Worried About Heartbleed? Here’s What to Do

By now, you’ve probably heard about Heartbleed, the security vulnerability that affects more than 66 percent of the sites on the Internet. Heartbleed is a vulnerability in the OpenSSL software that is popular for web site encryption.

While it’s tempting to swear off the Internet forever, that’s probably not a viable option. Instead, it makes more sense to be careful about how you use the Internet, and take steps to protect your information and your identity. Here’s what to do if you are concerned about Heartbleed:


Don’t Panic

First of all, don’t panic. The Heartbleed vulnerability only allows someone to grab 64k of data at a time. But here’s the thing: It’s only random data. The person exploiting Heartbleed can’t choose which data to grab. Of course, different data can be grabbed from the server over and over again, and the exploiter is bound to come up with something “good” at some point.

From the NSA to hackers, the Heartbleed vulnerability has been available for more than two years. While some of your information might be out there, and your identity might be compromised, you don’t want to over react. Take a step back, avoid panicking and move forward.

Find Out Which Sites are Vulnerable

Next, you need to figure out which sites are vulnerable to Heartbleed. A number of sites have already fixed the problem, so it might not be an issue. Unfortunately, you can’t rely on the old methods of determining web site security to find out if there is a Heartbleed problem.

The good news is that there are lists and web apps that can help you check for Heartbleed vulnerability, letting you know if something needs to change. You can also read this helpful guide from IT World, which takes you beyond the lists and apps, which might not always be completely accurate.

You can also install a plug-in from Chrome or Firefox to help you identify sites vulnerable to Heartbleed as you surf.

Find out which of your heavily used sites are vulnerable, and then go from there.

Password Rotation

You will need to change your passwords on sites that are vulnerable to Heartbleed. However, realize that this doesn’t do you much good until after the site has updated its OpenSSL to reflect the fix. Until the site itself has updated, changing the password won’t help much.

Once the site is updated, you need to change your password. One of the best things you can do is to use different passwords for each site. This is because many hackers know that consumers often use the same username/password combo on multiple sites. Cracking one could open up your entire life. Don’t let that happen.

Good password practice is to choose a different password for each site. If you don’t want to try to keep track of them all, identity theft tools like password managers can help you keep different passwords without having to memorize them all, or hunt them up on a piece of paper.

In any case, you should rotate your passwords regularly, at least every six months, for maximum security and identity protection. Even without Heartbleed threatening your identity, you should pay attention to your passwords and change them regularly.

Keep Tabs on Your Credit Report

Finally, make sure that you keep tabs on your credit report in order to catch potential identity theft. This is a good idea anyway. Watching your credit report can send up red flags if your identity has been stolen and someone is opening fraudulent accounts.

You can keep watch on your credit situation with the help of free resources, as well as paid resources that can monitor your credit for you, and send regular reports.

You should be concerned about Heartbleed, and you should pay attention. However, you shouldn’t panic. Take appropriate steps to safeguard your information, and focus on good password practices, and you should be able to weather the storm.

You Shouldn’t Need to Write Your Credit Card Number

Last week, I was on vacation with my son in San Diego. We had to go to the mall to replace the recharging cord for my phone. While we were on our way back to the hotel, a young activist approached us, looking for a donation to his cause. I agree with his cause, so I was on board with making a one-time donation with my credit card.

Things changed, though, as I started filling out the form he provided. When I got to the payment part, I was expected to enter write out my credit card number and expiration date.

Credit Card Number

I asked if there was another way to pay. While I don’t doubt the activist’s furor, and I think he would probably do what he could to protect this sensitive financial information, I just didn’t feel comfortable writing out my credit card number on a form at a mall fundraiser. I felt bad that I had started to fill out the form before reading everything through, and I felt bad I wasn’t going to be providing a donation after all.

But providing that information on a random form, with the opportunity for theft at any turn, just didn’t appeal to me. I probably spend too much time writing about money, credit, and identity theft.

However, activists and others don’t have to rely on people being willing to share their credit card details. From small business owners to independent artists to just about anyone else, it’s easy to transfer money without the need for a lot of personal financial details.

