Beyond Equifax: Dealing with ID theft

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
Post Reply
User avatar
VictoriaF
Posts: 17491
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Beyond Equifax: Dealing with ID theft

Post by VictoriaF » Tue Sep 12, 2017 10:54 am

We already have 143 million Equifax-related Bogleheads threads. Here I want to talk about something more general:
I. Different types of Identity Theft
II. Prevention of and response to different types of ID theft
III. General principles of ID protection

I want to start with the things from the top of my head and hope that others will provide constructive criticism and additions.

I. Different types of Identity Theft:
1. Misuse of your existing holding accounts (mutual funds, banks, credit unions)
2. Misuse of your existing credit and debit cards
3. Opening of new banking accounts in your name that you don't know about
4. Opening of new credit and debit cards in your name that you don't know about
5. Access to your IRS files and filing fraudulent returns with refunds sent to a strange address
6. Access to your Social Security files and redirecting your Social Security payments (and Medicare?)
7. Use of your medical identity and insurance


II. Prevention of and response to different types of ID Theft (with numbers corresponding to those in part I):
1. Respectable institutions (Vanguard, Fidelity) send you email after new transactions and Post Office letters to confirm linkage of new banks to your accounts. Credit Unions and small banks may be less thorough or diligent. Keeping an eye on the accounts is a good practice, even minuscule changes can be signs of a breach.
2. Misuse of credit cards is easy to remedy by calling the bank and refusing to pay fraudulent charges. With debit cards I think it's more involved.
3. ID monitoring services alert you to new accounts opened in your name. But I don't know how thorough they are. Credit freeze should prevent this. Nevertheless, it's conceivable that small or rogue banks may open an account without checking one's credit. With credit freezes it should be easier to argue your rights and deal with issues resulting from a breach.
4. Dealing with new credit and debit cards is similar to dealing with new banks, and should be even easier.
5. If you create an IRS account, you should receive email after making any changes. Try to minimize tax refunds, so that if your account is breached you won't lose too much of expected cash. From what I've read, the Equifax breach of Driver's License information makes it easier to impersonate you with the IRS. In the end, the IRS will make you whole and provide you with a personal PIN.
6. Create an account with the Social Security Administration. I recall they send you email after any changes you make.
7. Review your Explanations of Benefits (EOB) for any un-recognized services, even if you don't need to pay for them.
8. If your ID is breached, advice from this article Identity Theft, Credit Reports, and You http://www.kalzumeus.com/2017/09/09/ide ... t-reports/ can be very helpful.


III. General principles of ID protection.
A. It's very important to guard the email you use for accessing critical accounts: have a strong unique password and use two-factor authentication.
B. It's preferable to deal with well established institutions than, say, small banks and credit unions.
C. General principles of cyber security always apply, including complex non-repeated passwords (and use of password manager), two-factor authentication, careful surfing and clicking, patching your software immediately, protecting from physical theft of your information by encrypting critical files.
D. Brian Krebs https://krebsonsecurity.com/ provides excellent information on various breaches and exploits and respective remedies. He also alerts you to new patches by Microsoft and others. Brian's descriptions of the ATM fraud are highly illustrative. By reading Krebs you start thinking like a hacker, and this is a useful skill even if you are not planning to hack. I subscribe to his email list to learn about new articles right away.
E. The FTC has a user-friendly way to report and deal with ID theft, https://www.identitytheft.gov/ .

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

User avatar
Index Fan
Posts: 2496
Joined: Wed Mar 07, 2007 12:13 pm
Location: The great Midwest

Re: Beyond Equifax: Dealing with ID theft

Post by Index Fan » Tue Sep 12, 2017 11:21 am

Very useful!

Another site of interest to the topic-

https://www.schneier.com/
"Optimum est pati quod emendare non possis." | -Seneca

Nate79
Posts: 1341
Joined: Thu Aug 11, 2016 6:24 pm
Location: Portland, OR

Re: Beyond Equifax: Dealing with ID theft

Post by Nate79 » Tue Sep 12, 2017 11:33 am

One ID theft that needs to be addressed is the stealing and misuse of cell phone numbers.

Another one I heard recently on Clark Howard was example of a child's identity being stolen which is a little more difficult to fix.

2015
Posts: 894
Joined: Mon Feb 10, 2014 2:32 pm

Re: Beyond Equifax: Dealing with ID theft

Post by 2015 » Tue Sep 12, 2017 12:57 pm

Thanks! I've subscribed to the site.

SimonJester
Posts: 1317
Joined: Tue Aug 16, 2011 12:39 pm

Re: Beyond Equifax: Dealing with ID theft

Post by SimonJester » Tue Sep 12, 2017 1:44 pm

I would add to your list of Identity Theft, using you Identity when caught committing a crime. This one is real nasty..
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - Benjamin Franklin

mhalley
Posts: 5132
Joined: Tue Nov 20, 2007 6:02 am

Re: Beyond Equifax: Dealing with ID theft

Post by mhalley » Tue Sep 12, 2017 1:51 pm

I believe Clark has said that child identity theft is more common than adult, harder to prevent as it is more difficult to freeze child's credit, and goes unnoticed . I believe only 23 states mandate it, aside from equifax which allows it for all fifty.

https://www.consumerreports.org/consume ... ity-theft/

User avatar
DaftInvestor
Posts: 3098
Joined: Wed Feb 19, 2014 10:11 am

Re: Beyond Equifax: Dealing with ID theft

Post by DaftInvestor » Tue Sep 12, 2017 2:29 pm

VictoriaF wrote:
Tue Sep 12, 2017 10:54 am

6. Create an account with the Social Security Administration. I recall they send you email after any changes you make.
I would extend this to say "If you already have an account - log into your account and enable two-factor authentication by adding text-verification through your cell phone".

User avatar
DaftInvestor
Posts: 3098
Joined: Wed Feb 19, 2014 10:11 am

Re: Beyond Equifax: Dealing with ID theft

Post by DaftInvestor » Tue Sep 12, 2017 2:34 pm

VictoriaF wrote:
Tue Sep 12, 2017 10:54 am

B. It's preferable to deal with well established institutions than, say, small banks and credit unions.
The only question I have on this one is, while larger institutions "might" be better about their security practices, they also "might" be targeted more frequently by hackers. But I don't know this to be true for a fact - any data here?
Target got hacked - I don't think my neighborhood independent toy store did.
Chase bank customers got hacked - I don't think my small local credit-union did. Seems the big-time hackers are more likely to target the bigger banks where there time and effort will pay off.

new2bogle
Posts: 1097
Joined: Fri Sep 11, 2009 2:05 pm

Re: Beyond Equifax: Dealing with ID theft

Post by new2bogle » Tue Sep 12, 2017 2:35 pm

Thank you OP.

Due to this thread I enable 2FA on my gmail account.

Post Reply