How to prevent identity theft

You should take the potential for financial identity theft very seriously, as a threat to your financial security. Identity theft sometimes entails a loss of your financial assets. However, whether or not you lose money directly, an identity theft breach can take a very large amount of your time to rectify. Beyond a large expenditure of your time, you could incur hefty legal expenses to protect your financial interests. In addition, serious identity theft incidents can interfere with your ability to pay your bills, make purchases, buy or rent property, get loans, get jobs, etc.

You need to clearly understand that identity theft is a major problem that is likely only to get worse. Millions of people are affected each year with fraud losses in the tens of billions of dollars. Some of identity theft involves petty thieves, but an increasing proportion is due to organized cyber-crime networks. Your best strategy is to take identity theft protection very seriously and to keep out of the way.

Once critical and unchangeable information about you, such as your formal name, Social Security number, driver’s license number, date of birth, place of birth, mother’s maiden name, etc. are out there and in criminal databases and are correlated with current addresses, employers, etc., you become an increasingly soft target. Another criminal of a different sort, H. R. “Bob” Haldeman, who was one of Richard Nixon’s top advisors and went to prison related to the Watergate scandal, if famous for having said: “Once the toothpaste is out of the tube, it’s hard to get it back in.” Think of your financial identity information as some of your financial toothpaste, and keep it in the tube.

Taking certain steps to prevent an occurrence is prudent. Avoid doing anything to help criminals paint a target on you. It is almost inevitable that detailed information about you will get out or already is out in the “public domain,” but you do not need to make it easy for criminals. Just as those who lock their doors and windows are more likely not to be burglarized, that those who leave them open; those who try to guard their identities are less likely to suffer identity theft and that attendant fraud and crime that comes with it.

By the way, if despite all of your best efforts to protect your personal and financial identity, the identity thieves get into your perimeter, take a look at the US Federal Trade Commission website for their section on “Fighting Back Against Identity Theft”, which you can find here:

http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html

This FTC website provides a wealth of information and tools to help you with this ugly business.

This extensive article on ID theft protection, covers these main identity theft “what-to-do” topics. Each of these bullet summaries in this introduction has a more extensive section below this bullet list. The sections below have the same titles as these bullets, and they detail specific ways to prevent identity theft.

• • Enhanced identity theft protection practices for sensitive information and passwords

As you set up financial accounts, always be very careful with your financial information. Many identity thieves are clever and sophisticated. Furthermore, there is a “cyber underground,” where compromised identity information is shared, bought, and sold. I recommend that all your financial passwords for your on-line accounts be both strong and different. Strong passwords have many characters (combinations of letters, numbers, special symbols, upper and lower cases).

Reserve important security question and answers ONLY for your dealings with financial institutions. If you give away your correct birthday, mother’s maiden name, and place of birth on Facebook, for example, you are just helping identity thieves to assemble a file eventually may be used to break into your financial accounts.

• • How to prevent identity theft associated with Internet computer connectivity

Using potentially unsafe systems connected to the Internet will almost guarantee problems. At home, with personal commuters that have wired or wireless Internet connections, always run a full suite of firewall, anti-virus, anti-spam, and anti-malware software. Learn how it works and make sure that is it running.

Get smart about wireless connectivity in public places and learn how not to be a victim. Any bright slimeball with a smartphone, laptop, and some cheap software could set up a wireless hotspot, masquerade as a legitimate connection, and spy on your unencrypted connections. There are ways to prevent this, which are discussed below.

• • Avoid phishing and other impersonation attacks to prevent identity theft

Avoid phishing of all kinds. Don’t click on links without knowing where they really will lead you. Never provide any personal data in response to a link provided to you via email. Always ensure that you know and trust the website that you are interacting with. It is relatively trivial to create and send emails to people that appear to come from a legitimate source, but in fact come from a cyber-criminal who is attempting to fool you.

