America is enduring a data breach epidemic. As 2013 ended, the federal Bureau of Justice Statistics released its 2012 Victims of Identity Theft report. Its statistics were sobering. About one in 14 Americans aged 16 or older had been defrauded or preyed upon in the past 12 months, more than 16.6 million people.
Just 8% of those taken advantage of had detected identity theft through their own vigilance. More commonly, victims were notified by financial institutions (45%), alerts from non-financial companies or agencies (21%), or notices of unpaid bills (13%). While 86% of victims cleared up the resulting credit and financial problems in a day or less, 10% of victims had to struggle with them for a month or more.
Consumers took significant financial hits from all this. The median direct loss from cyberthieves exploiting personal information in 2012 was $1,900, and the median direct loss from a case of credit card fraud was $200. While much of the monetary damage is wiped away for the typical victim, that isn’t always the case.
Tax time is prime time for identity thieves. They would love to get their hands on your return, and they would also love to claim a phony refund using your personal information. In 2013, the IRS investigated 1,492 identity theft-linked crimes – a 66% increase from 2012 and a 441% increase from 2011.
E-filing of tax returns is becoming increasingly popular (just make sure you use a secure Internet connection). When you e-file, you aren’t putting your Social Security number, address and income information through the mail. You aren’t leaving Form 1040 on your desk at home (or work) while you get up and get some coffee or go out for a walk. If you just can’t bring yourself to e-file, then think about sending your returns via Certified Mail. Those rough drafts of your returns where you ran the numbers and checked your work? Shred them. Use a cross-cut shredder, not just a simple straight-line shredder (if you saw Argo, you know why).
The IRS doesn’t use unsolicited emails to request information from taxpayers. If you get an email claiming to be from the IRS asking for your personal or financial information, report it to your email provider as spam.
Use secure Wi-Fi. Avoid “coffee housing” your personal information away – never risk disclosing financial information over a public Wi-Fi network. (Broadband is susceptible, too.) It takes little sophistication to do this – just a little freeware.
Sure, a public Wi-Fi network at an airport or coffee house is password-protected – but if the password is posted on a wall or readily disclosed, how protected is it? A favorite hacker trick is to sit idly at a coffee house, library or airport and set up a Wi-Fi hotspot with a name similar to the legitimate one. Inevitably, people will fall for the ruse and log on and get hacked.
Look for the “https” & the padlock icon when you visit a website. Not just http, https. When you see that added “s” at the start of the website address, you are looking at a website with active SSL encryption, and you want that. A padlock icon in the address bar confirms an active SSL connection. For really solid security when you browse, you could opt for a VPN (virtual private network) service which encrypts 100% of your browsing traffic; it may cost you $10 a month or even less.
Make those passwords obscure. Choose passwords that are really esoteric, preferably with numbers as well as letters. Passwords that have a person, place and time (PatrickRussia1956) can be tougher to hack.
Check your credit report. Remember, you are entitled to one free credit report per year from each of the big three agencies (Experian, TransUnion, Equifax). You could also monitor your credit score – Credit.com has a feature called Credit Report Card, which updates you on your credit score and the factors influencing it, such as payments and other behaviors.
Don’t talk to strangers. Broadly speaking, that is very good advice in this era of identity theft. If you get a call or email from someone you don’t recognize – it could tell you that you’ve won a prize, it could claim to be someone from the county clerk’s office, a pension fund or a public utility – be skeptical. Financially, you could be doing yourself a great favor.