Alternatives to Sharing Your Credit Card Number

There are plenty of options when you have a smartphone. Card reading apps like Square and PayAnywhere are increasingly common, and you can get the card reader for free without too much trouble. A customer can swipe the card, choose whether or not to pay a tip, and move on. It’s quick and easy, and your data remains safer than if you write out your credit card number on an unsecure form.

When I mentioned Square to the activist, he said that many of the people working for the cause couldn’t afford smart phones. While that is a setback in terms using a card reader setup, the reality is that Square isn’t the only option.

There are person-to-person payment options these days, like PopMoney. If you accept payment via these types of service providers, you don’t have to ask for personal information; just have the person paying send you the money via text. No smartphone needed.

It’s also possible to facilitate these types of transactions with the help of PayPal, Dwolla, and other similar systems. Once, at an art festival, I bought something from a local artist, and I paid for it with PayPal. It was quick, easy, and there was no need for me to write down my credit card information.

With money increasingly digital, there are a number of ways to protect your credit card number and still pay for just about anything. While I sympathize with the activist’s cause, I wasn’t about to expose my personal financial information in that way. There are plenty of other options that don’t cost much, and that can make things convenient for everyone – and reach customers and donors in a way that allows them to remain comfortable with the transaction.

You can’t be too careful with your financial information. Just as you may not be comfortable with providing your Social Security number to others, you may not feel comfortable providing your credit card information. If you are worried about the situation, don’t give up the information.

And, small businesses and activists can help out, too. There are a number of alternatives to asking people to write down their credit card information. If my school’s PTA can get on board with these alternatives, I’d think young, tech-savvy activists could as well.

Use Your Credit Report to Catch Identity Theft

You might be surprised to learn that your credit report can help you catch identity theft. One of the tools in your arsenal, when it comes to addressing identity fraud, is the frequent checking of your credit report. Your credit report is more than a list of your accounts; it can also be a red flag.

Catch Identity Theft

When your identity is stolen, the fraudster is likely to use your information to open new accounts. These fraudulent accounts will appear in your credit report.

catch identity theft

If you want to catch identity theft early on, you need to regularly check your credit report. You can get help in that area by going to AnnualCreditReport.com for the free report you are entitled to each year from each of the major credit reporting agencies.

Go through the information in the report, keeping an eye out for accounts that you know you didn’t open. If you see accounts that aren’t yours, you need to let the credit reporting agencies know. Call them, and then follow up in writing.

It might be necessary to place a credit freeze on your account if you are concerned that it could happen again. With a credit freeze on your account, you will be notified before a new account can be opened using your information. That can prevent another situation in which your identity is stolen and used to open credit in your name.

You might just red-flag your account as well, instead of placing an all-out freeze on the account. With the red flag, lenders are supposed to take extra steps to ensure your identity before opening an account in your name. It doesn’t always work as effectively as a credit freeze, though.

Even if you place a freeze on your account or have it red flagged, it still makes sense to keep tabs on what’s happening with your account. The good news is that there are plenty of web sites where you can keep tabs on your credit for free. While it’s not the same as looking at a full credit report, it can still be helpful, since you can usually see when something new pops up, and identify changes to the situation.

Your credit report is your first line of defense when you want to catch identity theft early on. Regular attempts to keep tabs on your report, and what’s in it, will allow you to identify problems quickly and move to take care of them.

Fraudulent Charges: Check Your Account Statements

While you do want to check your credit report regularly in order to identify fraudulent accounts, you also need to keep up with your account statements to make sure that you can see fraudulent charges.

While your credit report can help you catch identity theft as it relates to new, fraudulent accounts, it won’t provide you with information on fraudulent charges. For that, you need to check your accounts regularly. Go through your bank and credit card account statements on a regular basis so that you can see what’s happening with your purchases.

Sometimes, instead of opening a new account in your name, an identity thief will just take information about your credit cards and make purchases with that information. You will want to catch that type of identity theft early on and dispute the charges. If you catch it early enough, you can get your zero liability fraud protection in full, and avoid being responsible for the charges.

