FREE NEWSLETTER

For Safety’s Sake

David Powell

ON JUNE 15, THE NEWS was broken by The Oregonian of a massive hack at Oregon’s Department of Motor Vehicles, apparently leading to the theft of sensitive details about most of Oregon’s 3.5 million holders of a driver’s license or ID card. Incidents like this, along with the huge 2017 Equifax hack, give criminals cheap and easy access to key personal information that many organizations routinely use to verify our identities and screen our credit applications.

That kind of data make it a breeze for crooks to appropriate your identity for the purpose of opening credit accounts in your name. It also makes it simple for criminals to open a bank or investment account in your name, one which they control and which could potentially be linked to your existing, legitimate accounts. Once linked, they quickly transfer out funds you might never see again.

I’ll wager more than a few HumbleDollar readers and authors, as well as folks they know, have been victims of crimes involving identity theft. Cybercrime today seems unstoppable, but the worst thing you can do is ignore the risk and hope you won’t be affected. Hope is not a plan.

My daughter, an Oregon resident, just asked me what she could do to protect her identity, money and sensitive accounts from security breaches. My response: Three simple steps can help you avoid the worst consequences of identity theft and an assortment of cybercrimes.

1. Freeze your credit reports at Equifax, Experian and TransUnion until you next need credit. It’s been nearly a decade since I froze ours at the big three credit reporting companies, after a security incident at a nonprofit where we volunteered regularly. Today, it’s simpler to both freeze and temporarily unfreeze credit files when you need access to credit. While your files are frozen, it’s much harder for someone to use your stolen identity to open a fraudulent account in your name.

2. Enable two-factor authentication (2FA) on all sensitive online accounts. This technology makes it extremely difficult for thieves to log into your account, even when they’ve guessed your password or acquired it through phishing or a big hack. There are several 2FA technologies in wide use today. Some types are more secure, but enabling any 2FA on your key accounts is far better than no 2FA at all.

The most important accounts to protect with 2FA are your Apple, Google or Microsoft ID accounts, email accounts which receive password reset links, cellular service provider accounts, and banking or investment accounts.

3. Check your bank and brokerage balances monthly, and your credit reports annually. When you suffer an identity theft crime, your chances of recovering any lost money, or reversing unauthorized credit account charges, rise a lot if you catch and report it early, as one couple learned.

Yes, if you want to improve your investment behavior, it’s best to automate your financial life, so you can ignore what Mr. Market is doing each day to your investments, as Rick Connor noted recently. Still, for security purposes, it’s wise to glance monthly at your accounts to see if there’s been a sudden, unexpected drop in your balance or some other suspicious activity. To check for fraudulent new accounts, it’s also good to review your free credit reports each year.

Subscribe
Notify of
12 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Thomas Taylor
1 year ago

Thanks for the tips. It’s one of those tasks we shouldn’t have to do, but the “black” hats always seem to be steps ahead of the game. Like you, I froze my credit reports years ago. Whenever 2FA is available, I’ll set it up. I wish a few more financial companies I use would do it, but it seems to be getting better. I do check our bank account more frequently than once a month, but I keep to a monthly schedule for credit cards and investment accounts. Some of the other readers’ tips were good as well and some I hadn’t thought of before. I believe the big 3 credit reporting companies are still offering a free weekly report through the end of 2023.

tshort
1 year ago

These are some great tips. Having had our credit card compromised twice in the last year, I’d also add the following to protect that form of hacking/theft:

  1. At gas pumps, if a no-contact payment option at the pump is available use it. Avoid swiping your card on the pump, as this is where thievery happens via credit card skimmers.
  2. When using a free public Wi-Fi network (airports, train stations, etc), use a VPN on your mobile device to cloak your identify. These can be purchased by subscription by the month or by the year and are easy to use. I’ve used SurfShark in the past and it does the job for a few dollars. If you don’t use a VPN, I recommend never logging into any financial accounts or entering your credit card number on your mobile device while connected to a public Wi-Fi network.
Sharon Edwards
1 year ago

Do you have suggestions for how to use 2FA on joint accounts? And in the event of one account owner passing? And in the situation where one account owner not being as “tech savy” as another?

David Powell
1 year ago
Reply to  Sharon Edwards

While you can securely share login credentials with another user of most good password managers, for a partner who avoids technology the simpler solution might be written instructions for getting into your password manager account, which are kept at home under lock and key.

TechnoPeasantx
1 year ago

Good points and a timely reminder! Allow me to add a few more.☺

Create the SSA and IRS accounts before placing freezes.Chex systems needs a freeze too as its also used by Banks and CU.Put a password on your mobile voice mail box.Add a security phrase or 2FA with wireless providers to thwart SIM swaps.Get off of Windows 7 and 8.Use a local not cloud-based password manager such as KeePass.Establish a passphrase with close family to stop A.I. voice mimicking ransom attacks. For example, “My door is a jar” or “My mom is a car”Treat ALL phone calls, emails and text messages from the Treasury, SSA,IRS or FBI as frauds.

Last edited 1 year ago by TechnoPeasantx
kt2062
1 year ago
Reply to  TechnoPeasantx

I have read that KeePass is technically difficult to set-up and maintain. Can you recommend another local based manager or would they all be similar?

David Powell
1 year ago
Reply to  kt2062

I’ll let our HD KeePass users address this. I have one friend who’s a fan and said it was some work to set up but we’ve not discussed specifics.

if you use a good cloud based password manager you can reduce your risk with a very long master password (ideally a memorable pass phrase) and with 2FA in the password manager.

Chris Homeyer
1 year ago

One can also block electronic access to ones Social Security information by contacting the SSA, and use the Identity Protection PIN Opt In Program with the IRS. Filing tax returns early also diminishes risk of fraudulent returns.

Last edited 1 year ago by Chris Homeyer
Andrew Forsythe
1 year ago

David, thanks for this—very helpful and important.

Another easy step I like: enable an email alert any time there is a charge to your credit cards.

I’d never thought about using 2FA with email accounts which receive password reset links. I can see how it makes sense but I log into and out of my email countless times a day so the hassle factor would be significant. But maybe I’m missing something….

David Powell
1 year ago

2FA with email is most useful in preventing someone from adding your account settings to a mobile or desktop mail client or logging in for the first time from an unfamiliar browser. That avoids a 2FA prompt every time you check mail. When you apply a browser update you may see another 2FA prompt.

Eventually industry standard passkeys will give us a more secure solution with less hassle, but those will take years for broad adoption.

Jack Hannam
1 year ago

Thanks for some very useful ideas or reminders for all of us!

Edmund Marsh
1 year ago

David, the possibility of ID theft is one of those ever-present low-level tensions in my brain. You’ve been good to give regular reminders to us to be smart about protecting ourselves. Thanks.

Free Newsletter

SHARE