As paranoid as this sounds, it is, unfortunately, true. OK, maybe not that guy who was helping the old lady across the street today, but there are lots of people who would love to get ahold of your cash. Computers, smartphones and the internet have done wonders for criminals.
Today’s Excitement
I’ve talked about how my mom had fallen victim to a number of scammers. As part of the clean-up work, we’ve put a number of precautions in place, which we’ll talk about in a bit.
Today, I was home with Rosco, preparing for a visit with my mom. I was online ordering lunch when I got an email from the good people at Norton Lifelock.
As legit as this looks, we all know never to click a link in an email – right???
Stay away from the big yellow button that’s calling your name!
I have Lifelock in my bookmarks so I navigate over using my web browser and my password manager asks me which ID to fill. I have an account for myself, my wife and for my mom. I choose my mom as this email came for her. It fills in her ID (which is a disposable email linked to my email account) and a strong password that looks something like (but is not) this: oaUK9NcmKzm_CBpWaJx! Let’s see someone guess that one.
And right there on the dashboard is the notification of the new Kohl’s credit card. I’m slightly alarmed for 2 reasons.
- I set up a credit freeze on my mom’s SSN. This should prevent any credit accounts (more on this soon)
- My mom has Alzheimers and only leaves home with her caregivers or a family member. We’re pretty good at letting each other know about things like this.
False Alarm
Sure enough, the card is in my mom’s wallet when I arrive. I go online and see that there have been no charges. I lock the new Kohls card to prevent use and I verify/correct the security freeze.
The good news is that after the time and research unwinding the fraud, I have a pretty good system in place for catching any kind of financial trouble before it can become a big problem.
Let’s talk a little about these steps.
Be Afraid
Not that we should all cower under our beds and be afraid to buy anything online, but we should assume that bad people are trying to get their hands on our wealth, and it is highly likely that our personally identifiable information (PII) is floating around on the dark web – whether this is due to one of the many data breaches like this one, or it is out there because someone stole it and sold it.
In the old days, someone had to get their hands on our wallet to steal our info. Today, disgruntled employees at a company we do business with could be selling our info on the dark web.
My SSN was involved in the National Public Data breach. My info is available to anyone with a credit card or bitcoin wallet. Even before this, I assumed it was breached and acted accordingly.
Steps to Protect Yourself
Monitoring Services
Today’s excitement started with an email alert. I get alerts fairly regularly and I get a monthly note that usually tells me that there is nothing going on.
or, there may be notice of a breach
It’s nice to know that these services are working around the clock to protect me. I have several of them. I enter my name, SSN, credit card numbers, license number email addresses, phone numbers and other info and the service hunts for breaches or occurrences of this info on the dark web.
2 Very Important Points
Remember my trust no one comment. 2 paragraphs later, I’m typing my SSN into someone’s website.
You got me. I have dealt with Norton on my personal and professional life over the last 40 years or so. I wouldn’t go as far as to say I trust them implicitly, but they have quite a bit to lose of they don’t protect my info. Sometimes the reward is worth the risk. But this is something to consider before handing over our info.
Also remember that I am cheap. And there is nothing I hate more than a paid subscription. My Signature Visa card gives me a free Norton Lifelock subscription. I also get free subscriptions to reputable services from my Insurance company, AAA, and 2 of my other credit cards.
Free generally means any info you give will be sold. In these cases, the credit card company is paying (and likely significantly less than you or I would) so these aren’t free services, it’s just that our membership is subsidized. Big difference.
Credit Freeze
I signed up for a credit freeze as soon as I learned what it was. A credit freeze prevents anyone, including us, from opening a credit card or a loan account using our SSN. Given that our SSN is likely floating around the dark web with a for sale sign attached, this is great protection. Just remember that if you need to open a credit card or loan account, you will need to unfreeze first.
To effectively freeze our credit we need to either call, or better yet, set up an online account (for free) at Experian, Transunion, and Equifax. We need to freeze our credit (again for free) on each of the 3.
I forgot one, which is how my mom snuck through with her new Kohl’s card. Go mom.
Also, be wary of paid services. Experian, Transunion, and Equifax, as well as other companies will try and sell you additional features for a low monthly subscription. All you likely need is the (free) freeze.
Credit Reports
When we apply for a loan or credit card, the financial institution we’re dealing with contacts one or more of the 3 credit agencies to get our credit report. This shows all of our credit cards and loans and our repayment history.
We are entitled to receive copies as well. Go to https://www.annualcreditreport.com and you can receive a free online copy of a report from each of the 3 agencies. Originally, you were entitled to 1 copy from each agency per year. You can now get these weekly.
This is a great way to see if a new account has been opened using your SSN.
Online access
We should set up online access to all of our accounts. This afternoon, after I got my mom’s card, I set up an account – there is a website address on the back of the card.
Once we have an account, go to the settings area and set up alerts. I set up alerts on my accounts for any international transactions, any charges where the card is not present, and any transaction over $300. There are lots of options to keep us informed of activity that might be suspicious, or to remind us of things like a payment due, or a balance over a certain $ amount.
Using this account, we can also keep tabs on any spending. Make sure there are no surprises. You don’t want to have to wait for your monthly statement.
I also had the ability to lock the card, which means it can’t be used. I did this for my mom’s Kohl’s card. We like to keep it simple with 1 credit card. She may not have gotten the memo.
Wrap-Up
Those are the biggees. For free, assuming you have a credit card, insurance company, or AAA that provides you with identity monitoring. This gives us pretty solid protection from identity theft, and the means to deter, and quickly react to any suspicious activity.
Here are some other things to consider:
- A password manager – I tell everyone I know and have not been able to convince 1 person to move to a password manager. I don’t get it. All my passwords look like this: oaUK9NcmKzm_CBpWaJx! . I have not typed a password in 10 years. The password manager suggests a strong password, automatically stores it for the website your on, and from then on, will prefill it for you. And mine works on MacOS, Windows, Android and IOS. It also prefills on most apps. What’s not to love?
- Hide my Email – This is just for the cool kids using Apple products, but I hear it may be available through Gmail soon. Essentially, this feature (which comes with a 99 cent per month icloud+ subscription) creates unlimited throw-away email addresses that are linked to our icloud email. When I am asked to enter an email on a website for a subscription, or even for setting up an account, my mac or iPhone will suggest a new email address to use.
My own email shows below this, but I cut that off. If I use [email protected], any emails sent to that address will be forwarded to my main icloud email account. If I find I’m getting junk from them, I can detach the vantage email address and never hear from them again. I also use these as permanent addresses for some of the accounts I set up. Sometimes it’s nice to have multiple emails that all route to the same inbox. I have 133 unique addresses that I use (Apple does all the work. I don’t need to remember them, they all just show up in my inbox and I can respond if I like.)
- VPN – A virtual private network encrypts your internet traffic and prevents anyone from seeing which websites you’re accessing. Our web browsers do a pretty good job of securing our web transactions, but a VPN ups your security game. There are free ones out there, but this is a service I pay for. Free services survive by selling our data. This is an area where you don’t want your data sold.
- Notes (I keep these encrypted in my password manager) Our online lives are getting complicated. We have lots of ids, passwords, accounts, credit cards… I try and keep an updated list of all my key information – it helps keep me organized and someone will likely need them if something happens to us.
OK, so that’s it. Today’s excitement got me thinking and I wanted to send out a summary of the things I’ve done that I feel keep me on top of all the suspicious activity flying around.
I hope you try some. If you have others please add them in the comments below.