Bottom Line

Your credit can be an indicator that your identity is being tampered with. You need to keep track of what is happening with your credit, and be sure that you are on top of the situation. Check your credit report every three or four months to see if there are fraudulent accounts. Check your account statements each month for fraudulent charges. You can even use the Internet to check your account charges more frequently, if it makes sense for you.

There is no way to completely prevent identity fraud; it is only with vigilance that you can expect to catch identity theft.

How to Tell if a Website is Secure

One of the best things you can do to protect your identity while shopping online is to make sure that you are using a secure website.

While there is no full-proof way to keep your identity safe, you can reduce the chances that your identity will be stolen when you take appropriate precautions. Shopping online is convenient and usually safe — as long as you make sure you are on a secure website.

Before you enter your credit card information and other personal information, make sure you are on a secure page with the help of these indications:

website is secure

Address Bar

One of the easiest ways to see if you are on a secure website is to look at the address bar. Does it read “http” or “https”? The secure version should have the “s” at the end of “http.”

When you first start shopping on a website, it might not be secure. That’s usually not a problem. It really matters when you are ready to check out. As you switch to the page that requires you to enter payment information, you should watch for the addition of the “s.” If it doesn’t show up, don’t enter your sensitive information; it might not be secure.

You should also check for the “s” when you prepare to enter login information. This will reduce the chances that your user ID and password will be compromised. Remember that you want to protect your user ID and password just as much as you want to keep your payment information as safe as possible.

Lock Icon

Another thing to watch for near the address bar is a lock icon. This is a simple icon that looks like a padlock. If the website is secure, the lock will be shut. However, if the page you’re on isn’t secure, the padlock will be open. Get used to checking for the icon in order to identify secure pages. Don’t enter any personal information that you want kept private until you see that locked icon.

You can also click on the icon to make sure that that it is legitimate. In some cases, fraudsters try to build websites that imitate some of the icons, using graphics that look like padlocks. You can click on the icon to see the security information about the site. If there isn’t security information, or if there isn’t the letter “s” in the “http” portion of the address, that could be an indication that you are on a fraudulent site.

Third-Party Verification

There are companies that verify the security and legitimacy of websites, granting a seal to the sites that comply. Two of the most common seals you are likely to see are eTrust and VeriSign.

Once again, just looking for an official looking graphic isn’t a sure way to make sure that you are on a truly secure website. However, if you combine your search for third-party verification with the address bar and lock icon, you are more likely to determine if the website is secure. These third-party verifications can offer you peace of mind, and indicate that the website keeps up-to-date with the latest online security practices.

These seals are difficult to duplicate, but that doesn’t mean that it isn’t possible. Take precautions by checking other aspects of the website to ensure that you are on the right track for a secure browsing experience.

Leave the Site if You Aren’t Sure

If you think something looks “off,” or if you are uncomfortable with the information that is being asked of you, leave the site immediately.

Don’t enter information into a site that you aren’t sure of. You want to feel confident about the situation, and if you don’t, go with your gut and leave.

No matter how hard a retailer or website operator tries, though, there is a chance that you will be a victim of a data security breach, or that some issue will arise. Pay attention to these situations, and make sure to change your password regularly. Also, try to avoid using the same login information for multiple sites.

Another strategy is to use one card for all of your online shopping. That way, if one card is compromised, you aren’t trying to fix the problem on multiple cards.

With a little extra vigilance, it’s possible to reduce the chances that an insecure website will result in identity theft.

Protect Yourself Against Identity Theft with these 5 Tools

When it comes to your identity, it’s important to protect yourself. The good news is that there are plenty of ways to shield your identity against fraudsters. Here are 5 tools that can help you reduce the chances that identity theft will get the best of you:

identity theft

1. 1Password

First of all, one of the best things you can do is have a variety of strong passwords protecting your information. Many consumers don’t like to have a lot of different passwords, instead preferring to just remember one password instead of several.

Unfortunately, this can make it easy for fraudsters to access multiple accounts. If you want to limit the damage from identity theft, you need different username/password combinations for all of your accounts. That way, stealing information for one account won’t result in compromising all of your accounts.

