MyIDCare alerts - SSN on "Dark Web." Anything to do?

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
Post Reply
Topic Author
jaMichael
Posts: 432
Joined: Sun Mar 12, 2023 12:23 am

MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by jaMichael »

Today I received 9 email alerts from MyIDCare informing me that my Social Security Number was found on the dark web. (I have a MyIDCare account through my employer (the federal government), based on a past data breach.) The emails say, “While this information doesn't necessarily mean you are a victim of identity theft, you may be at risk.” I visited the MyIDCare website, which seems to indicate that my name, address, DOB, and phone number have been “found compromised with your Social Security number.”

The MyIDCare website says:

Here's what to do:

Your Social Security Number can be used to open lines of credit so you'll want to keep an eye on your credit information. Firstly, watch closely for any credit alerts from us. Secondly, we recommend you pull an updated credit report from at least one of the three credit bureaus at www.annualcreditreport.com. This can be done for free once a year from each of the bureaus. If you find an error on your credit report or an account that you do not recognize, we recommend you contact the credit bureau and file a dispute against the error or account in error.

If you suspect your Social Security number is being used fraudulently for income declaration purposes, you should contact the Social Security Administration at www.ssa.gov or call toll-free at 1-800-772-1213. They will review your earnings with you to ensure their records are correct.


I just reviewed two of my credit reports and everything looks fine. I have long had credit freezes on file with the big 3 credit bureaus (and some smaller ones).

Would you recommend any other action on my part? Thank you.
exodusNH
Posts: 11121
Joined: Wed Jan 06, 2021 7:21 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by exodusNH »

jaMichael wrote: Wed Jul 31, 2024 2:34 pm Would you recommend any other action on my part? Thank you.
Your information was probably already out there.

You've frozen your credit. That's about all you can do, besides curse the lack of privacy regulation in the US.
User avatar
samsoes
Posts: 2914
Joined: Tue Mar 05, 2013 8:12 am
Location: Northeast Rat Race

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by samsoes »

Freeze your Chex Systems report so bad actors can't open bank accounts in your name to finance their nefarious activities.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
Topic Author
jaMichael
Posts: 432
Joined: Sun Mar 12, 2023 12:23 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by jaMichael »

samsoes wrote: Wed Jul 31, 2024 3:12 pm Freeze your Chex Systems report so bad actors can't open bank accounts in your name to finance their nefarious activities.
Thank you both for your responses. I have had a freeze on Chex too. Many thanks.
User avatar
Padlin
Posts: 1062
Joined: Thu Mar 01, 2007 6:46 pm
Location: MA

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Padlin »

I just started a thread about the same, except my message came from Experian.

[url]/viewtopic.php?t=436535&sid=9195bfff1e43 ... 46da9ce3f9 [url]
Regards | Bob
User avatar
Padlin
Posts: 1062
Joined: Thu Mar 01, 2007 6:46 pm
Location: MA

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Padlin »

I’ve never heard of this Chex system, can someone clue me in? Thanks
Regards | Bob
mouth
Posts: 690
Joined: Sun Apr 19, 2015 6:40 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by mouth »

exodusNH wrote: Wed Jul 31, 2024 3:02 pm
jaMichael wrote: Wed Jul 31, 2024 2:34 pm Would you recommend any other action on my part? Thank you.
... That's about all you can do, besides curse the lack of privacy regulation in the US.
The real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at clouds ;-)
exodusNH
Posts: 11121
Joined: Wed Jan 06, 2021 7:21 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by exodusNH »

mouth wrote: Wed Jul 31, 2024 3:49 pm
exodusNH wrote: Wed Jul 31, 2024 3:02 pm
jaMichael wrote: Wed Jul 31, 2024 2:34 pm Would you recommend any other action on my part? Thank you.
... That's about all you can do, besides curse the lack of privacy regulation in the US.
The real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at clouds ;-)
Remember "not for identification" printed on the cards? Sigh.
User avatar
Duckie
Posts: 9880
Joined: Thu Mar 08, 2007 1:55 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Duckie »

