Identity Theft

Q&A: Should I be afraid of payment apps?

June 24, 2024 By Liz Weston

Dear Liz: I pay rent via check (yes, I am aware of the risks). My landlord would prefer that I use Zelle, which has drawbacks. People have had their bank accounts drained. Also, I heard that peer-to-peer money transfer apps should only be used by friends and family, not for business, and not for large sums of money.

Answer: As you may know, Zelle payments are made instantly. If you send the money to the wrong party, you could be out of luck. Federal law protects you if your account was hacked, but not if you make a mistake or have been duped into sending money to a scam artist. (Zelle does investigate allegations of fraud, however, and may return the money if you’ve been deceived.)

Many people are comfortable using Zelle and other payment systems to send money to people and businesses they know well, while others aren’t. If you continue to use checks, make sure to mail them directly at the post office or use a shipping service that offers a tracking number, such as Fedex. Monitor your account closely and set up alerts that notify you when checks over a certain amount are cashed. Fraud related to check theft has soared, so you’ll need to be extra vigilant if you continue sending paper checks.

Q&A: Safeguarding your personal data is hard. Here are a few tips.

May 13, 2024 By Liz Weston

Dear Liz: I was recently alerted that my Social Security number has been found on the dark web. My information was part of the AT&T breach that took place recently. I am no longer an AT&T customer and haven’t been for several years, but they have not made any contact with me. What do I do to keep myself safe and how do I get my information removed from the dark web? Why hasn’t AT&T reached out to me?

Answer: As a consumer, you don’t have much power. Companies often demand your personal data, such as Social Security numbers, before they’ll do business with you. Once your information is in their databases, you have no control over what happens to it. And if your information is leaked, there’s no way to remove it from the dark web.

You can’t even be sure how your information got there, given the sheer volume of database breaches in recent years. If you’re an adult with a Social Security number, chances are pretty good that number can be found on the black market sites where criminals buy and share information, says Eva Velasquez, chief executive of the Identity Theft Resource Center, a nonprofit that helps identity theft victims.

In other words, your data may have been compromised long before the latest incident, which AT&T says affected 73 million current and former customers. AT&T began notifying impacted customers via letters or email starting in April. Those customers should have received an offer for free credit monitoring.

There are a few things you can do to make yourself a bit less vulnerable to identity theft, such as putting freezes on your credit reports, not clicking on links in texts or emails if you didn’t initiate the transaction and using digital wallets or other secure payment methods.

Also, don’t be your own worst enemy. Beware of sharing personal information (birth dates, address, phone number, etc.) on social media. Consider limiting your audience to people you know and trust, Velasquez says.

The Identity Theft Resource Center also recommends using passkeys, a technology that replaces passwords, whenever you’re offered that option. If a passkey is not available, the center suggests using passphrases of 12 characters or more rather than shorter passwords. A passphrase is a sequence of words that can be personalized for easier memorization, typically with numbers added and a mix of capital and lowercase letters. The center gives an example of a passphrase for a 2015 University of Texas graduate: “H00kEmH0rns2015.” You’ll still need unique passphrases for every account and site. You also should turn on two-factor authentication or multi-factor authentication where available. This requires an extra step, such as getting a code on your phone or from an app, but this will make your accounts harder to compromise.

Q&A: Alternatives to paper checks

March 4, 2024 By Liz Weston

Dear Liz: Because I am concerned about check fraud, I pay most of my bills online. However, I still need checks for paying my housekeeper, gardener, etc. I use a gel ink pen to deter fraud but was wondering if there is something else I should consider doing.

Answer: Checks you hand to people you know are probably less risky than those you send through the mail, but there may be better options.

Most Americans have accounts with at least one peer-to-peer payment app such as Venmo, Zelle or PayPal. These can be a secure and convenient way to pay people you know.

Be sure to create a strong, unique password for your account and to keep the apps updated. Whatever payment method you use — checks, online payments or peer-to-peer apps — continue to monitor your linked bank or credit card accounts so you can spot and quickly report any suspicious transactions.