You can use 1Password to create strong passwords and store them in a secure way. You only have to remember one password, and this app takes care of the rest. It’s a simple solution that protect all of your accounts with different passwords.

2. AnnualCreditReport.com

This is the web site set up to allow you access to one free credit report each year. AnnualCreditReport.com allows you to get a credit report from each bureau once a year for free. You can spread it out so that you get one report from each every four months. Checking your credit report regularly can help you catch fraud early, and stop it from going further.

Just paying attention to your credit report is one of the best remedies for identity theft. If three times a year isn’t enough, you can pay to access your credit report, or you can get access through free credit information sites like Quizzle.

3. Online Account Management

If your bank and credit card issuers off online account management, take advantage of it. Sign up, and then log in at least two or three times a month. This way, you can keep track of transactions and identify potential problems.

Rather than waiting for statement delivery, you can be right on top of any issues that crop up. Use online account management to monitor your transactions and then report fraudulent transactions.

You can also use personal finance apps that automatically track your accounts. Check in with what’s happening, and you can avoid problems down the road, taking care of issues quickly.

4. Credit Monitoring Services

You can also take advantage of credit monitoring services. There are a number of them out there, and they can help you stay on top of changes to your credit situation.

Each of the three major credit bureaus offers credit monitoring. Additionally, there are a number of credit monitoring and identity services from LifeLock and Identity Guard. Before you buy, though, it makes sense to shop around a bit. While there are indications that credit monitoring can help protect your identity, not all products are created equal.

Credit monitoring services can’t really do anything that you aren’t able to do, but it can give you peace of mind. You don’t have to be constantly watching if someone else is doing it for you. Before you sign up, though, make sure that you understand exactly what is offered, and that the alert situation matches your needs.

5. Credit Freeze

Another tool that can help you protect yourself is the credit freeze. You can actually request that a freeze be placed on your credit. This way, if someone tries to open credit in your name, they are blocked. In many cases, it requires some hoop-jumping to lift the freeze. You are pretty well protected, but it also means some inconvenience for you. Plus, a credit freeze might cost you some money.

If you want a less expensive and less limiting option, you can place a fraud alert on your account. However, in order to take advantage of this option you might have to first be an actual victim of identity theft. The fraud alert doesn’t mean that credit will be denied, but it can mean that issuers do a little extra legwork to verify your identity before moving forward.

A freeze or an alert can be helpful in discouraging fraudsters and protecting your identity.

Take the time to find ways to protect your identity. While nothing is full-proof, you can limit the damage with a little effort.

Data Breaches: Will You Stop Using Plastic?

Data breaches have been big news recently.  However, even with some heightened concern about security, it doesn’t appear that many consumers are doing much to change their habits, and they are unlikely to stop using plastic.

According to a poll reported by Daily Finance, it appears that only 37 percent of consumers are increasing their use of cash to protect themselves from the identity theft that can come as the result of a data breach.

credit card information

More people seem to be worried about purchases made online, or made with a cell phone — in spite of the fact that, initially, the Target data breach was only supposed to have affected in-store shoppers.

Why Consumers Still Use Plastic

The only way to completely protect yourself from these types of data breaches is to stop using your credit cards and debit cards. Many consumers, though, don’t want to deal with the inconvenience that often accompanies using cash.

It’s much easier to just carry a thin piece of plastic, rather than a wad of cash. I know that I wouldn’t want to carry around a thick stack of cash. Swiping the plastic is so much more convenient. It’s faster, it’s easier, and you don’t often have to worry about getting caught without enough.

On top of that, even with the data security breaches, plastic is actually more secure than cash. Think about it: If someone steals your credit card or debit card, you can usually get the money back. Fraudulent transactions come with protection. Even though you might not get quite the same protection with debit cards as you would with a credit card, the reality is that you are still protected. As long as you can prove fraud, that money will be returned to you eventually.

With cash, the money is gone. There is no way to track that. If someone steals your wallet and takes the cash, you’re never getting that back. You’re better off having someone make a fraudulent purchase of $100 with a credit card than you are with someone taking $100 from your purse. When you consider this, it doesn’t make sense to stop using plastic.