Padlin wrote: Wed Jul 31, 2024 3:40 pm I’ve never heard of this Chex system, can someone clue me in?
ChexSystems has a consumer file for your bank deposit and debit history. A negative report can result in being denied a new bank account. Also, you can freeze your file so, mostly, no one can open an account in your name. Mostly, because not all banks pay for the ChexSystems service.
mouth
Posts: 690
Joined: Sun Apr 19, 2015 6:40 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by mouth »

exodusNH wrote: Wed Jul 31, 2024 4:15 pm
mouth wrote: Wed Jul 31, 2024 3:49 pm
exodusNH wrote: Wed Jul 31, 2024 3:02 pm
jaMichael wrote: Wed Jul 31, 2024 2:34 pm Would you recommend any other action on my part? Thank you.
... That's about all you can do, besides curse the lack of privacy regulation in the US.
The real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at clouds ;-)
Remember "not for identification" printed on the cards? Sigh.
Yup! In the context they were using it at the time (and even now) is that the card itself is not for identification which we would now call authentication before it was a term of art in the modern/digital world. Or putting it in the phrasing of the day, the SS card is "not for identification [of the person presenting the card]". But the number is 100% an identifier of *A* person
artgerst
Posts: 304
Joined: Tue Jun 23, 2015 8:34 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by artgerst »

Make sure you have a PIN set up with the IRS to file returns.
austin_dweller
Posts: 14
Joined: Sun Apr 30, 2017 5:54 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by austin_dweller »

It looks like there are many banks that do not use ChexSystem.
Google search shows many results
e.g
https://www.gobankingrates.com/banking/ ... exsystems/
User avatar
Padlin
Posts: 1062
Joined: Thu Mar 01, 2007 6:46 pm
Location: MA

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Padlin »

Duckie wrote: Wed Jul 31, 2024 4:28 pm
Padlin wrote: Wed Jul 31, 2024 3:40 pm I’ve never heard of this Chex system, can someone clue me in?
ChexSystems has a consumer file for your bank deposit and debit history. A negative report can result in being denied a new bank account. Also, you can freeze your file so, mostly, no one can open an account in your name. Mostly, because not all banks pay for the ChexSystems service.
Thanks
Regards | Bob
Caliscotsman
Posts: 525
Joined: Tue Mar 22, 2022 7:18 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Caliscotsman »

It's not even a felony for someone to use your SSN.
cipriano
Posts: 58
Joined: Thu May 13, 2021 6:17 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by cipriano »

My SSN is also on the dark web. I don't worry about it and just keep credit alerts set up. A single AT&T breech in April leaked 73 million SSNs. Everything is out there.
User avatar
ResearchMed
Posts: 17324
Joined: Fri Dec 26, 2008 10:25 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by ResearchMed »

jaMichael wrote: Wed Jul 31, 2024 2:34 pm Would you recommend any other action on my part? Thank you.

For this type of "warnning" aka "offer", we ignore it.

We assume that a lot of our information is already "out there", and probably has been for some time.

We just keep passwords safe, meaning not shared for different accounts, and changed occasionally, etc.

RM
This signature is a placebo. You are in the control group.
funyun
Posts: 310
Joined: Tue Oct 31, 2023 11:07 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by funyun »

I got the same thing, also through the system set up by the feds after all the employee info got hacked. There's really not much we can do... I assume if you're in the same boat I am, you already have your credit frozen. I was impressed at how fast they found that info though - I found an article that said the breach had just happened within the last few days. I wish we lived in a world with any amount of privacy, but we don't, so I think the best we can do is keep everything frozen and hope for the best.

One other interesting thing about this breach, is that the article I found noted that anyone who utilized data opt-out services wasn't impacted. We started doing this a couple of years back, and indeed, every alert I received showed only my data from more than two years ago (none of which is currently accurate). It apparently is worth something to be as proactive as you can about opting out of things.
Topic Author
jaMichael
Posts: 432
Joined: Sun Mar 12, 2023 12:23 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by jaMichael »

funyun wrote: Wed Jul 31, 2024 8:06 pm I got the same thing, also through the system set up by the feds after all the employee info got hacked. There's really not much we can do... I assume if you're in the same boat I am, you already have your credit frozen. I was impressed at how fast they found that info though - I found an article that said the breach had just happened within the last few days. I wish we lived in a world with any amount of privacy, but we don't, so I think the best we can do is keep everything frozen and hope for the best.