Q&A: Identity theft fears? Get a credit report, credit freeze

June 13, 2022 By Liz Weston

Dear Liz: I divorced 32 years ago. Recently, I received calls from a collection agency about a debt that has not been paid. I discovered that my ex used my phone number as one of his contact numbers. My number is supposed to be unlisted and unpublished, but he found it online. I have stopped receiving calls from the agency, but how do I stop this from happening again?

Answer: Please check your credit reports to make sure your ex didn’t swipe even more sensitive digits: namely, your Social Security number. If his credit is bad, he may be tempted to pretend to be you in order to get credit cards, loans or other accounts. That’s identity theft, and there are steps you should take now to protect yourself.

You can access your credit reports for free at AnnualCreditReport.com. (If you’re asked for a credit card number, you’re on the wrong site.) Look for any accounts that aren’t yours and consider freezing your credit reports at each of the bureaus. Credit freezes prevent someone from opening new accounts in your name. You can thaw the freeze whenever you need credit, also for free.

You can’t prevent someone from adding your phone number to their credit applications, but under federal law you can tell a collection agency to stop contacting you, and it must comply. Make the request in writing.

Q&A: How to protect your identity beyond a credit freeze

March 14, 2022 By Liz Weston

Dear Liz: I volunteer for an organization that does background checks every two years. A recent check found my name and Social Security number was used in Texas from 2019 to 2021. I have never been to Texas. What can I do to find out how this happened, and how to protect my Social Security number? I have already frozen my account with the three main credit bureaus.

Answer: You may never know exactly how this happened, but you can make an educated guess.

Most Americans’ Social Security numbers have been exposed in one database breach or another, including the massive Equifax breach in 2017 that exposed the personal information of nearly 150 million people. As a result, Social Security numbers are sold by criminals on the dark web for just a few dollars.

Because Social Security numbers have become all-purpose identifiers — something they were never intended to be, by the way — criminals can use a purloined number to get jobs, steal your tax refunds, receive medical care and apply for credit, among other misuses. They also could pretend to be you if they’re ever arrested, something known as criminal identity theft.

Freezing your credit reports will help prevent someone from opening new credit accounts. Credit freezes typically won’t help with the many other types of identity theft, however.

If you haven’t already done so, create a personal account on Social Security’s site to check your earnings record. If what you see doesn’t match your own records, contact the Social Security Administration by calling (800) 772-1213. If someone used your Social Security number to work or get your text refund, contact the IRS at irs.gov/identity-theft-central or by calling (800) 908-4490.

You also can report the fraud to the Federal Trade Commission at IdentityTheft.gov, a site that will create a recovery plan to help you navigate the next steps.

Q&A: Worried about identity theft? Here are some things you can do

February 28, 2022 By Liz Weston

Dear Liz: Last week I received my annual mortgage interest report. The envelope was not sealed and my full Social Security number was exposed. Two days later, I received an e-mail from PayPal for a purchase made online in my name with a different address. What do I need to do to protect myself from identity theft and are there any penalties my mortgage company could face?

Answer: The penalties for exposing your information depend on your state’s laws. You can contact your state attorney general’s office for more information.

At the very least, consider reporting the issue to the mortgage company and demanding that your Social Security number be redacted in future mailings. Better yet, see if you can go paperless and download your tax documents, a process that is typically more secure than having your private financial information sent through the mail.

It’s entirely possible the fraudulent purchase was unrelated to your mortgage company’s sloppy practices, but you should still take steps to reduce your odds of being victimized again. Obviously, you need to change your PayPal password but you should also make sure all your accounts — especially your financial and email accounts — have unique, complex passwords. A password manager such as LastPass or 1Password can help you keep track.

Good computer hygiene also can help reduce your risk. That means turning on your computer’s firewall, using a secure browser and keeping that browser up to date. Update and frequently run antivirus software as well.

Another important step in reducing identity theft risk is freezing your credit reports at all three major bureaus: Equifax, Experian and TransUnion. This should prevent someone from opening a new fraudulent credit account in your name but won’t prevent account takeovers, such as what may have happened with your PayPal account.

Detect account problems as quickly as possible by regularly reviewing bank, payment and credit card transactions. Consider putting alerts on your accounts for foreign transactions or transactions over a certain size or signing up with a credit- or identity-monitoring service.