• • Reduce the chances of snail mail theft and stop identity theft

Do not leave outgoing financial letters containing checks or sensitive information outside in public for the mail carrier. To receive mail, you should have a mail drop slot rather than a mailbox on the outside of the house. Always mail your financial letters inside of a reliable US Post Office. Theft of checks in the mail – from outside your home or even at mail drop boxes outside of the post office by postal employees can be prevented relatively easily.

• • Financial identity theft prevention through the prompt review of all bills and financial statements within 60 days

Review all bills and financial statements carefully and promptly and handle significant problems in writing within 60 days. Unfortunately, after 60 days the few consumer protections that are available to you under the Fair Credit Reporting Act will cease. Thereafter, you are at the mercy of the goodwill of banks and other financial institutions. After 60 days, good luck with that.

• • Dispose of financial records properly to avoid identity theft

Be careful in disposing of all financial records, financial statements, receipts, medical statements/bill, insurance statements, credit card charge slips, etc. Do not simply discard them in the trash or recycling. Use a crosscut shredder, which makes small confetti and not strips. Alternatively, you can keep a bag of discarded financial records, which you burn periodically. These financial records disposal recommendations also apply to preprinted credit card and other debt applications that you might receive in the mail.

• • Stop identity theft by closing accounts when you lose your purse, wallet and/or checkbook

In the nasty event that you lose your purse or wallet, of course, you should always cancel and reopen with new numbers all of the accounts that are exposed. This also implies that you actually have kept a separate record of the credit, debt, and other financial cards and information that you carry with you.

• • Guard your credit reports to stop ID theft

Without becoming a victim of identity theft, you can get a free credit report from each of the three biggest credit reporting agencies once a year. Federal law requires the three major credit reporting agencies to provide these free reports annually. To satisfy their obligations, Equifax, Experian, and TransUnion jointly have established wwww.annualcreditreport.com, where you can order your free credit reports. (By the way, these major reporting agencies own some of those deceptive “free credit report” websites that advertize on TV. Those sites are not free. They just lie to the public.)

• • Stop pre-approved credit offers to protect your financial identity

Another major avenue of identity theft concerns pre-approved credit card offers that you receive in the mail. Presumably, you have already established sufficient convenience credit and do not need to receive mailed credit solicitations. However, if at some point you do want to obtain a credit card, the preferred method would be to do some proactive research. Because pre-approved and pre-printed credit cards offers can be intercepted in the mails and taken from your trash or recycling, they can unnecessarily expose you to identity theft while providing no benefit to you. Never expect that the credit card companies will be scrupulous in defending your interests, when they receive a completed credit card application from someone impersonating you – even with an address change.

Enhanced identity theft protection practices for sensitive information and passwords

As you set up financial accounts, be very careful with your financial information. Furthermore, as you utilize the Internet it is important that you use what are known as “strong” passwords with more characters (combinations of letters, numbers, special symbols, upper and lower cases). Vary your passwords from one account to another.

To prevent identity theft, it is much better to maintain list of different passwords that you protect at home, rather than to use a single weak or even strong password across various financial websites. You can use a spreadsheet on a computer that you have protected carefully.

To have a truly strong password, size really does matter because each additional digit makes it dramatically harder to crack through brute force computational methods. This means at least 10 characters. Also, use a mix of small letters, capital letters, numbers, and allowable special characters.

I recommend that all your financial passwords for your on-line accounts be both strong and different. Many identity thieves are clever and sophisticated. Furthermore, there is a “cyber underground,” where compromised identity theft information is shared, bought, and sold. This cyber-crime underground stretches around the world. When your passwords are both strong and different, you could avoid a single identity breach from cascading across your other accounts.

Furthermore, realize that for many systems, a unique user name in combination with a strong password can greatly strengthen your account security. Most identity theft “hacking” uses automated, brute force methods without any direct human involvement. If you can thwart these attacks because they can neither guess your very unusual account name and your very strong password, then you can keep the bad guys at bay. I have managed numerous websites on the Internet for many years, and security has always been a key concern. The system statistics have indicated an almost endless series of automated attacks, but when they cannot get entry, they move on looking for an easier target.

