These days you can do just about anything from a mobile device. The convenience is amazing but living so much of our lives online presents some challenges. With data being stored and shared in cyberspace, there is also a heightened awareness of the need to protect sensitive information. As a Chief Information Security Officer, I am hyper-focused on this issue. A few weeks ago we shared some insight about protecting your credit from identity theft. The tips in this article prompted some additional questions that I’ve addressed below:
I know a credit freeze protects me from new accounts being opened, but what about my existing accounts?
For accounts that are already open in your name, be diligent about monitoring the accounts through your credit card company. Ask your credit card company about services they offer to alert you of unusual activity. Sign up for text alerts on unusual charges over certain dollar amount. I have alerts set up for any charge over $100. At the very least, be very vigilant about your bill. Review it carefully and immediately investigate any charges you do not recognize.
Is it safe to submit my private info (DOB, SSN, etc.) in order to request a credit freeze?
You must submit your information in order to have the freeze enabled. But, to protect yourself, first verify that you are submitting your info through a secure portal. Whether it’s over the phone or online, make sure the phone number or website you are using is legitimate. Use a phone number from your credit card or statement. Double check the website’s URL and make sure the domain matches the main site of the company you are trying to contact. TIP: Make sure the website has an “https:” tag in front of the address. This indicates that the site has a security certification that most illegitimate sites typically won’t bother with.
Do I need credit monitoring in addition to a credit freeze?
You don’t need both at the same time. Once you place a credit freeze, no queries can be made on your credit. This means that a monitoring service probably won’t be able to access anything while your credit is locked down. But, they essentially don’t need to because the kind of activity they monitor for cannot take place when your credit is frozen.
If you’d rather not freeze your credit because you find it too inconvenient or because you anticipate having to unfreeze it in the near future, credit monitoring and fraud alerts are good options. A fraud alert is free and requires lenders to take additional steps to verify the identity of the person opening the account. To place a fraud alert, contact one of the nationwide credit bureaus. The company you call must notify the other credit bureaus so they can place an alert on their versions of your report. An initial fraud alert only lasts for 90 days, so watch for when to renew it. TIP: Federal law allows you to get a free copy of your credit report every 12 months – from each credit bureau. If you request the report from one credit bureau at a time, at different times throughout the year, you will have more frequent access to the report.
Now that my info could be out there, how do I protect myself from more sophisticated social engineering scams?
Social engineering is defined as the use of deception to manipulate people into divulging personal information that may be used for fraudulent purposes. To protect yourself from this, beware of anyone who contacts you and tries to convey a sense of urgency to get you to act right away. If you think, “Oh no, I have to do this right away!” that’s a red flag that someone may be trying to get you to act before you have a chance to really think about what you are doing. Ask if you can call back. This gives you time to verify their identity and the legitimacy of the request by making contact using a known phone number or web portal you can verify (i.e. the phone or website on the back of your credit card or account statement).
What should I do if I think I might be the victim of identity theft?
Go to the FTC’s Identity Theft website to learn what your rights are. Complete a report to document what happened and start putting together a recovery plan.
Written By Clint Maples
Clint Maples serves as Chief Information Security Officer for RPM Mortgage and has an extensive background in technology, security strategy, and risk management.