One other interesting thing about this breach, is that the article I found noted that anyone who utilized data opt-out services wasn't impacted. We started doing this a couple of years back, and indeed, every alert I received showed only my data from more than two years ago (none of which is currently accurate). It apparently is worth something to be as proactive as you can about opting out of things.
What data opt out service(s) do you use?
User avatar
beyou
Posts: 7463
Joined: Sat Feb 27, 2010 2:57 pm
Location: If you can make it there

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by beyou »

Got same msg from different source today.
I am starting to ignore this and "email address found on dark web" alerts.
Getting too many and no clear action to take other than freeze all credit reports which I did long ago.
Email/pwd theft alerts even more useless as they indicate source website unknown.
At least the ss# alert gave a source but it was some site I never used ( one of these places that sell your public info like address phone and apparently ss#.
zero_coupon
Posts: 875
Joined: Sun Jun 05, 2022 5:26 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by zero_coupon »

jaMichael wrote: Wed Jul 31, 2024 2:34 pm Would you recommend any other action on my part?
This guide seems pretty good:

https://www.reddit.com/r/IdentityTheft/ ... eports_is/
funyun
Posts: 310
Joined: Tue Oct 31, 2023 11:07 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by funyun »

jaMichael wrote: Wed Jul 31, 2024 11:12 pm
funyun wrote: Wed Jul 31, 2024 8:06 pm I got the same thing, also through the system set up by the feds after all the employee info got hacked. There's really not much we can do... I assume if you're in the same boat I am, you already have your credit frozen. I was impressed at how fast they found that info though - I found an article that said the breach had just happened within the last few days. I wish we lived in a world with any amount of privacy, but we don't, so I think the best we can do is keep everything frozen and hope for the best.

One other interesting thing about this breach, is that the article I found noted that anyone who utilized data opt-out services wasn't impacted. We started doing this a couple of years back, and indeed, every alert I received showed only my data from more than two years ago (none of which is currently accurate). It apparently is worth something to be as proactive as you can about opting out of things.
What data opt out service(s) do you use?
I don't use a particular data opt-out service, but a couple of years back, we went on a privacy seeking bender and we submitted requests to every company we deal with to not share our info and to opt out of anything we could with them. It was an onerous process for sure. We also live in California which has data privacy rules, so we went to every website we had logins for and submitted privacy and/or deletion requests. Now when I'm surfing the web, I pay attention to those pesky pop-ups that ask if you want to opt in or out and always opt out (I don't know if people see those popups in states outside of CA?). Anyway, it takes a bit of work and ongoing dedication but it was clearly worth it. I don't know if there are companies out there whoh can do this for you.
Gadget
Posts: 1045
Joined: Fri Mar 17, 2017 1:38 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Gadget »

I take solace in the fact that everyone's SSN is already on the dark web... I used to care, but have now received so many of these letters and notifications that I've grown numb to it. I just freeze my credit everywhere, and don't even bother to sign up for free credit monitoring from all the "offers" after a leak since that's just another avenue for someone to lose my info.
Onlineid3089
Posts: 942
Joined: Thu Jan 02, 2020 2:47 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Onlineid3089 »

mouth wrote: Wed Jul 31, 2024 3:49 pm
exodusNH wrote: Wed Jul 31, 2024 3:02 pm
jaMichael wrote: Wed Jul 31, 2024 2:34 pm Would you recommend any other action on my part? Thank you.
... That's about all you can do, besides curse the lack of privacy regulation in the US.
The real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at clouds ;-)
It wasn't that long ago most states used the SSN as your drivers license number. I believe it was mine when I got my school permit in 1999. Looks like Iowa banned that in 2005. When looking up that date I saw a link to Social Security about a report to congress on enhancing the Social Security Card https://www.ssa.gov/history/reports/ssnreportc6.html
Use of the SSN in State drivers license systems is already authorized by Federal law, and 29 States currently use the SSN as the drivers license number or show it on the license. The 1996 immigration reform provision on improved identification-related documents requires the SSN to be included on State drivers licenses by the year 2000. Thus, the drivers license and Social Security card can both be used to verify the SSN.
Looks like as recently as 1996 they were planning to force states to include it on drivers licenses by 2000 :oops:
WillRetire
Posts: 857
Joined: Mon Jun 05, 2017 10:01 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by WillRetire »

OP: I suggest you also create a login acccount at ssa.gov. Starting recently, this has to be done through id.me or login.gov. Regardless of which service you use, register to access your social security account before someone else does. There are other benefits to doing so, such as seeing an estimate of your projected benefits and to review your earnings history.