One of the best ways to prevent identity theft is to avoid using more sensitive information, such as mother’s maiden name or your city/state/date of birth, for example, as your answer to security challenge questions on any ordinary, non-financial website. Reserve this information only for those sites that hold your financial accounts and your financially sensitive information. By the same token, if information like this is particularly sensitive for security challenges, then you would never publish this information on social networking sites such as Facebook.

For example, your date of birth is a key piece of information related to your financial identity. If you want people to know your birthday publicly, then provide just the month and day and never the year. For non-public, non-financial site registrations that require your birthday but really do not need it, you could always give the same, consistently incorrect full date of birth that you can remember for all these sites. The data files of identity thieves will contain the wrong birthday, and you will build your identity theft protection wall higher.

Simply assume that the vast majority of websites have amateurs in charge of their website systems architecture and security, because you never know which site could be a weak link. Systems administrators of financial sites tend to be much more sophisticated, but they certainly are not infallible. Furthermore, all it takes is one corrupt employee at firm with strong or weak web systems security, to circumvent any protections that are in place.

With less important sites that require registration, I use the same username and the same easily remembered strong password. However, I never provide these sites with any additional information that is accurate about name, address, phones, the security challenge answers above and other potentially sensitive information. I always assume that security on any of these sites could be breached and that my password information could be used to access other accounts elsewhere. By drawing a strong distinction between the passwords and security systems on financial and other sites that are important to me versus those unimportant sites requiring registration information, I can in part firewall myself from security breaches in the less well managed part of the Internet.

Access to your personal email system or systems should require a strong and different password. Stored email messages can contain passwords for which a thief could search. Furthermore, on your home computer systems, you should always have a fully functioning firewall and up-to-date anti-virus/anti-spyware software that is always on.

In 2011, the FBI arrested and charged a man in Florida. The FBI alleged that the gentleman had “hacked” into the email accounts of dozens of celebrities, including Christina Aguilera, Mila Kunis, and Scarlett Johansson. Once inside a celebrity’s email account, this email hacker/stalker then used a forwarding program to copy to his own account duplicates of all emails that the celebrity received. This meant that he also would receive any password change emails with the new password, and thus could maintain access to the email account. From their email accounts and email attachments, this hacker/stalker stole and provided to celebrity websites for the world to see, private and revealing photos of these compromised celebrities.

While the public might not have a great deal of interest in seeing your photos — compromising or otherwise, it is instructive to understand how this email hacker/stalker operated. Apparently, being unemployed, he had plenty of time to peruse Facebook, Twitter, and celebrity websites and collect information that naive celebrities might use as weak passwords or as easily-guessed answers to a security challenge questions. These were things like nicknames, siblings’ names, dog names, addresses, etc., which these celebrities used unwittingly as weak passwords that left the door open to their email accounts.

Of course, no cyber criminal would ever do this to you regarding your use of Facebook, Twitter, etc. No criminal with computer expertise could possibly figure out a way to automatically harvest similar information about you and thousands like you. Really? Think about it. This is a situation where very weak passwords were guessed and this hacker/stalker got into dozens of celebrity email accounts. Of course you are smarter that the average celebrity. Instead of using “steve” as your password, you are clever and use “stevethedog.” No cyber hacker would ever be clever enough to program “[a-persons-name]thedog” and use a computer to run millions of combinations trying to log in to your account. Gosh, you hope your email provider will protect you.

Since the cyber criminal could never possibly get inside your “stevethedog” password-protected email account, the cyber criminal could never run a search across all the email messages that you have saved in your account for more than a decade. They would never think of searching your messages for something like “password” to find all the password related emails that you have saved. Of course, none of these stored “password” emails would relate to financial institutions or could be used to compromise your identity and empty your accounts. How safe do you feel using easy to remember and personally related passwords on your email account? How good can your security challenge questions be, when you have published the answers on the web through Facebook and Twitter?

