Top 10 Identity Theft Myths

In today’s world it is more important than ever to focus on the things that we can control to better safeguard our financial future. It’s easy to get complacent, lulled into a false sense of security, when there are many other more urgent things to think about. That’s why we assembled the Top 10 Identity Theft Myths that you need to stop believing now. Along with this information are suggested resolutions for the new year that, if followed all year long, will better protect your identity both online and offline.

Myth #10 – Identity thieves are mysterious, scary people. It’s true, identity thieves do exist in dark places but they can also live in your neighborhood, shop at the same stores as you, and some may even frequent the same coffee shops. The most damaging identity thief can actually be your co-worker that stumbled upon sensitive data, only to give in to the temptation of easy money. Your resolution: Always keep a close eye on your devices and the people around you and no matter what, never share privileged information like passwords with anyone – whether it is a friend, co-worker, or your boss.

Myth #9 – Phishing scams are easy to spot. We’ve all seen examples of how phishing scams can camouflage themselves to appear legitimate, but may leave tell-tale signs to spot, such as misspellings, improper use of the English language, or an obvious redirection of the real company’s URL. However, scammers are becoming more careful and sophisticated. It may not be so easy to spot a phishing email. As an example, customers of a well-known sandwich chain recently had their accounts hacked via a loyalty program scam. In this scam customers received an email asking them to “check the order” from this sandwich chain that they used frequently. Thinking that there was a mixup on an order, or they were about to get free food, customers clicked on the link and the damage was done. This activity launched malware that allowed the scammer to infiltrate their account even further. Your resolution: Know the most common signs of a phishing email but don’t believe that it will protect you 100%. Even the most sophisticated users can fall victim to sophisticated phishing scams. Start with this article from the Federal Trade Commission to learn how to recognize phishing.

Myth #8 – I know a fake call when I hear one. While email “phishing” is an attempt to trick a person into giving up personal information, “vishing” is the same except the method is using a telephone call. The scammer creates a scenario to prey on human emotions, commonly greed, fear, or empathy, and convinces the victim to disclose sensitive information like credit card numbers or passwords. In particular, vishing calls exploit the fact that we’re more likely to trust a human voice — and may target the elderly and technophobic who may be naive and have no experience with these types of scams. Your resolution: Never give out personal information to someone on the phone, even if you feel pressure to do so. You can always tell the caller that you will call back to a published number for the company that they say they represent. An ethical person will never object. Click to see a video of an actual vishing call and how easy it is for a professional visher to elicit confidential information over the phone.

Myth #7 – Social media is safe as long as I only share with family and trusted friends. Of course these treasured friends and family would not do anything intentionally to expose you to fraud. However, when posts are being shared time and time again it is easy for malicious games, click-bait and bogus retail offers to get passed to you innocently. In the first six months of 2020, people reported losing a record high of almost $117 million to scams that started on social media platforms like Facebook, Instagram, Snapchat, and Tik Tok. Your Resolution: Review your social media privacy settings, and in particular what you are sharing publicly. Don’t participate in online games which ask for the month, day or year of your birth, your mother’s maiden name, or the name of your favorite pet. These pieces of information, along with others, can be used to defeat security measures on your accounts and to guess your passwords. Check out this article from the Federal Trade Commission on Scams that Start with Social Media for additional advice on staying safe.

Myth #6 – If I am a victim of identity theft, I will get an alert. Credit Monitoring and Dark Web Monitoring are two of the most common types of alert services that help consumers know if their personal information may be at risk. These services and others are excellent for alerting consumers that their personal information is at risk, sometimes allowing the consumer to get ahead of fraud. However, there are some types of identity theft that even the most sophisticated monitoring can’t detect. The most common is “credit account takeover” where a criminal poses as you and takes over your existing lines of credit. Since this is not a new account, credit monitoring will not alert you to this activity. Another type of identity theft that evades monitoring is synthetic identity theft. In this scenario, the identity thief will use only one part of your identity information, typically your Social Security number, but they will use a different name and address when they apply for credit. This type of fraud sets up a totally different file at the credit reporting agencies. Since this new “synthetic” fake identity does not match your exact name, address, and Social Security number, there will be no alert generated. Your Resolution: Make sure that you have Credit Monitoring and Dark Web Monitoring working to help you stay aware of risks and take action early, but don’t get a false sense of security. You still need to review your account statements often to detect any transactions that you do not recognize. To learn more about protecting yourself from synthetic identity theft see this article from Better Business Bureau.

