There are a number of ways that your personal identity can be at risk. Some are, unfortunately, out of your hands (like a massive corporate data breach), but others are preventable.
We've chosen to focus on how to safeguard yourself against corporate and individual breaches, as well as common scams that are still in circulation. You can always take steps to make sure your personal information is more secure.
Encrypting physical credit cards
At a minimum, all consumers should have chip-based cards. If you have any magnetic-stripe cards remaining in your wallet, contact your issuer and see if they have updated cards available. If it's possible to use a chip instead of swiping your card while shopping, always do so.
The same goes for contactless credit cards or mobile wallets. Both options offer more encryption and thus higher amounts of security than magnetic-stripe systems.
Encrypting online transactions
For the unfamiliar, the letters "HTTP" that comes at the beginning of any web address is short for "Hypertext Transfer Protocol" -- it's the protocol that allows your browser to communicate with a website.
Be sure your web address includes "HTTPS" instead of "HTTP." The "S" stands for secure, and it means that all communication between your computer and the website's server is encrypted and private.
Phishing refers to the act of using fraudulent emails, phone calls, copycat websites -- any form of communication, really -- in order to obtain personal information. The most famous example is the "Nigerian Prince" scam.
How to detect phishing:
- Be wary of urgent communication
- Always call first
- Use two-factor authentication whenever possible
- Keep your software updated
- Always have your information backed up
Scammers often mimic work-related emails, official communications from government agencies, etc. If an email demands a quick response and/or includes a link in the body, check the sender's address for any misspellings -- usually the main giveaway for phishing scams -- and always think before you click.
If a financial institution contacts you, and something seems off, always call their official customer service line before responding.
Also, almost all financial institutions will involve some kind of two-step verification process. Some, like PayPal and Venmo, use an authenticator app on your phone, while banks and credit unions may send one-time-use codes to your phone or email. Be sure to familiarize yourself with each process.
Phishing can also lead to malware or ransomware, so be sure to keep all operating systems, antivirus software, and firewalls updated. And always backup your information -- we recommend performing backups at least once a month to remain current.
Typosquatting is also known as "URL hijacking". Typosquatters purchase domains with the intent of obtaining traffic through common misspellings of major companies.
For example, can you tell the difference between www.lifelock.com and www.Iifelock.com? (The second URL is incorrect, the first "L" in "Life" was replaced with a capital "I.")
Many of the misleading domains are infected with spyware, which can spread to your computer and steal your personal information when you make a purchase online.
How to prevent typosquatting:
- Avoid typos
- Bookmark your favorites
- Use search engines first
- Keep an eye out for grammatical errors
Always be careful if you're entering a web address directly into the navigation bar. It's easy to "fat finger" your way into a domain registered by a typosquatter.
Additionally, you can always avoid typos by entering the name of your destination via Google or another search engine or simply by bookmarking all of your most-visited sites.
If you do end up on a typosquatting site, keep an eye out for seemingly minor grammatical errors -- they could be the key to determining whether the site is legitimate or not.
Telephone scams have a reputation for targeting Baby Boomers, but believe it or not, Millennials are actually more likely to give away personal information over the phone.
While the responsibility for preventing telephone spammers is shifting to cell phone companies instead of individuals, it's still possible to have your personal info stolen by phone scammers.
- Never give out information to a cold caller
- Don't respond immediately
- Wait for a voicemail
- Call the organization
Cold calling scams have grown more sophisticated over the years. With new "Can you hear me?" scams, you'll be greeted with a voice on the other line asking if you're able to hear them. But the call is being recorded, and if you respond "yes", your voice may be captured and used to authorize fraudulent transactions.
And instead of using 800 numbers, scammers are beginning to spoof their target's area code or location.
If you've got a call from a number you don't recognize, let it go to voicemail. Many modern phone scams are made via robocall and won't leave a message if they go to voicemail.
If you receive a call from a number you don't recognize, and the caller leaves a voicemail telling you to call them back, you may be tempted to respond. Before you do, search the organization they represent. Look for reviews, and see if they have an independent customer service line.
You've probably heard about skimming on the news, mostly occurring at gas stations or ATMs. Skimming is still the most common form of a data breach, and they're one of the simplest breaches to set up and one of the easiest to miss.
Skimmers are small devices, either standalone or attached to existing devices, that secretly and instantly copy any credit or debit card information. It's easy for anyone to fall prey to skimmers, but there are a few precautions you can take to protect yourself:
- Always inspect card readers
- Use credit cards over debit cards
- Monitor your accounts
Gas stations and ATMs are such popular skimming targets because their card readers are unattended, and customers aren't paying as much attention as they would during transactions at other retailers.
You should always favor credit cards over debit cards whenever there's a possibility of skimming. Debit cards link more directly to bank or credit union accounts, and with credit cards, there's an extra layer of protection between thieves and your money. Under federal law, you're only responsible for $50 in unauthorized charges taken out of a stolen credit card.
Always keep an eye on your accounts. If you see any unauthorized or unfamiliar activity, be sure to contact your card issuer immediately and freeze your account.
It's always possible to have your identity stolen via the physical theft of your wallet, purse, or credit card. And if you use your phone for banking -- as more than 60% of Americans do -- then the theft of your phone may also put your personal information at risk.
Luckily, the preventative measures for physical theft are still tried and true:
- Keep personal items safe and out of sight
- Destroy unnecessary material that has personal information
- Keep track of incoming material, such as mail
If you're concerned about the potential for thieves to rifle through your mailbox, check out Informed Delivery from USPS. Informed Delivery allows users to receive notifications and pictures of letters and packages that will be arriving in their mail the same day while allowing them to leave special instructions and schedule redelivery.