For only one dollar, someone can buy your stolen identity and use it to open a new credit card account in your name, according to cybersecurity expert Carrie Kerskie, author of Your Public Identity: Because Nothing Is Private Anymore.
Kerskie discussed her tips and best practices for reducing the risk of identity theft during an April 17, 2019, live webinar presentation at the San Francisco office of Yeske Buie, a wealth management and financial planning firm with a second office in Vienna, Va.
Kerskie said that one of the most effective defenses against new account credit card fraud was a credit freeze, which could not only be used to protect adults, but minors as well.
“Once you post it, it stays there until you remove it,” Kerskie told her audience. “Best of all, since December last year, it’s free and has no impact on your credit account—it just prevents new credit accounts from being opened.”
Kerskie cautioned members of her audience that they had to contact all credit reporting agencies, not just the three most well-known ones.
The three major credit reporting agencies are Experian, Equifax and TransUnion. However, Innovis and MicroBilt Corporation, which owns several subsidiaries, also provide credit history data.
Kerskie stressed that members of her audience should write down their PIN (personal identification number) when creating a credit freeze because they would need it to get access to their accounts.
In addition to creating a PIN, Kerskie told her audience that they also had to set up an authentication code and user account. However, she warned them not to do it by text message, which was no longer a secure means of communication. Instead, she advised, clients should use an e-mail message to safely communicate sensitive information, such as user names and passwords, which thieves will seek to steal through any scam possible.
“The bad guys will call your mobile company with their SIM card ID number and ask to transfer your information to it,” Kerskie said. “Once your mobile service is tied to their phone, they’ll get all your phone calls and text messages, including a password reset.”
As a result, Kerskie warned audience members not to use the same password for their e-mails as the one they used for their phone. She said that the best passwords to use were the longest ones possible to create.
“Think of it as a ‘passphrase,’” she said. “And use the maximum amount of words permitted. Then write it down, putting it somewhere you can find it if you need it.”
As a double layer of protection, Kerskie recommended using an encryption key to scramble the letters of a password, and a decryption key to unscramble it.
An encryption key is usually a random string of bits generated specifically to scramble and unscramble data. Encryption keys are created with algorithms designed to ensure that each key is unique and unpredictable. The longer the key constructed this way, the harder it is to break the encryption code.
Kerskie recommended that her audience purchase a portable data storage device with the encryption key program preloaded on it, such as a flash drive that can be inserted into a USB port in a laptop or smartphone.
Kerskie acknowledged that some of the members of her audience might not be as proficient using current technology as others. She indicated that the price for their ignorance could be a costly one.
Contrary to popular belief, Kerskie said, staying off the internet puts people at greater risk of having their identities stolen, not less. Sooner or later, everything about you is going to be reported online if you don’t do it first. For example, she said, if retirees did not set up an online Social Security account, someone else might beat them to it and steal their benefits.
Kerskie said that identity theft threats were everywhere. Anyone who uses public Wi-Fi should beware the dangers of sharing it with hackers, Kerskie said, especially at an airport. Instead, she recommended that members of her audience buy a portable hot spot from their mobile carrier.
A mobile or portable hot spot is a small personal device that creates a small area of Wi-Fi coverage that connects nearby Wi-Fi devices to the internet.
Kerskie also cautioned against using a public charging station to recharge your personal electronic devices. Instead, she said, clients should buy a portable power stick or backup charger that they can bring with them to recharge their devices. But they shouldn’t plug any device with personal data on it into a USB port that isn’t their own.
“Convenience and privacy don’t live in the same space,” Kerskie said.
According to Kerskie, anyone renting a car is just as much at risk of identity theft since many vehicles now enable the driver to connect his or her smartphone to it via Bluetooth technology.
Kerskie said that before turning in a rental car, all personal data stored on it should be removed. Once turned in, she cautioned, there is no way to retrieve personal contacts stored in a rental car.
The most important advice Kerskie had for her audience was the easiest to follow—when a scammer calls, just hang up.
“You don’t have to be nice to these people,” she said.