Using a credit card instead of a debit card offers another layer of protection, since the money isn’t even taken out of your bank account. With a fraudulent debit transaction, you actually lose the money until the bank returns it. With a credit card, you don’t even have to risk your own money.

More Troubling: Few Consumers Checking Their Credit Reports

It’s not all that troubling (and not very surprising) that consumers aren’t making huge strides stop using plastic in the wake of these data security breaches.

What’s worse is the fact that many consumers aren’t taking any steps to protect themselves at all. Only 41 percent have checked their credit reports, according to the Daily Finance article. In spite of the fact that Target is offering credit monitoring services, and it’s fairly easy to use AnnualCreditReport.com and other credit monitoring tools to stay on top of the situation, most Americans are changing anything.

Also problematic is that Daily Finance reports even fewer consumers have changed their passwords at compromised retailer sites, and that they haven’t requested new debit or credit card numbers. Years ago, when the PlayStation Network data breach compromised my credit card information, I called my issuer and immediate got a new number and a new card. It took no more than 10 minutes and was free.

Change Your Behaviors

No, you don’t have to convert to cash in order to protect yourself from identity fraud. However, you do need to make some changes to your behaviors in light of the recent data breaches. For the most part, these changes amount to paying better attention. Here are some things to do:

  • Carefully review transactions on your statements, looking for fraudulent charges.
  • Check your credit report regularly.
  • Notify card issuers and credit bureaus immediately if your information is compromised.
  • Use different username/password combinations for different sites.
  • Change your passwords on occasion.

Just paying attention to what’s happening can help you combat identity theft. It doesn’t have to take a lot of your time. If you are truly concerned about the time investment, you can consider signing up for credit monitoring so that you don’t always have to be on your toes.

Whatever you decide to do, though, it’s important to be aware, and to take steps to do what you can to protect yourself.

Watch Out for Tax Time Identity Theft

Now that April 15 is fast approaching, you probably have a lot on your mind. One of the things probably not on your mind during tax time is identity theft. This makes sense in a lot of ways; after all, what kind of mischief can fraudsters make in terms of your tax return?

Unfortunately, the reality is that tax time is a prime time for identity theft. If you aren’t careful, you could hand your vital personal information over to a scammer. On top of that, you might find that ID theft has resulted in someone else claiming your tax refund.

Image source: Philip Taylor via Flickr

Image source: Philip Taylor via Flickr

Tax Preparer Fraud

One of the things that you have to be on the watch for is tax preparer fraud. In these cases, a shady tax preparer promises you a bigger refund. Unfortunately, the methods used to obtain the bigger refund might not be IRS-approved.

A tax preparer might inflate your deductions, or misrepresent your income as lower than it actually is. In some cases, shady tax preparers claim credits that you aren’t entitled to. When the paperwork is done, the preparer shows you how big your refund is, and you are thrilled.

Unfortunately, if the IRS catches out the return, you will be on the hook for the penalties and interest. Plus, an accountant shady enough to resort to these tricks to inflate your refund isn’t likely to represent you to the IRS. You’ll be on your own.

Be especially wary of accountants that offer to prepare your return for “free” in return for a percentage of the refund. You’ll be charged up front, based on the amount you are shown. If you pay based on that wrong information, you will be out even more when the IRS rejects your paperwork.

On top of this, some fraudulent preparers will steal your personal information.

Scams to Get Your Personal Information

Some tax time identity theft scams go beyond just trying to get you to pay a little extra. There are tax preparers that are outright scammers. They tell you they are preparing your return, but really they want your information.

Your tax return is a huge source of sensitive personal information. Your name, address, Social Security number, and other information is shared on the form. If you want to receive your refund via direct deposit, even your bank account and routing information is included.

All a fraudster has to do is get the information for the tax form and then take off with your identity. Your return might not even get filed in this case, and then you’re on the hook for a failure to file on top of everything else. Watch out for tax preparers that approach you at community events, or that are willing to come to your home. Be sure to vet an accountant or tax preparer before entrusting him or her with your most personal information. Otherwise, you could find yourself a victim of identity theft.

How Safe is Your Tax Refund?