How to prevent identity theft involving Internet computer connectivity

Using potentially unsafe systems connected to the Internet will almost guarantee problems. At home, with personal commuters that have wired or wireless Internet connections, always run a full suite of firewall, anti-virus, anti-spam, and anti-malware software. Learn how it works and make sure that is it running.

The Consumer Reports June 2011 issue (pages 29 to 33) has an extensive article about online security, which is entitled “Online Exposure,” at:
http://www.consumerreports.org/cro/magazine-archive/2011/june/june-2011-toc.htm
Striking statistics were that one out of three households reported a malware infection during 2010. Consumer reports estimated that malware infections cost consumers $2.3 billion in 2011 and lead to the replacement of 1.3 million PCs.

This Consumer Reports article also covers personal computer security software. The four top rated paid security suites were: Bitdefender, ESET, Avira, and Norton. However, G Data and Kaspersky were close behind. While unrated in this Consumer Reports article, I have used successfully the paid ZoneAlarm Internet Suite from Checkpoint for years coupled with the free and downloadable Spybot Search and Destroy. Whatever Internet Security Suite you run, make sure you know how it works and how to respond to the alerts provided.

This Consumer Reports article also includes information about mobile and smart phone security, plus the never-ending game of trying to protect yourself on social networks. The article also covers Facebook and the never-ending game of trying to protect yourself against Facebook’s efforts to strip you of your privacy.

Wireless connectivity creates special challenges. If you have a wireless local area network at home (LAN), take the time to learn how it works and how to lock it down. If not, someone sitting in a car on the street could be joining you, without your knowledge. Never run a home wireless LAN without strong password protection. Yes, it may be a bit of a hassle for you to log in, but you want to make both your network hard to find and your login password practically impossible to break. Follow the same rules about unique IDs and strong passwords discussed above in this chapter.

When you connect your laptop or smart phone, via a public hotspot wireless LAN, make sure you protect yourself, otherwise someone a few tables over might be hacking you as they enjoy their coffee. Here are a few suggestions about using wireless public LANs. First, know the precise name and login information for the public wireless LAN that you intend to use whenever possible. If an establishment offers Internet connectivity, they will tell you how to get access.

It is relatively easy to set up a portable wireless LAN in a public place, so make sure that you are using the one provided by the establishment. Second, use manual settings so that you can select the wireless network. Avoid automatic detection and login roulette. When you are not using Wi-Fi, it should be turned off on your machine. Pay attention and avoid any wireless LAN that is not secure and understand that a password does not make a wireless LAN secure, especially since many people may know the password. Use Wi-Fi Protected Access (WPA or WPA2.)

Third, understand about encryption. Whenever possible, when you are connected wirelessly, use end-to-end encryption, which means connecting to websites using the secure “https” and not the “http” protocol. Many people do not realize that they may have a choice with some websites that support both connectivity protocols even for public pages that do not require a login name and password. Always pay attention to the web address in the browser address bar.

I prefer the Firefox browser, in part because it has a rich set of free add-ons. One of these Firefox add-ons is HTTPS Everywhere, which is not available on other browsers, because other browsers do not (yet) support request rewriting in a secure manner.
The HTTPS Everywhere free add-on is available on the Electronic Frontier Foundation site:
https://www.eff.org/https-everywhere
HTTPS Everywhere will each check for the availability of https on a particular site and use https, if it is available.

Also, at this writing, Google is beta testing search which uses https as the default. Since websites need to do some work to provide https connectivity in addition to the normal http connection, this will prompt many more websites to get on the https bandwagon and provide a secure, encrypted connection between your machine and the website server.