Myth #5 – It’s no big deal if someone breaches my email. “All I have in there are cat pictures and emails to my child’s teacher. Good luck making something out of that!” For a hacker, email addresses can be priceless. They can use the address itself in spoofing and phishing scams. They can use it to build synthetic identities to open fraudulent lines of credit. Further, they can rummage through your email account and, in between the cat pictures and school e-mails, maybe find a tax return or mortgage application that has your Social Security Number, address, and date of birth – a gold mine for hackers! Your Resolution: Treat your email account like cash, because it can be to a fraudster. Change your password often. And if you get hacked, here is helpful information from the Federal Trade Commission on what to do next.

Myth #4: I use antivirus software so I’m fine. I will know if something bad gets to my device or information. Because antivirus software vendors are almost always playing defense against hackers, using antivirus software will never protect you 100%. And many people download antivirus software and then just forget about it for months, or even years. To stay current, antivirus software needs maintenance and updates, and it needs to remain active on a subscription. Even free antivirus software may have a time limit after which the service ends or it invites you to join a paid service. Plus there are many ways that a fraudster can get your personal information without gaining access to your computer, such as intercepting your online signal while you are using an unsecured Wi-Fi connection. Your Resolution: Check for updates for your antivirus software regularly and make sure that your subscription does not expire. Use caution around email attachments and don’t open an attachment simply because it looks as though it is coming from someone you know. Don’t fall for offers of “free” things on the internet, in particular screen savers, as these could be distributing viruses, adware or spyware. If a window pops up on your computer screen and you are not sure if it is legitimate, close it using the “x” in the upper right corner. Clicking on ANY other button, even “no” or “cancel” may trigger a virus or spyware installation.

Myth #3: I use complex passwords. Password strength only helps if someone is trying to guess your password. While having a complex password is still a good idea, and required by most companies, long gone are the days when a complex password with a certain number of characters and symbols alone was enough to deter thieves from accessing your accounts. Today, cybercriminals have the ability to run billions of password combinations through sophisticated programs. Breaking into an account can take seconds, instead of days or weeks. In addition, criminals most often gain access to passwords through a breach of security of a company, retailer, service provider, government agency, medical facility, school, or other organization. In many cases these companies do encrypt passwords before they are stored, or their level of encryption is not strong enough. This means that criminals can gain access to huge caches of passwords all at one time. Your resolution: Change your passwords often, which is one of the most important security measures that you control. Also, it is important to use different passwords for your various accounts. If a criminal is able to gain access to one of your passwords you don’t want it to provide the universal key to unlock all of your accounts.

Myth #2: My personal information is already out there. It doesn’t make any difference if I am careful. It is true that there have been some very large data breach incidents in the past several years, such as Equifax and the United States Office of Personnel Management, that have exposed the personal information of millions of Americans. In addition, there are hundreds of other smaller data breach incidents each year. But this is the very reason that all of us must be more careful with our personal information, and more vigilant. An identity thief who is intent on “grooming” a stolen identity, that is using the identity for an extended period of time, will look for a victim who is careless with their online and offline habits. Your Resolution: Double-down on those boring habits that make it more difficult for an identity thief to make you their victim. Change your passwords often, don’t use the same username and password combination for all of your accounts, watch your banking and other transaction statements for suspicious activity, take part in Credit Monitoring and Dark Web Monitoring to be alerted when your information may be exposed, and seek professional help quickly if identity theft strikes.

Myth #1: It only happens to other people. I don’t have a lot of money, therefore I am not a target. The Federal Trade Commission’s annual report on fraud, the Consumer Sentinel Network Data Book, was last published in January 2020, and estimates that as many as 9 million Americans have their identities stolen each year. This reports also shows that identity theft occurs in all age ranges, even young children whose identities can be used to establish an alternate identity for illegal purposes. The report also details identity theft by state, which shows that this crime knows no physical boundaries. Economic status is not important to an identity thief. Even if you believe that you do not have enough credit or assets to be a target, your identity information is still worth a goldmine an identity thief. Your Resolution: Stay vigilant. Treat your identity information as you would cash. Share it only when necessary and keep it safe. The irony of this statement is, regardless of the balance in your bank account or the credit limit on your credit card, you are still extremely valuable to criminals.

We are there for you! While it’s important that you know the risks and practice good habits to protect your identity, we want you to remember that Thrive Credit Union has you covered in the event of identity theft. If you are an account holder with Thrive Credit Union, you have access to our Fully Managed Identity Theft Recovery program for only $1.95 per month. Should you feel your identity has been compromised, we have professional Identity Theft Recovery Advocates standing by. These Advocates work on your behalf to help recover and to help you reverse any damage caused by identity theft. Contact us or find out more about your benefits of by visiting our ID Theft Protection site.