Q: A friend of ours had his identity stolen when he clicked on a link in an email he thought was from his bank, but wasn’t. How can we be more careful to be sure we’re not putting our own information at risk?
A: Identity theft affects millions of Americans each year. And while it’s nearly impossible to protect all of your information all of the time, this article can help you learn the risks, and give you some ideas on how you can better protect your sensitive data from cybercriminals.
Recognizing and avoiding online scams
According to the Identity Theft Resource Center, the number of U.S. data breaches hit a new high in 2017. Nearly 20 percent of breaches included credit- and debit-card information, a nearly 6 percent increase from the prior year. The actual number of records included in these breaches grew by a dramatic 88 percent.1
This crime occurs when a thief obtains confidential information — including passwords, personal identification numbers, Social Security numbers or an account number used with a financial institution — and uses it to commit fraud. Identity thieves use a victim’s stolen information to open bank and brokerage accounts, run up bills for credit card purchases, obtain loans and commit other forms of financial fraud.
Criminals obtain a victim’s personal information in a number of ways — both online and off. But as incidents of identity theft increase, so too does the arsenal of tools and sophistication level of techniques used to perpetrate the crimes.
Cybercrime: A rapidly shifting model
Although online crime is a fast-moving target, currently, the primary methods used by identity thieves are social engineering and phishing — or typically a combination of both.
As the term implies, social engineering relies heavily on human interaction and often involves tricking unsuspecting victims into breaking normal security procedures. In short, it is a way for criminals to gain access to your computer or mobile device and the sensitive personal data it stores. For instance, a social engineer may use text messaging to contact a mobile device inviting the user to click on a link to a bogus website where the thieves collect user credentials and other personal information.
Similar results can be achieved through a phishing attack, in which the criminal uses email to lure victims to fake websites and then gain access to their passwords and usernames, credit card numbers and other key data. Phishing emails often appear to be from a legitimate company that the victim recognizes.
In yet another instance, attackers may inject infected “malicious” code onto your computer via email attachments, links contained in emails, infected search engine results or through videos and documents on legitimate websites, particularly social networking sites. In the mobile device world, criminals can corrupt a legitimate smartphone app and upload it to a third-party site. If users innocently install the app, they expose their devices to assaults by hackers who collect personal user data, change device settings and sometimes control the device remotely.
Don’t be a victim
In today’s 24/7/365 world, it is nearly impossible to secure all sources of personal information that may be “out there” waiting to be intercepted by eager thieves. But you can help minimize your risk of loss by following a few simple hints offered by the Federal Bureau of Investigation (FBI):
• Never divulge your credit card number or other personally identifying information over the Internet or telephone unless you initiate the communication.
• Reconcile your bank account monthly, and notify your bank of discrepancies immediately.
• Actively monitor your online accounts to detect suspicious activity. Report unauthorized financial transactions to your bank, credit-card company and the police as soon as you detect them.
• Review a copy of your credit report at least once each year. Notify the credit bureau in writing of any questionable entries and follow through until they are explained or removed.
• If your identity has been assumed, ask the credit bureau to add a statement to that effect to your credit report.
• If you know of anyone who receives mail from credit-card companies or banks in the names of others, report it to local or federal law enforcement authorities.
Finally, be very wary of any email or text message expressing an urgent need for you to update your personal information, activate an account or verify your identity. Practice similar caution with email attachments and downloadable files and keep your computers protected with the latest security updates and virus protection software.
1”Identity Theft Resource Center, 2017 Data Breaches, 2018.
Jeremy R. Gussick is a CERTIFIED FINANCIAL PLANNER™ professional affiliated with LPL Financial, the nation’s largest independent broker-dealer.* Jeremy specializes in the financial planning and retirement income needs of the LGBT community and was recently named a 2018 FIVE STAR Wealth Manager as mentioned in Philadelphia Magazine.** He is active with several LGBT organizations in the Philadelphia region, including DVLF (Delaware Valley Legacy Fund) and the Independence Business Alliance (IBA), the Philadelphia Region’s LGBT Chamber of Commerce. OutMoney appears monthly. If you have a question for Jeremy, you can contact him via email at [email protected].
Jeremy R. Gussick is a Registered Representative with, and securities and advisory services are offered through LPL Financial, a Registered Investment Advisor, Member FINRA/SIPC.
This article was prepared with the assistance of DST Systems Inc. The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual. This communication is not intended to be tax advice and should not be treated as such. Please consult me if you have any questions.
Because of the possibility of human or mechanical error by DST Systems Inc. or its sources, neither Wealth Management Systems Inc. nor its sources guarantees the accuracy, adequacy, completeness or availability of any information and is not responsible for any errors or omissions or for the results obtained from the use of such information. In no event shall DST Systems Inc. be liable for any indirect, special or consequential damages in connection with subscribers’ or others’ use of the content.
© 2018 DST Systems, Inc. Reproduction in whole or in part prohibited, except by permission. All rights reserved. Not responsible for any errors or omissions.
*As reported by Financial Planning magazine, June 1996-2018, based on total revenues.
**Award based on 10 objective criteria associated with providing quality services to clients such as credentials, experience, and assets under management among other factors. Wealth managers do not pay a fee to be considered or placed on the final list of 2018 Five Star Wealth Managers.