If you already have an ssa.gov account, login to it, check that your earnings record is as expected, and double-check that your email address is correct.
Topic Author
jaMichael
Posts: 432
Joined: Sun Mar 12, 2023 12:23 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by jaMichael »

zero_coupon wrote: Thu Aug 01, 2024 5:53 am
jaMichael wrote: Wed Jul 31, 2024 2:34 pm Would you recommend any other action on my part?
This guide seems pretty good:

https://www.reddit.com/r/IdentityTheft/ ... eports_is/
Thanks for all of these helpful responses. I have done pretty much everything recommended, and I found the additional suggestions on this reddit page very helpful.
User avatar
Padlin
Posts: 1062
Joined: Thu Mar 01, 2007 6:46 pm
Location: MA

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Padlin »

Well I went through one of the lists mentioned above, did maybe 90% of it today, about 3 hrs.

I already had freezes on the big 3 for myself, my wife had accts on all 3, 2 frozen, 1 locked. The hassle was finding the right usernames and passwords, these were setup many years ago and records were incomplete. Had to call and work through customer support, which isn’t fun. Same issue with ChexSystems, seems we made accounts and froze those in 2007, no record of those of course. Some of these sites do a good job of trying to talk you into buying services you don’t need.

I know a lot of older folks that are not very tech savvy, I don’t think they could handle this.

Now I just need to keep track of all this.

Thanks all for the info.
Regards | Bob
mouth
Posts: 690
Joined: Sun Apr 19, 2015 6:40 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by mouth »

Onlineid3089 wrote: Thu Aug 01, 2024 3:12 pm
mouth wrote: Wed Jul 31, 2024 3:49 pm
exodusNH wrote: Wed Jul 31, 2024 3:02 pm
jaMichael wrote: Wed Jul 31, 2024 2:34 pm Would you recommend any other action on my part? Thank you.
... That's about all you can do, besides curse the lack of privacy regulation in the US.
The real thing to curse is that an SSN is considered a useful "secret" to have in the first place. It was never designed to be a secret, nor an authentication method. It should be no more private than your own name and carry no more risk. That's what everyone should be mad at and shake their fists at clouds ;-)
It wasn't that long ago most states used the SSN as your drivers license number. I believe it was mine when I got my school permit in 1999. Looks like Iowa banned that in 2005. When looking up that date I saw a link to Social Security about a report to congress on enhancing the Social Security Card https://www.ssa.gov/history/reports/ssnreportc6.html
Use of the SSN in State drivers license systems is already authorized by Federal law, and 29 States currently use the SSN as the drivers license number or show it on the license. The 1996 immigration reform provision on improved identification-related documents requires the SSN to be included on State drivers licenses by the year 2000. Thus, the drivers license and Social Security card can both be used to verify the SSN.
Looks like as recently as 1996 they were planning to force states to include it on drivers licenses by 2000 :oops:
But see that's the thing, there's no real reason NOT to have SSN on a DL. Heck tattoo it on your forehead! Simply knowing someone's SSN should get you nothing more than a nod and "yup that's someone's number, now prove it's you".

If you have a photo ID like a DL with an SSN on it, and your system for securing that ID gives you confidence that the ID is legit, then that really IS some level of proof of identification (aka authentication) and the SSN that goes with that face. The difference is between "knowing a string of numbers" without proof they are your numbers, and "having a trusted document" that proves, to some level of confidence, you are the person you say you are. The only debate at that point is how good your document is at positively identifying the person presenting it. We already know the physical SSN card is trash, but Secure-ID is supposed to be better as are passports, the two most trusted documents in the US (right wrong or indifferent).

Of course a secure ID card like a DL only helps with in-person fraud. It doesn't help with online / phone fraud. It can be one of multiple means (aka presenting a scan of the ID) but on-line authentication better require more than a picture of an ID that is very easy to fake if the authenticator isn't able to get their hands on it. Again, right wrong or indifferent, that's where ID.me and Login.gov are trying to bridge that gap in the chain of trust online along with use of MFA / tokens
Tender
Posts: 1
Joined: Sun Sep 01, 2024 7:22 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Tender »

I had the exact same experience. All of my personal background details were stolen. I am aware that there were over 30 network audits , both internal and external and all of them cautioned about cautioned about the high risk of data-warehousing with Internet access. They didin’t care and 26.2 million accounts were hacked.
This new threat may well justify a class action lawsuit.
rick51
Posts: 212
Joined: Mon Sep 14, 2009 7:33 pm
Location: Maryland

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by rick51 »

I assume you need to unfreeze , if you are attempting to open a new credit card account or seeking a loan. Is that easy to do?
rockstar
Posts: 7483
Joined: Mon Feb 03, 2020 5:51 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by rockstar »

I’d add a fraud alert.

