Many identity thieves have an unwitting accomplice: You.
If you’re like a lot of people, you have some habits that make thieves’ jobs a lot easier.
“I think honest people don’t think about what dishonest people would do,” says Mari Frank, an attorney, privacy consultant and author of “The Complete Idiot’s Guide to Recovering from Identity Theft.”
“They’re not stupid,” Frank says. “But they’re too trusting.”
The bad guys want to exploit your good nature. To do so, they need you to be kept in the dark about how you expose yourself to harm.
Make the job tougher for scammers, con men and identity thieves by learning these 8 things they don’t want you to know.
FREE TOOL: Check your credit report today with myBankrate.
The Bankrate Daily
2 of 9
Your Social Security card is easy to steal
Tetra Images/Getty Images
“You want to stop carrying your Social Security card,” says Eva Velasquez, president and CEO of The Identity Theft Resource Center in San Diego.
The reason: It makes it that much easier for someone to get their hands on it. And that card amounts to “the keys to the kingdom,” she says. “There’s no reason you need to have it with you at all times.”
If you’re doing something that requires the card — like starting a new job — take it out of your purse or wallet when you get home.
Keep things like Social Security cards, birth certificates and passports in a secure location — a cabinet or drawer with a lock on it, Velasquez says.
And “make sure you secure your Social Security number,” says John Krebs, an attorney in the privacy and identity protection division of the Federal Trade Commission. Don’t automatically give it out whenever you’re asked.
While your bank may need it, your doctor and dentist don’t.
3 of 9
Discarded personal docs are full of info
Jonathan Kitchen/DigitalVision/Getty Images
Just because thieves have gone virtual doesn’t mean you can abandon security in the real world.
“Paper theft still occurs, mail theft still occurs, Dumpster-diving still occurs,” Velasquez says.
Before you toss anything that contains personal information, shred it. That includes old bills, tax returns, prescription medication bags and labels, and electronic boarding passes, she says.
Even paperwork that may “seem innocuous” can cause you harm, Velasquez says, because many of those items have bits of your personal information — your address, a doctor’s name or an insurance number — encoded into them.
“Think of your identity as a puzzle,” Velasquez says. “And the more pieces someone has, the more damage they can do.”
Indeed, disposing of personal documents you no longer need (provided you shred them first) is a good way to prevent identity theft, Krebs says. And it beats leaving those papers lying around unsecured.
If you use one of the top 25 bad passwords — like “password” — to log on to websites or secured computers, you’re making it “really easy” for thieves, Velasquez says.
Using a pet’s name (or some other personal detail) as your password — especially when you post pictures of Fido or Fluffy on social media — also is a no-no.
In general, single words make bad passwords. Criminals have programs that can run through every word in the dictionary in a matter of seconds, Velasquez says.
Strengthen passwords by making them longer and throwing in a few capitals and digits. Use a favorite phrase to make them unique.
Take special care crafting passwords for accounts that are linked to credit cards or that access banking or financial services, Velasquez says.
A related risk: Using the same password for multiple accounts.
You might give a friend your password for an online magazine. But if it’s also the password for your online bank, you’re handing over more than you intended. Or, if you use the same password for everything and an ID thief manages to hack a non-essential account, he’s now got free access to the things that matter.
“Public Wi-Fi is an issue when you’re sending personal information,” Krebs says.
One of the biggest dangers is a so-called man-in-the-middle attack — where a criminal manages to lurk electronically and view your data just before it’s encrypted and sent to your intended recipient, he says.
Even if you don’t understand how it all works, the upshot is simple: “On public Wi-Fi, it’s possible for someone to see that information,” Krebs says.
Instead, wait to do banking or shopping until you can use a secured connection through your carrier’s network or your own home router, he says.
And when you’re shopping, banking or sharing personal information, make sure the site is encrypted, Krebs says. The clue: Look for “https” instead of “http” in the URL.
6 of 9
You trust too much
Just One Film/Stockbyte/Getty Images
“You want to be aware of online impersonators,” Krebs says. “Fraudsters and thieves use email to get your personal information.”
Let’s say, for example, you get an email from your bank alerting you to a problem with your account. It asks you to use the link provided to log in and check your account or verify your information.
The problem: The email is from a criminal, not your bank. And the link will take you to a site that looks like the bank but, in reality, captures your information when you enter it, says Krebs.
Con men also try similar scams by phone.
“If you didn’t initiate the communication, be wary,” Krebs says. Hang up, look up the phone number or website yourself — and use that contact information.
Then you can find out what’s really going on without a potential con man trying to steer you.
Even with privacy settings cranked up, it pays to be careful what you share, Frank says.
So skip mentions of your pet — especially if you used its name in your passwords, she says.
Ditto the details of your upcoming vacation or regular schedule. Or the travel plans and schedules of other friends and family members,
Be careful that your photos don’t reveal too much — like street numbers or local landmarks that could help someone find your home. Likewise, disable the geolocation features on your camera before you take photos you want to post.
And be cautious with kids and social media, Frank says. “They will give things away.”
Give that same scrutiny each month to your credit card bills. Are all the charges yours? Were you billed twice or over-billed for anything? And are there any mystery charges (even small ones) that you don’t recognize?
If you’re using your computer, tablet or smartphone for banking or shopping, it’s time to start treating it like the repository of sensitive data that it really is.
A few pointers:
Use anti-virus, anti-malware and anti-spyware software, Krebs says, and keep it updated.
Never shop online with a debit card or link one to an online account, Frank says. “That’s probably the most dangerous thing you can do.”
Guard against low-tech spying, too. If you’re using devices in public places, consider getting a privacy screen, says Frank, who uses them on airplanes. Even if someone is “sitting next to me, they can’t see.”
When you send encrypted files, protect the pass codes, Frank says. Too many times, people encrypt files, then send the decrypting keys over email. Better idea: Call instead.
And be skeptical regarding unexpected attachments from “friends” or “co-workers” — they could easily be bogus, Frank says. Call first to see if they’re genuine. Or do what Frank does: Forward it to your friend with a note asking if they actually sent it.
And before you dispose of that device, avail yourself of one of the many programs or tools to eradicate any sensitive information that’s left, Krebs says.