your Social Security number has been exposed, you’re
the bad guys know your address, driver’s license
number and age along with your Social Security number,
the risk is even worse.
that a massive data breach at Equifax has compromised
that data for nearly half of Americans — essentially
giving away the keys to their identities — some
individuals and businesses could have money stolen from
their accounts, according to security experts. It’s
just a matter of time before the crimes show up.
is a new era," said Neal O’Farrell, executive
director of the Identity Theft Council. Because the data
stolen from Equifax was so massive and extensive,
"now you must assume the bad guys have
are steps consumers can take to protect their identities
and their financial accounts. Chief among them:
reviewing the security measures on the financial
accounts you hold.
one way to know if your accounts are vulnerable: When
you access your bank statement, brokerage account,
medical records or even when you file your taxes, are
you asked to verify your identity by providing your
Social Security number or the last four digits of your
Social Security number?
so, you are extremely vulnerable, because the thieves
have the Social Security numbers," O’Farrell
also need to be more attentive to the layers of
authentication and the passwords they use for their
online accounts. Although many consumers hate the
multistep authentication processes and the hassle of
remembering passwords, such practices are now essential,
means you should expect banks to send messages to your
phone and email to confirm your identity each time you
want to withdraw or transfer funds, O’Farrell said. At
some banks, this is standard procedure, but if it’s
optional, you should still take advantage of the
requesting that verification come to both your phone and
email, you are protecting yourself from criminals who
may already have one of those pieces of information, O’Farrell
selecting passwords, avoid using names and information
thieves may be able to discover about you by stalking
you on social media or hacking into your email account.
This means not using names of pets, relatives or
anything that could be traced back to items you’ve
posted on social media. When setting up answers to the
security questions you’ll use to verify your identity
when accessing online accounts, lie about the answers.
should also brace for a wave of phishing scams.
said one of the biggest risks in the wake of the Equifax
breach is that criminals know consumers are fixated on
credit monitoring and freezes. He expects criminals to
capitalize on that by sending emails that appear to be
from Equifax or financial institutions. The emails will
look legitimate, but will direct consumers to a
fraudulent website or otherwise convince them to divulge
personal financial information. With that data,
criminals could fill in the gaps left in the trove
collected in the Equifax breach, and get more
information that will allow them to get into your
criminals are smart people," O’Farrell said.
"They know that a lot of people now are signing up
for credit monitoring services, so they may wait for a
year." Then they will send phony emails that look
like they are legitimately selling an extension of the
you receive a suspicious email, don’t call the phone
number provided in the message. Instead, look up the
number and directly call the bank or credit card company
the email purports to be from to see if there is a
legitimate fraud concern.
on the links in some fraudulent emails could also expose
you to spying software, known as malware, that can
penetrate your passwords and make it easier for thieves
to gain entry to your accounts. As protection from
malware, O’Farrell suggests buying an extra computer
to use only for banking; not for the email accounts you
regularly use for fun and work.
is no need to shut down your existing accounts if you
think your identity has been stolen. Unfortunately, with
breaches common, this makes little sense unless you know
someone has attempted to tap a particular account.
the smart approach is to watch activity in all your
accounts, said Adam Levin, chairman and co-founder of
the identity protection firm CyberScout. Each week, if
not daily, you should look at the activity in your bank,
brokerage and credit card accounts.
up alerts so that your bank sends a message to your
phone, emails you or calls you instantly if someone is
using your ATM card, making a sizable purchase or
transferring money out of your account. Alerts are
offered free by many financial institutions, but you
must request them. If you spot an illegitimate
transaction, immediately let your bank know.
in mind that fraudsters often try to slide under the
radar by making numerous small purchases instead of one
big, eye-catching one, so don’t ignore any.
time goes by, you may become more vulnerable rather than
less, as the criminals expect you to let down your
guard, O’Farrell said.
risks won’t disappear unless the Equifax breach serves
as a wake-up call and businesses and government agencies
start using ways other than your Social Security number
to identify you.
institutions have made changes in recent years to guard
against identity theft by tightening up their
authentication methods. For example, Medicare cards are
about to be changed so they no longer display Social
Security numbers. And the new iPhone X being introduced
this fall will let users identify themselves by sending
banks and other businesses a view of their face,
although businesses will have to be equipped to take
such an ID and consumers will have to be willing to
spend $999 on the device. Still, widespread changes in
authentication methods are expensive and probably a long