Another tax time identity theft scam that might impact you is refund fraud. With this type of identity fraud, the scammer uses your Social Security number and name to claim a refund. He or she simply fills out the Form 1040 using your information, and has the refund sent to his or her address.

When you file your own taxes — legitimately — you end up having your return rejected. The IRS thinks that you have already filed and received your refund. When you find that someone has claimed credits and a refund in your name, you need to act fast. You will need to prove your identity and file a Form 14039. Make sure you do it as quickly as possible.

A Note on Tax Time Phishing

Finally, be aware that phishing is a common way for identity fraudsters to try and get personal information. You’ll receive a scary-sounding email that says that there’s something wrong with your refund, or that you owe taxes and are facing jail time. You’ll be asked to click on a link and provide personal information an ID thief can use.

Realize that the IRS won’t ask for this information via email. If you are to receive an official communication of this nature, it will be via snail mail.

Be on your guard. Tax time identity theft is a very real threat to your finances.

5 Things To Do If You’re a Victim of a Data Security Breach

Recent months have been full of news of data security breaches. The recent spate of security breaches started with Target, but there have been other incidents in recent weeks, including hobby chain Michaels and the upscale retailer Neiman Marcus.

The worst part about these data security breaches is the fact that there isn’t a whole lot you can do — unless you completely stop using your credit cards and debit cards, and you stop shopping online. Even being on a mailing list can result in identity fraudsters getting a hold of your name and address, and then using that information to attempt to steal your identity.

Data Security Breach

Officials are ramping up efforts to force retailers to let consumers know about these data security breaches in a timely manner, so there is a good chance that you will be notified when your information is exposed.

Once you understand that there is a data breach compromising your information, it’s time to take action. Here are 5 things to do if you are a victim of a data security breach:

1. Check Your Statements

You should be checking your statements regularly any way, but it’s especially important after a data security breach. Keep an eye on purchases, and make sure that there are no unexpected transactions.

If you don’t want to wait for your statement, go ahead and log on to your online account management to keep up with new transactions. The faster you identify fraudulent charges, the faster you can move on to step two.

2. Report Fraudulent Transactions

When you notice transactions that shouldn’t be there, you need to report them ASAP. Realize that your $0 fraud liability might be different with a debit card than with a credit card. Your reporting window might be smaller with a debit card, so you really need to be on top of it.

The faster you report fraudulent transactions, the sooner you can get things cleared up, and get your money back.

3. Get a New Account Number

If you’ve been a victim of identity fraud, it’s time to get a new account number so that the transactions can stop. Most issuers will give you a new account number — and a card to go with it free of charge — as soon as you report a fraudulent transaction.

Even if you haven’t noticed fraudulent activity on your card, it might be worth it to get a new account number anyway if you have been involved in a security breach. Sometimes, fraudsters will wait a few months before using the information obtained. It’s better to just get a new account number now, rather than be forced into it later. Getting it over with can be one way to proactively avoid problems later.

4. Check Your Credit Report

In some data security breaches, card information isn’t taken. Instead, information that can be used to open new accounts is taken. This means that you need to check your credit report to find out if someone has been opening fraudulent credit accounts in your name.

You can check your credit report from each bureau for free once a year with the help of AnnualCreditReport.com.  It’s also possible to pay for your credit report from the bureaus. All of them offer three-in-one products that can allow you to look at everything all at once.

You should dispute any fraudulent accounts immediately so that they can be removed from your report. If you are really concerned, you can also place a freeze on your credit report in order avoid more accounts being opened without your consent.

5. Sign Up for Credit Monitoring

Target is offering free credit monitoring for a year following its data breach. If this is offered to you, it makes sense to accept. You will receive alerts when something new happens with your credit, so you can take care of it quickly.

Even if you aren’t offered free credit monitoring, it might make sense to sign up for credit monitoring services. While you can monitor your own credit without the help of these services, the reality is that you are likely to forget. Signing up for a service can provide you with peace of mind, without the need for you to constantly check your situation.

Is your child a victim of identity theft?

Credit: Vince Alongi

Credit: Vince Alongi

If you’ve ever been a victim of identity theft, you know how much of a pain it can be to fix. The longer it goes on, the harder it is to unwind all the problems a thief has created.