The dark web sounds so ominous. Are they referring to TOR?

https://www.torproject.org/
User avatar
Padlin
Posts: 1062
Joined: Thu Mar 01, 2007 6:46 pm
Location: MA

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Padlin »

rick51 wrote: Wed Sep 04, 2024 3:13 pm I assume you need to unfreeze , if you are attempting to open a new credit card account or seeking a loan. Is that easy to do?
I’ve had to unfreeze an acct a couple times, I asked the bank which credit bureau they use and unfroze that one. I left it that way for a week then refroze it.
Regards | Bob
JeanM
Posts: 47
Joined: Fri Jun 09, 2023 9:46 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by JeanM »

WillRetire wrote: Thu Aug 01, 2024 3:43 pm I suggest you also create a login acccount at ssa.gov. Starting recently, this has to be done through id.me or login.gov.
I already have an id.me account. Do I also need to create a login.gov account?
User avatar
Duckie
Posts: 9880
Joined: Thu Mar 08, 2007 1:55 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Duckie »

JeanM wrote: Thu Sep 05, 2024 7:32 am I already have an id.me account. Do I also need to create a login.gov account?
No. Currently ID.me will get you into ssa.gov just like it will for irs.gov.
JeanM
Posts: 47
Joined: Fri Jun 09, 2023 9:46 am

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by JeanM »

Duckie wrote: Thu Sep 05, 2024 3:49 pm
JeanM wrote: Thu Sep 05, 2024 7:32 am I already have an id.me account. Do I also need to create a login.gov account?
No. Currently ID.me will get you into ssa.gov just like it will for irs.gov.
Yes, I understand that id.me will get me into ssa.gov. But from a security perspective, do I need to set up a login.gov account in order to prevent some scammer from establishing an account in my name? Or does having an id.me account somehow protect me from that?
friar1610
Posts: 2371
Joined: Sat Nov 29, 2008 8:52 pm
Location: MA South Shore

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by friar1610 »

I’ve had multiple emails from both ID.me and Equifax over the past few days as well. As I’m sure everyone else is getting in their emails, there is a recommendation to put a fraud alert on Equifax. There is a link in the initial emails to get you to the right part of Equifax to do this. But, wait a minute — isn’t it a computer security no-no to click on a link in an email received from a sender you can’t absolutely verify? How can I be sure that the ID.me and Equifax emails aren’t themselves scam messages intended to get me to click on a link where bad things will happen?
Friar1610 | 50-ish/50-ish
User avatar
Duckie
Posts: 9880
Joined: Thu Mar 08, 2007 1:55 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by Duckie »

friar1610 wrote: Thu Sep 05, 2024 4:43 pm How can I be sure that the ID.me and Equifax emails aren’t themselves scam messages intended to get me to click on a link where bad things will happen?
You can't. But you can go to myEquifax.com directly, sign in, and from there hunt for the "Fraud Alert" section.

If your Equifax account is frozen I wonder if anyone can even see a fraud alert.
JBTX
Posts: 11765
Joined: Wed Jul 26, 2017 12:46 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by JBTX »

beyou wrote: Wed Jul 31, 2024 11:37 pm Got same msg from different source today.
I am starting to ignore this and "email address found on dark web" alerts.
Getting too many and no clear action to take other than freeze all credit reports which I did long ago.
Email/pwd theft alerts even more useless as they indicate source website unknown.
At least the ss# alert gave a source but it was some site I never used ( one of these places that sell your public info like address phone and apparently ss#.
If my email address is in the dark web, I don’t use it for anything important, especially financial accounts. I set up a separate little used email address for my most sensitive accounts.
User avatar
beyou
Posts: 7463
Joined: Sat Feb 27, 2010 2:57 pm
Location: If you can make it there

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by beyou »

JBTX wrote: Thu Sep 05, 2024 5:06 pm
beyou wrote: Wed Jul 31, 2024 11:37 pm Got same msg from different source today.
I am starting to ignore this and "email address found on dark web" alerts.
Getting too many and no clear action to take other than freeze all credit reports which I did long ago.
Email/pwd theft alerts even more useless as they indicate source website unknown.
At least the ss# alert gave a source but it was some site I never used ( one of these places that sell your public info like address phone and apparently ss#.
If my email address is in the dark web, I don’t use it for anything important, especially financial accounts. I set up a separate little used email address for my most sensitive accounts.
That does not guarantee the separate email wont be on the dark web, but if you use one of these monitoring services, at least when it shows up, you'll know it's the important email and not the more heavily used one.