Avoid phishing and other impersonation attacks to prevent identity theft

Avoid phishing of all kinds. With phishing, cyber criminals pose as legitimate businesses and financial companies and induce thousands of naive web users to voluntarily surrender their precious identity information.

Note that there is another side to this, which is called “pre-texting,” which is when criminals try to use partial information about you to trick employees of businesses, banks, and other financial firms into providing access to your accounts. There are good reasons for you to take security challenge questions seriously, and to restrict some answers only for firms with which you have a significant financial relationship.

Never provide any personal data in response to a link provided to you via email. Always ensure that you know and trust the website that you are interacting with. It is relatively trivial to create and send emails to people that appear to come from a legitimate source, but in fact come from a cyber-criminal who is attempting to fool you. Cyber criminals profit from a wide variety of scams and are difficult stop before they have damaged many people.

Always use the spam or bulk mailbox feature that is provided by your email service. While this is not a definitive and fully reliable screen of email, if something ends up in your bulk or spam email box, this means that something about this email message triggered the automated spam filters. While you should be suspicious of any emails that are unexpected or unusual, whether they end up in your inbox or in your bulk or spam mail box, at least these bulk mailbox features of email systems allow you to benefit from some initial automated screening technology.

Furthermore, if any email you get is suspicious, never use the unsubscribe links at the bottom of the message. If you click those bogus opt-out links, you just confirm that your email address reaches a real live person. When you do this, the volume of illegitimate email targeted at you is more likely to increase rather than decrease.

Always ensure that the URL (Uniform Resource Locator = web address or what follows the http:// or https://) of the site you are using is the correct URL. If ever in doubt, type in the URL yourself or search for the site on Google and then enter the site with the link from Google. You should understand that just because a hypertext link on a website reads a certain way within the email, this does not mean that the link will actually take you to the site you think you are going to. If you are not aware of the signs of deception, you could click on a bogus link in an email that takes to a website that has been faked to look like the real one. Technically, this is just not very difficult to do.

There are ways to detect fake links and thus avoid identity theft:

1. Before left clicking any email link to open it, instead right click only (not left click) over the link and choose “copy the link location.” Then, paste that link into any editor (Notepad, Word, etc.). This will allows you will see the true destination of the link and whether it is the same as it reads in the email. Then, you can take further steps, such as running a search to see if the site seems legitimate or pasting the link into your web browser’s address bar and going to the site without clicking on anything in the site. (See WOT below.)
2. If you click a link inside an email and go to a site where you could be risking something related to your finances or identity, be sure read the web address very carefully to make sure it is really the correct domain (e.g. paypal.com versus paypay.com <– Read this example again, if you did not catch the difference. This paypay.com site was a real scam site, which is now blocked.),
3. For more advanced users, learn out how to open the webpage source code via your browser’s menus and how to read the html that writes your page, and
4. Always browse with the free WOT (Web of Trust – http://www.mywot.com/ ) add-on for the Firefox, Internet Explorer, Chrome, Safari, and Opera browsers. With WOT, you can tap into a community of millions of others who rate websites for nasty practices, such as phishing, spamming, and other unsavory practices. A less than stellar rating does not always mean that would not use a site, but WOT helps you decide, before you enter a site.

Furthermore, never enter any financial information or other sensitive information into any website that does not use the secure “https://” protocol (note the “s” added to “http”). When buying over the Internet with a credit card or otherwise, if a site does not use “https”, never ever use that site! Note that the “https” Internet protocol uses a “secure sockets” approach in that all information sent back and forth from your PC to their server is sent in “encrypted” data packets that are virtually impossible to decipher, if the packets are intercepted along the way across the network.

In addition, use only one credit card when buying on the web. If that credit card is compromised, you can close that credit account number and replace the card. Also, use a major American Express, Visa, or Mastercard credit card for these purposes. While I do not have comparative research evidence, I know that these major credit card firms have pro-active and reasonably sophisticated fraud detection features. I which have benefited in the past, as these card technologies have automatically detected and shut down illicit purchases on my accounts. Also, use a credit card rather than a debit card, because credit cards tend to provide better consumer protections.