It’s probably why you monitor your credit report every few months.

But if you have kids, you might not think to monitor their credit reports too. It seems silly, since they should have no credit, but child identity theft is a huge problem. It’s reported that 5% of the identity theft complaints to the Federal Trade Commission were from minors under the age of 18. It’s becoming a go-to for identity thieves because parents don’t think to check their kids’ credit reports on a regular basis.

Many people discover identity theft because they apply for something, like a credit card or a loan, and discover something is amiss. Maybe it’s a recent credit card application they don’t remember or a missed bill they don’t have. Kids don’t apply for loans or credit cards. In fact, they’re underage, so they can’t even apply for those things because minors can’t enter into contracts (you would have to co-sign!).

This is why thieves are turning towards kids. It’s an easy target.

Since your child won’t be applying for anything, most warning signs will come from the government. If your child should receive government benefits of some kind but the agency reports that the benefits have already been paid, someone might be stealing your childs’ checks. That’s a subtle warning sign that something bad is happening.

Some other more obvious ones are if your child starts getting collections notices or you are told his or her Social Security Number is being claimed on another return. Anything out of the ordinary should be grounds for investigaion.

How can you prevent child identity theft?

Remember to check their credit reports.

It really is as simple as that. Contact Experian, Equifax, and TransUnion and request a credit report for your child’s name and Social Security Number. You’ll have to prove you are their parent or guardian, so be ready to provide your child’s birth certificate, Social Security card, your ID card, and proof of address.

Once you get the report, review it as you would your own. It should be pretty simple and straightforward but you never know if you’re (or rather your child) a victim until you get the report.

Good luck and remember to review this as often as you review your own.

Some preventative steps can save you serious time should you become victim.

How to Identify a Phishing Attack

Phishing is when someone tries to “fish” out information from you by pretending to be someone else. Have you ever gotten an email from your bank or credit card that looked suspicious? They usually say something ominous like “there’s been a security breach, we will need you to log into your account and provide your social security number to prevent account closure.” They’re designed to get you to panic and unwittingly click on the link, which takes you to their fake website to collect your information.

Once you try to log into their site with your legitimate credentials, you’re screwed. You’re screwed because they will have captured all the information they need to pretend to be you for just long enough to either steal your money or set up their systems in order to steal your money.

What’s unfortunate is that we’re usually pretty aware of this type of stuff when it comes to banking. A strange email from “Bank of America” is going to set off our fraud radar but a similar one from Twitter or Facebook might not. A lot of social sites send a barrage of notification emails for when people send you a message, when someone adds you as a friend, or when you need to do something in a game. The deluge of email can lower our guard and someone trying to steal your Facebook account might sneak through. While losing your Facebook account is not as bad as losing your bank account, there are still costs to losing it as the thief might pretend to be you and ask your friends for money (the classic “I was traveling in London and was mugged, please wire me money!”).

How do you identify a phishing attack? First, use an email service that has the ability to identify the sender of emails. Gmail, which is 100% free, will tell you if they think the sender’s information (who the emailer says he is) doesn’t match the email header’s information (which computers the email has passed through). Alternatively, if you are computer savvy, you can view the headers yourself for anything strange.

Next, never click on a link in an email. If it’s from Bank of America, go to the Bank of America website. If it’s Citi, go to the Citi website. You might have to jump through a few hoops to find the source but it’ll be worth it.

Finally, phishing goes beyond emails, thieves are also known to call or text you. If someone does call you, the best option is to call them back through the company’s Customer Service number. Ask them for a transaction ID or a call ID number they can reference to speed up the process (if it’s fraud, they usually assign some number). If you think it’s really them, make them authenticate themselves with your information. If they really are with the company, they will have that information. If they aren’t, they’ll probably hang up (remember, it’s a volume business).

In the end, the safest way to interact with a company is to call them directly yourself. If you suspect something is wrong, give them a call and you can sort it out. This will take some extra time but it’s far less than what you would spend if you were the victim of a phishing attack.


Tips to prevent or recover a stolen identity.