You Give Your Personal Info to Anybody That Asks for It
Oh boy! The nice man on the phone says you may have already won a Hawaiian vacation, all you need to do is provide some basic verification information — your name, address, mother’s maiden name, blood type and a few other details — and he’ll send the plane tickets post haste. What could possibly go wrong?
Phone scams like this, wherein a thief calls you posing as a bank, government agency, or legitimate business and pumps you for personal identifying information (PII) with promises of fabulous prizes and rewards are nearly as old as the telephone itself.
Instead: Be cynical. Never give out PII over the phone unless you’ve initiated the call. If someone calls offering a reward too lucrative to pass up, ask them to send you a written application form. Or if the caller claims to be from, say, your bank, hang up, call the company’s customer service line (usually found on the back of the ATM card and on the company’s website) and independently verify that the call was legit before handing over your info.
The same goes for in-person information requests — be vigilant when your HR department or doctor’s office asks for sensitive information. Don’t hesitate to inquire about what the information will be used for and what happens if you refuse. It certainly can’t hurt.
You Actually Respond to Spam
Who wouldn’t want “Cheep C1alis to make her love you long boom” and a seven-digit inheritance from a long-lost relation that just so happens to be Nigerian royalty? Hopefully you. These email-based phishing attacks are no better than the phone-based social engineering scams that preceded them but, luckily, are just as easy to see through. If you don’t recognise the sender, the text is garbled or if anything else seems fishy, simply mark the message as Spam in your email client and move on.
While low level scams like the Nigerian Price are identifiable by their bountiful spelling, grammar and syntax errors, more sophisticated schemes are harder to spot. They may mirror the corporate letterhead of popular social services, shipping companies, banks, or government institutions to appear legitimate or use threats to coerce you into following a blind link. But no matter how authentic they may first appear, you can still spot the fakes with a bit of scrutiny. Be wary of any request for personal information. Reputable businesses already have your PII on file and therefore have no reason to ask for it again. Also, if a suspicious message demands you verify login data at a linked website, mouse over the hypertext without clicking and compare the two addresses — if they don’t match, bail.
The same goes for social networks. Not only should you be sparing in the amount of personal information you post and how openly you share it, never follow the blind links in messages from people you don’t know in real life. Yes, I’m sure “Rebeccah” is going to do all sorts of nasty shit to her webcam — while her website injects some equally nasty malware into your browser and compromises your computer’s security.
Instead: You’ve heard this before, but regularly change your passwords and make sure those you use are sufficiently robust. This isn’t 1997, mind you — God, Love, Sex, and your dog’s name simply don’t cut it anymore. Instead, come up with a catchy mnemonic phrase like, “Well shit, if it’s gonna be that sort of party, I’m gonna stick my finger in the mashed potatoes.” You know, something easy to remember. Then create an acronym from it, WSIIGBTSOPIGSMFITMP, and replace the vowels with numbers to create a highly secure, impossible-to-guess super password: WS11GBTS0P1GSMF1TMP. Your passphrase doesn’t need to be this long of course, but should be at least eight words in length.
You Shred Nothing
Once your rubbish is out on the curb, it’s fair game for anybody willing to rummage around for it. In fact, the practice of dumpster diving, retrieving PII and personal documents from the garbage, is a common tool for identity thieves.
Instead: Invest in a pair of file shredders — one for your paper documents and one for your electronic ones. Cross-cut shredders provide a more secure means of eliminating your paper trail by slicing and dicing sensitive documents into confetti, which makes them much more difficult to reassemble than a basic slice-cut shredder. Every document you dispose of that displays more than your name and home address needs to go through the shredder before going in the trash. That includes “preapproved” credit cards, medical bills, the labels off of prescription bottles, receipts, credit card and bank statements. Similarly, programs like CCleaner or Eraser for Windows and Permanent Eraser for OSX, are all very effective at destroying and overwriting your digital documents as to render them unrecoverable.
You Never Check Your Credit
What, it’s not like you’re buying a car or house anytime soon. Why bother checking your credit score for accuracy? Because, ya dummy, your credit report bears record of all your current and past charge accounts as well as your payment history with each.
Instead: By keeping an eye on your credit report as well as your monthly bank and credit card statements, you’ll be able to catch any incorrect information before it becomes an issue and nip any fraud in the bud.
If even following these tips, you find yourself the victim of identity fraud, get off your arse and fix it — like now — before your finances and reputation are left in ruin.
Image: Carlos A. Oliveras / Shutterstock