Identity Theft When Bad Things Happen to Your Good Name

What is identity theft?

Identity Theft is defined as

someone using your personal

information without your

permission to commit fraud or

other crimes.

Identity theft is an ongoing threat

As of December 2018 (nationwide)

Over 3.4 million consumer Sentinel complaints (includes fraud and identity theft)

1.48 billion dollars in losses Takes an average victim of ID theft 600 hours to “sort it out” and restore their lives Source – Federal Trade Commission

Close to home in 2018

Washington ranks 23nd highest for ID theft Washington ranks 25rd for fraud We had $28.3 million in losses Spokane was 48th for fraud Source – Federal Trade Commission

How do I recognize identity theft?

Bills arrive for credit cards/accounts you never opened Bank account statements contain unfamiliar transfers, withdrawals or checks you didn’t write Lenders deny your request for credit, but the last time you checked your credit was great Extremely late statements or statements that don’t arrive

How do they get your information?

Mail theft

Dumpster diving

Stolen wallet or purse

Skimming

Phishing

Vishing

Smishing

Data breaches

What is skimming?

A special storage device is used to steal your

credit/debit card number when processing

your card (e.g. at the ATM or a merchant).

Portable skimmer

Most skimmers are small and portable About the size of a pager

ATM skimming

Gas pump skimming

Use debit cards as credit at pump

Check security seal Pay inside

What is phishing?

Phishing is an unsolicited e-mail that appears to come from a legitimate source, such as your financial institution. E-mails contain some form of language to trick you into believing you need to update or confirm account information to avoid account access being blocked. The fraudulent e-mail contains a link that sends users to phony websites. Thieves are after passwords, SSNs and other personal information.

Samples of phishing e-mails

From: www-data on behalf of customer.serv@wsecu.org Sent: Thu 1/18/2007 8:28 PM To: Richard Subject: Important Notice from WSECU Valued WSECU customer, This is the official notification from Washington State Employees Credit Union. We are sorry to inform you that your online payments and transfers services are expired, and must be renewed immediately, if you intend to use this services in the future, and prevent any similarly situations you must take action at once! Click Here and proceed to the renewal of your online services. STEP 1 : Click the "Click Here" link and sign-in to your Online account STEP 2 : Review the renewal form Thank you for the privilege of serving you. Sincerely, Online Banking Department

What is vishing?

Vishing is a form of phishing which involves your phone and an 800 number for a call back. Again, it appears to be from a legitimate source, such as your financial institution. “Hi, this is Jane Doe calling from XYZ Credit Union regarding your primary account. Recently we were working with your account and found an issue we can’t seem to resolve. We need you to call us back to work this out. Please call us at 888-555-1212.” The 800 number doesn’t go to the financial institution. It is forwarded to the thief.

What is smishing?

Smishing is a form of phishing which involves text messages on your phone. Again, it appears to be from a legitimate source, such as your financial institution or major retailers.

Data breaches… the new threat of identity theft In 2018, there were over 6,500 breaches with 5 billion records compromised

Average cost to a US company $7.91 million

Average time to identify a data breach 196 days

Two distinct levels involved:

Card information (less invasive)

Personal information (greater risk)

What do they do with your information?

Open new credit accounts. Establish landline or mobile phone accounts in your name. Open new bank accounts. Take over existing accounts. Get a job using your name and personal information. File a fraudulent tax return using your name and personal information.

Take steps to protect yourself!

Prevention is key.

Minimize your risk.

Be responsible in managing and sharing your personal information.

Be aware, be proactive

Review your account and credit card statements when they arrive.

Call your financial institution or credit card company if your statement is late.

Never give out personal information over

e-mail, online, or on the phone unless you initiated the contact.

Protect your personal information

Don’t carry your SSN or PINs in your wallet or purse: Memorize them and leave them in a safe location. Shred documents with your personal information on them before disposing. Carry only the identification and credit or debit cards you will need. Leave the rest locked in a safe place. Don’t leave outgoing mail in your own mailbox.

There’s more?

Provide your SSN only when absolutely necessary. Find out why it is needed and ask if you can use a

different form of identification instead. Never provide information to an unsolicited request, unless you verify it first.

Cancel credit cards that you no longer need or use. When canceling, make sure it is noted it as “Closed at consumer’s request.” Never be intimidated.

Check your credit report

Take advantage of the FACT Act which allows you to get a free copy of your credit report each year! Get a free copy from each credit reporting agency.

Remember, it’s free!

annualcreditreport.com 877.322.8228 Annual Credit Report Request Service PO Box 105281 Atlanta, GA 30348-5281

I’m a victim! Now what?

Contact your financial institution. File a fraud report. Pull your credit reports at annualcreditreport.com. Close affected and fraudulent accounts. Start the IdentityTheft.gov recovery process File a report with the local police dept. Get a case number! Contact DMV, Social Security, IRS and Dept. of Retirement Systems, utilities, etc… Contact credit bureaus

What else should I do?

Create a log. Document everything you do in response to the identity theft.

Follow up all verbal communication with a letter or an e-mail.

Put code words on your accounts to be used for future identification purposes.

Get professional assistance!

What else should I consider?

Get step-by-step guidance and recovery plans on IdentityTheft.gov. Consider a monitoring service -Credit monitoring

-Identity theft monitoring

Identity recovery services Identity theft insurance

Credit freeze

Security features on checks

Current scams

Internet sales scams Lottery scams Telemarketing fraud Romance scams Work-at-Home scams

Current scams

IRS scams Social security scams Medicare scams Charity scams Tech support scams Caller ID spoofing

Lottery scams

Facebook scams

IQ quizzes Western Union Koobface worm Malware apps and links Fake login pages

Fake login pages

Fake login pages

Online Banking Security

Don’t click hyperlinks in emails Treat your smartphone like a computer Use online/mobile banking to your advantage Get free help

Online Banking Security

Never give out your SSN online Safely store financial/personal information Respond quickly to an attack Access your account from a secure location

Online Banking Security

Be smart with passwords Change passwords regularly Protect your computer Check for encryption Trust your gut

Resources

AARP – aarp.org Better Business Bureau – bbbonline.org/idtheft Federal Trade Commission – ftc.gov/idtheft Identity Theft Resource Center – idtheftcenter.org PC World – pcworld.com Privacy Rights Clearing House – privacyrights.org/identity.htm WSECU – wsecu.org