That said, wont do you much good. The alerts I get don't indicate anyone has the password to your email, just that some unknown website is associated to this email address. That does not mean they know your financial site password nor that they know your email password, regardless of which email address you use. If you follow good hygiene (change your long complex passwords periodically, use strongest 2FA allowed at each website etc) your risk is low. I am not sure there is any way to prevent widespread knowledge of your email address. Even if you use different emails for each important vendor, that vendor may sell your email, they may be hacked, their employees may have access to your email.
JBTX
Posts: 11765
Joined: Wed Jul 26, 2017 12:46 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by JBTX »

beyou wrote: Thu Sep 05, 2024 5:36 pm
JBTX wrote: Thu Sep 05, 2024 5:06 pm
beyou wrote: Wed Jul 31, 2024 11:37 pm Got same msg from different source today.
I am starting to ignore this and "email address found on dark web" alerts.
Getting too many and no clear action to take other than freeze all credit reports which I did long ago.
Email/pwd theft alerts even more useless as they indicate source website unknown.
At least the ss# alert gave a source but it was some site I never used ( one of these places that sell your public info like address phone and apparently ss#.
If my email address is in the dark web, I don’t use it for anything important, especially financial accounts. I set up a separate little used email address for my most sensitive accounts.
That does not guarantee the separate email wont be on the dark web, but if you use one of these monitoring services, at least when it shows up, you'll know it's the important email and not the more heavily used one.

That said, wont do you much good. The alerts I get don't indicate anyone has the password to your email, just that some unknown website is associated to this email address. That does not mean they know your financial site password nor that they know your email password, regardless of which email address you use. If you follow good hygiene (change your long complex passwords periodically, use strongest 2FA allowed at each website etc) your risk is low. I am not sure there is any way to prevent widespread knowledge of your email address. Even if you use different emails for each important vendor, that vendor may sell your email, they may be hacked, their employees may have access to your email.
If you have a separate email that you only use for a few sensitive things, like brokerages the only way it gets on the dark web is if there is a breach at those banks. It’s not used for anything else so how does it get on the dark web?

You can check on some sites to see if it is out there.

No guarantees but that is one less vector to attack, given a lot of hacks start with an email hack and get other information from other emails in the account.
JBTX
Posts: 11765
Joined: Wed Jul 26, 2017 12:46 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by JBTX »

I decided to check my IRS get transcript and it now says I need ID me. I’m trying to set up and IDme account but that is turning out to be a royal PITA. I now have to wait over 30 minutes for a verification video call.
User avatar
ResearchMed
Posts: 17324
Joined: Fri Dec 26, 2008 10:25 pm

Re: MyIDCare alerts - SSN on "Dark Web." Anything to do?

Post by ResearchMed »

Duckie wrote: Thu Sep 05, 2024 4:58 pm
friar1610 wrote: Thu Sep 05, 2024 4:43 pm How can I be sure that the ID.me and Equifax emails aren’t themselves scam messages intended to get me to click on a link where bad things will happen?
You can't. But you can go to myEquifax.com directly, sign in, and from there hunt for the "Fraud Alert" section.

If your Equifax account is frozen I wonder if anyone can even see a fraud alert.

This is very important advice for *any* website or vendor or email, etc., not just Equifax.

The best advice is: NEVER click on a link in email!

Instead, go to the real website of whichever entity you want or need to contact. And go there by YOU typing in the website address, *not* by clicking on a supposed link in an email.

I think it is *very* unfortunate that some legitimate vendors (including financial firms such as Vanguard !? :shock: - but NOT "only" Vanguard!) almost train their clients to practice UNsafe computer hygiene by sending "real" email messages that include a link "to click to get to their website and your personal account".

Sure, if it REALLY is "Vanguard" (or other legitimate vendor), then it would be "safe".
But the scammers keep getting better and batter at disguising themselves as the legitimate entity such that the link does NOT go to the real site... but it takes one to a fake site and then invites/requires one to enter the account and password information. And then... that information can be used for nefarious purposes, such as to remove money from one's account, or perhaps get additional sensitive personal information.

Just get in the habit of *not* clicking on any embedded link in an email!
Go directly to the relevant website by personally typing in the web address, and proceed from there.
(And alas, sometimes the legitimate vendor doesn't make it easy to find the website area that is relevant, because they are now expecting you to "click on the embedded link"... sometimes despite generally warning clients "never to click on embedded links".
:oops:

RM
This signature is a placebo. You are in the control group.
Post Reply