potentially owed. According to an article in the Wall Street Journal, “The National Taxpayer Advocate, an IRS watchdog group, got 55,000 requests for help with tax-identity theft in 2012.  The group has seen a 650% rise in the number of identity theft cases it handles since 2008.  And the IRS since last year has doubled to 3,000 the number of staffers working on such cases.”
  2. Employment fraud. In employment fraud, an ID thief uses a taxpayer’s name and SSN to obtain a job. When you as the employer report income for the employee to the IRS, the legitimate owner of the SSN appears to have unreported income on his or her return, leading to enforcement action.

There are steps that you can take that will minimize your chances of being affected by this growing crime. It is your responsibility to protect not only your own tax-related information, but also the sensitive data you handle on behalf of your business, employees and customers if you work in a job that requires you to handle such data.

This is the first of a three-part series in which we’ll provide you with practical checklists to help prevent tax identity theft and/or deal with it once it’s happened.

Today’s Tax-Time Identity Theft Tip: Choose a security-minded tax preparer.

Your greatest risk of identity theft during tax season comes from a surprising source: a dishonest or disorganized tax preparer. Ask yourself (and your preparer) these questions:

  • Does your tax advisor have an established track record and years of satisfied clients? Google them to find out.
  • When you visit your tax preparer’s office, are client files well protected? Do they leave tax-related folders in the open for the cleaning service to access, or are they locked in a filing cabinet or secure office? Do they meet with clients in a neutral, data-free, conference room?
  • Have you interviewed them on how they protect your private data, whether or not they have a privacy policy and if they provide employee data security training?
  • Have you expressed your desire that they take every precaution to protect your data? Asking professional tax preparers these questions sends them a message that you are watching!
  • Is your tax preparer working on a secured computer, network and Internet connection?
  • When filing W-2/W-3 and 1098/1099 tax forms, have you obtained them from a reputable source to make sure that they aren’t fraudulent?

Tax Time Identity Theft: Part 2 – Protecting Computers | Part 3 – IRS & Tax Scams

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.