Finally, many people think of phishing related to email on their desktops and laptops, but it does not end there. Internet and text message connectivity via smart phones open up other paths for this criminal slime to flow. Increasingly, those on the move have to deal with “smishing” (phishing tactics targeted at texting or the Short Messaging Service, thus the “sm” in smishing) and “vishing,” which involves getting recorded voice calls. Again, these are all designed to trick you into compromising you vital identity information. Come-ons for free security app downloads, free debt counseling, free laptops, and any other enticement can take down your shields if you are not careful.

With smishing, vishing, phising, and whatever XYZ-ishing will be coming down the pike, use common sense and do not get taken in.

• Don’t keep vital banking and credit card information in notes on your smartphone.
• Financial institutions should never text you asking for identity information, so never respond — only connect proactively using numbers that you know are valid.
• Links on smartphones are no more reliable than those on your desktop or laptop. Detect where the link goes before you click.
• Make sure you smartphone has a strong password and that it will lock up after  relatively brief period of inactivity. Yep, another pain in the butt for you to have to unlock your phone. However,  if your smartphone does not auto-lock, then whoever steals it can steal everything on it, as well.
• Use inbound number detection features, so that you know who is calling you and learn how to block callers.
• Keep your smartphone software up to date. Smartphones are no different that personal computers — the more outdated your software, the more known and already fixed security vulnerabilities you expose yourself to. Why fall into a trap that has already been fixed?

Reduce the chances of mail theft and prevent identity theft

Do not leave outgoing financial letters containing checks or sensitive information outside in public for the mail carrier. To receive mail, you should have a mail drop slot rather than a mailbox on the outside of the house. Always mail your financial letters inside of a reliable US Post Office. Theft of checks in the mail – from outside your home or even at mail drop boxes outside of the post office by postal employees is a problem. Criminals stealing mail by the bagful is a problem. Mail thieves are looking for your checks, your bills, your financial statements and account numbers, your credit card accounts and applications. More more of the puzzle they have, the closer they are to a potential successful breach of your finances.

If you believe you may be a victim of mail theft, start with the US Postal Inspection Service website at:

https://postalinspectors.uspis.gov/

Besides the rotating rogues gallery of fugitive wanted posters, look at the “Investigations” pull-down menu. You can make a report online. You also can go to your local Post Office and make a report. If your particular Post Office does not seem to take your report very seriously (it can happen), find the “central” Post Office in your area and work with someone there. If you don’t report the problem, the scumbags win, and you and many others lose. (Just think of how many people could be affected by a single stolen mail bag.)

Stolen checks can be chemically washed to remove ink. To do this criminals tape over your signature on both sides, and then remove the tape. The result is a blank check with your signature. To avoid check washing, you can purchase certain gel pens with ink that cannot be washed in this manner. Several vendors offer gel pens that claim not to be washable. You can research them on the web with Google. For example, Sanford distributes the Uniball Signo line of gel pens with gel ink that supposedly cannot be washed. I have found these pens in local stores.

Financial identity theft prevention through prompt review of all bills and financial statements within 60 days

Review ALL bills and financial statements promptly and handle significant problems in writing within 60 days. Review your credit card bills and other financial account statements carefully and respond to any problems promptly. Unfortunately, after 60 days the few consumer protections that are available to you under the Fair Credit Reporting Act will cease. Thereafter, you are at the mercy of the goodwill of banks and other financial institutions, which all too often is sorely lacking.

Check every financial statement that you receive in a timely manner and report any problems. If the dollar amount in question is significant, read the instructions on your statement or on the financial institution’s website about how to make a report in writing. Only when you follow these procedures in writing within 60 days are you protected under this law.

