July 7, 2015
Protecting Yourself from Identity Theft
In our increasingly electronic and information driven world, attacks or fraudulent attempts to steal information are becoming more common. We wanted to offer some practical tips on how to protect your information and, by extension, your business, family, and life.
Tax-Related Identity Theft
One of the most pervasive and increasingly common cases of identity theft relates to income taxes. Taxpayers may receive calls or emails purporting to be from a taxing authority such as the Internal Revenue Service (IRS) or from their state taxing authority requesting personal information. Alternatively, thieves may use personal information that they obtained illegally to make a claim for a tax refund by filing a fraudulent tax return. According to the IRS, cases of tax identity theft surged 66% from the previous year.
An unexpected email or phone call purporting to be from the IRS and requesting personal information or threatening dire consequences unless a supposed tax bill is paid immediately is a scam known as “phishing.” The IRS will never initiate contact with you via email to request personal information. Never provide personal information over the phone or via email, including your PIN number. If you receive any sort of communication purporting to be from a taxing authority, we urge you to contact us immediately so that we can assist you in verifying the authenticity of the communication.
Tips to protect your Personal Information:
1. In addition, below are additional tips on how to secure your personal information, both at home and online.
2. Be cautious about providing personal information (see below list) to anyone that you do not know. Always check the legitimacy of a person who has contacted you asking for such information, even if they might possess some of your information already.
- Your Full Name
- Social Security Number
- Phone Number
- Credit card and bank account information
- Personal information such as the location of your birth, mother’s maiden name, or other information commonly used as answers to security questions
3. Protect your personal financial documents – Keep your social security card or any other document that shows your social security number in a safe place. Ensure that other personal financial information is also securely stored and disposed of.
4. Check your credit report annually and consider signing up for a credit monitoring service.
5. Since the majority of information is now available or stored online, it is also important to consider your own personal cyber security. Here are some tips:
Be suspicious of unknown links or requests sent via email or text message. Do not click on unknown links or answer strange questions sent to your mobile device or personal computer, regardless of who the sender appears to be. Never click on links embedded in emails from third party or primary retailers; it is always best to visit retailer sites directly. Notifications or service offerings referenced in the email, if valid, will be available on the retailer’s official website. Try not to open suspicious looking emails that could be phishing schemes or malware depositors.
- Never open attachments if you are not expecting them. Retailers will not typically send emails with attachments. If you have doubts about the legitimacy of the attachments, contact the retailer directly and ask about whether the email with the attachment was sent from them for a specific purpose.
- Set secure passwords (see Password Tips below) and don’t share them with anyone. Avoid using common words, phrases, or personal information in your passwords. Change your passwords every 45-60 days.
- Keep your operating system, browser, anti-virus, and other critical software up to date. Security updates and patches are available for free from major service providers.
- Pay close attention to the URLs of websites you visit. Malicious websites sometimes use variations in common spelling or different domains (such as “ .com” instead of “.net”) to deceive unsuspecting web surfers.
The extra effort and, at times, hassle of protecting your personal information definitely outweighs the stress, time and hassle of dealing with a situation where your personal information has been compromised. We encourage all our clients and colleagues to consider implementing some of our suggestions above to keep their personal information secure.
Most passwords are formed from personal information and are easy to remember. Unfortunately, this makes the task of “cracking” passwords much easier for attackers.
Although intentionally misspelling a word (e.g. “daytt” instead of “date”) may offer some protection against dictionary attacks, an even better password generating method is to rely on a series of words. Use mnemonics or other memory tricks to help you remember how to decode your passwords.
For example, rather than using the password “hoops,” use “IlTpbb,” an acronym for “[I] [l]ike [T]o [p]lay [b]asket[b]all.” Using both lowercase and capital letters adds another layer of password obscurity. To make your password even more secure, use a combination of numbers, special characters, and both lowercase and capital letters. By changing the example above to “Il!2pBb,” a relatively simple password has become far more complex simply by adding numbers and special characters.