If you attempt to resolve a problem over the telephone, take careful notes including who, when, and what was stated, etc. Nevertheless, telephone conversations do not protect your legal rights, so when the amounts in question are significant to you, you must put it in writing.

Dispose of financial records properly and avoid identity theft

Be careful in disposing of all financial records, financial statements, receipts, medical statements/bill, insurance statements, credit card charge slips, etc. Do not simply discard them in the trash or recycling. Use a crosscut shredder, which makes small confetti and not strips. Alternatively, you can keep a bag of discarded financial records, which you burn periodically. These financial records disposal recommendations also apply to preprinted credit card and other debt applications that you might receive in the mail. At a minimum, do not throw these applications in the trash without first tearing off your name and address from the application and disposing of that separately.

Stop identity theft by closing accounts when you lose your purse, wallet and/or checkbook

In the nasty event that you lose your purse or wallet, of course, you should always cancel and reopen with new numbers all of the accounts that are exposed. This implies that you actually kept a separate record of the credit, debt, and other financial cards and information that you carry with you. If you do not, you should. Furthermore, when you do make a list of what is in your wallet or purse, ask yourself what the minimum is that you need to carry. If you have numerous credit cards, carry only those few that you really need. Do you really need to carry your check book? Probably not, so leave it at home. (By the way, always sign new card immediately once you receive them.)

Are you carrying your Social Security card? Do Not Carry Your Social Security Card! In fact, be very stingy with your Social Security number. Do not give it out unless you absolutely have to. If a business asks for it, say that you do not give it out. In many circumstances, you can still transact the business you need without having provided your Social Security number. The fewer organizations that have your Social Security number (and other numbers) in their databases, the fewer opportunities there will be for these organizations disgorge you identity information. Aren’t you getting a little sick of news reports that “XYZ Company (had a cyber break in of their systems)/(had an idiot employee lose a laptop)/(had a criminal employee) and X million or Y hundred thousand customers had their identification information compromised”? Try to stay out of the way of these cyber breaches/idiot employees/criminal employees.

Even if you recover your purse, wallet, and/or checkbook (and you are not absolutely certain of the integrity of those who have returned it), you should still close all accounts affected and reopen them with different numbers. A classical ploy is for a lost checkbook to be returned to the owner by some means shortly after it is lost. The checking account holder is relieved to get back his or her checkbook and does not close the account. Sometimes this is innocent, but many times it is not.

The owner of the checkbook fails to notice that a single check has been torn out near the back of the checkbook. Sometime later, this check will be used in an attempt to empty the account, especially if the miscreants also had access to a signature sample from a credit card, for example. This actually happened to my wife about 25 years ago, but I had already heard about this practice. She was very happy and relieved to get her checkbook back, although the other contents of her lost purse did not come back. I looked at the edge of the checkbook and saw where a single check was missing. She closed the account.

Guard your credit and stop ID theft

Without becoming a victim of identity theft, you can get a free credit report from each of the three biggest credit reporting agencies once a year. Federal law requires the three major credit reporting agencies to provide these free reports annually. To satisfy their obligations, Equifax, Experian, and TransUnion jointly have established wwww.annualcreditreport.com, where you can order your free credit reports. You can also call them at 1-877-322-8228 or write to them at Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.

Because the material in your credit reports is usually largely redundant across these three companies, stagger your requests over the year and rotate between the three firms. If there is any problem with your credit report, it usually will show up on any of your reports from these three firms. (Avoid using any of those obnoxious copycat companies, such as “freecreditreport.com” that advertise on TV and only supply “free” credit reports, when you pay for their other supposed premium services.)

If you become a victim of identity theft, however large or small — whether you do or do not lose money — may actually be an opportunity for you. While identity theft is a large and growing problem and can be very costly and inconvenient to you, it is just a business cost to financial and retail firms, who also have benefited greatly from the proliferation of easy credit.

One way to protect yourself is to put restrictions on your credit records with the three major credit reporting agencies, Equifax, Experian, and TransUnion. These credit-reporting companies have made profitable businesses on both sides. They charge fees to business firms who may not always treat your financial information properly, and they charge you fees when you want to restrict access to your financial information.

Another way that you can protect yourself is by enlisting the services of a third party identity theft prevention organization. Companies like LifeLock charge reasonable fees in exchange for monitoring your credit and other electronic indicators of identity theft. In addition to their agreement to protect you from identity theft, LifeLock also throws in a million-dollar service guarantee to assure you that, in the rare event that something fraudulent happens to your accounts, they will be there with you to clean up and restore your identity.

Stop pre-approved credit offers

Another major avenue of identity theft concerns pre-approved credit card offers that you receive in the mail. Presumably, you have already established sufficient convenience credit and do not need to receive mailed credit solicitations. However, if at some point you do want to obtain a credit card, the preferred method would be to do some proactive research. Look for and find a credit card that meets your requirements, rather than waiting for a “paper salesman” to arrive in the mail. Realize that is unlikely that the unsolicited credit card offers that you happen to receive are the best available.

Because pre-approved and pre-printed credit cards offers can be intercepted in the mails and taken from your trash or recycling, they can unnecessarily expose you to identity theft while providing no benefit to you. Never expect that the credit card companies will be scrupulous in defending your interests, when they receive a completed credit card application from someone impersonating you – perhaps from even a different address.

The minimum and most obvious thing to do with the credit card offers that you receive is to shred or burn these documents – rather than treating them like junk mail and tossing them away in the trash or recycling. An even better thing to do is to stop these nuisance mailings entirely.

Four “Consumer Credit Reporting Companies” – Equifax, Experian, Innovis, and TransUnion – maintain an opt-out website, which is mandated by the Fair Credit Reporting Act (FCRA).
You can find this website at: https://www.optoutprescreen.com

Via this website, you can have your name removed from the preapproved / prescreened credit card or insurance offer solicitation lists of these four credit reporting companies. If you file on-line, you can be removed from their lists for five years. However, if you want permanent removal, you must jump through a few more hoops and mail in a completed and signed form. Read the website to understand the process. They note that supplying your Social Security number is not mandatory, but it is recommended. Decide what you want to do, but note that they have your SS number anyway.

Some people can get a free fraud alert for seven years following even a minor fraud event

If you have become a victim of identity theft, you have rights under California law as an identity theft victim to have your credit files frozen for seven years without paying fees to the credit reporting agencies for such a long-term “fraud alert.” For example, if your credit card shows suspicious charges that you did not make and even if your credit card company takes them off your statement, you still can make an identity theft report to your local police and get a police report. With this police report and by writing to the appropriate addresses and following the procedures, the three credit reporting agencies are obligated legally to put long-term fraud alerts on your credit reports.

The downside of locking your credit report is that you cannot yourself apply and be approved immediately for instant credit. The good news is that nobody else can do the same for seven years, as well. (Note that if you do need to apply for a credit card or refinance a mortgage, you still can do so, but the credit lock on your account just creates a delay.)

The upside to locking your credit report is that new attempts to establish credit in your name are blocked without your permission. Not only does that mean that criminals cannot open new credit cards in your name, it means that you have greater protection from other kinds of credit related crimes. For example, the credit crisis has spawned a crime wave of mortgage and real estate line of credit frauds.

Criminals have opened credit lines in homeowner’s names and then have quickly drained the credit lines of their funds. In addition, homes have been sold without the homeowner’s knowledge and sometimes the knowledge even of the “buyer” who also had his or her identity stolen and was an unwitting participant in the transaction.

Obviously, it is better to prevent costly situations like these than clean them up. In addition, pay close attention to any document sent to you by your county registrar. Because of increasing real estate fraud some county registrars, including Los Angeles County, now send notices to the address of record whenever any deed or other records change is filed with them.