Ask Liz Weston

Get smart with your money

Identity Theft

Q&A: An emergency kit document hack

By

Dear Liz: Thanks for answering my question about storing hard copies of financial services records for emergency preparedness. My wife and I finally reached a compromise: We printed out our account numbers, but we attached code names to them that only we would recognize. Now both of us are comfortable that even though someone might have our account numbers, they’ll never know which financial institution to contact.

Answer: That’s a terrific compromise that keeps your important financial information accessible to you but not to an identity thief.

Q&A: Credit freeze may be inconvenient, but it’s effective

By

Dear Liz: Is freezing one’s credit reports the safest bet even though it’s inconvenient to get it temporarily unfrozen? Plus you have to pay a fee. At my son’s urging, I had my credit reports frozen since the Equifax incident but I find it very inconvenient whenever some financial firms need to look into my credit score.

Answer: Credit freezes remain the best way to prevent new account fraud, which is when criminals open up bogus credit accounts in your name.

It is somewhat inconvenient to have to remember to thaw the freezes when you apply for credit or other services, and you have to keep track of the personal identification numbers (PINs) that allow you to do so.

The good news is that the fees for instituting and thawing freezes will go away as of Sept. 21. The Dodd-Frank reform that Congress passed this spring included a clause requiring credit bureaus to waive those fees.

Q&A: Credit alert or phishing scam?

By

Dear Liz: I received a notice from one of my credit card companies stating that they had noticed something amiss in my credit, though not related to their card. The notice suggested I check my credit reports, which I did. Nothing showed up on the reports that was of concern. What else should I do to ensure my credit stays secure?

Answer: Vague “alerts” are a hallmark of phishing emails that are trying to get you to reveal personal information.

If you followed a link in an email to view your credit reports or accessed them on any site other than www.annualcreditreport.com, you may well have handed your Social Security number and other vital data to an identity thief.

If that’s the case, you should freeze your credit reports to prevent the thief from opening new accounts in your name. You might want to do that anyway, given the prevalence and severity of recent database breaches.

Q&A: Ease identity theft fear by checking your credit report

By

Dear Liz: I am suddenly receiving junk mail addressed to my estranged brother at my house. I’ve been in this house for 15 years and have never before gotten mail addressed to him. Is it possible he applied for credit or something similar using my address? He has always had money issues.

Answer: It’s more typical for an identity thief to divert a victim’s mail to his own address than to cause junk mail to be sent the victim’s way. Still, it can’t hurt to check your credit reports via www.annualcreditreport.com to see if there are any accounts or activity you don’t recognize.

Q&A: Credit freezes complicate setting up online Social Security accounts

By

Dear Liz: You’ve recently written about protecting ourselves by establishing online Social Security accounts. Social Security prevents me (or anyone else) from creating an online account because I have credit freezes in place. As I understand the process, Social Security uses the credit bureaus to verify my identity. With a freeze, there’s no identity verification. In other words, in order to set up a fraudulent online account, someone besides me would have to unfreeze my credit report first. Is that correct?

Answer: Pretty much. Another way to establish an online account is to go into a local Social Security office with proper identification. But most hackers are unlikely to take the trouble to do either.

You may still want to create an online account to monitor your Social Security earnings record and promptly correct any mistakes or spot employment fraud (someone using your number to get work).

You could make a trip to a Social Security office or temporarily lift your freeze with the bureau that’s providing identity verification services. Currently, that bureau is Equifax — and yes, that’s the bureau that suffered the massive database breach that started this discussion.

Q&A: Freezing Your Social Security Number

By

Dear Liz: Recently you answered a question about whether Social Security files could be “frozen” to help prevent fraudulent activity, and your response was no. I had just researched that question after the Equifax breach, and found out the Social Security Administration does have a way to block electronic access to your records now, so I had that set up for me. The administration advised that it can be done whether you have an online account or not (I don’t). There is additional information about this on the Social Security website: https://secure.ssa.gov/acu/IPS_INTR/blockaccess

Answer: When you block electronic access to your Social Security file, no one, including you, is able to see your records or change your information online or through the administration’s automated phone service. Blocking access could prevent someone from tampering with your record, but it also could prevent you from detecting misuse of your Social Security number if someone is using it for employment or tax fraud. Blocking access certainly won’t prevent other kinds of identity theft involving credit, medical care or criminal arrest. A better approach might be to set up an online Social Security account to prevent someone else from doing so fraudulently, and to monitor that account regularly.

There is another government service, myE-Verify, that enables you to “lock” your Social Security number. That may prevent someone from using your number to get a job, but only if an employer uses the service to determine applicants’ eligibility to work in the U.S. — and many employers don’t. Even if you succeed in preventing employment fraud, your number could still be used in other types of identity theft. Also, a Social Security lock expires after one year, so you’d need to renew it annually if you want to keep it in place.

Unfortunately, there’s no easy way to prevent your Social Security number from being misused. As long as those nine digits continue to be used as an all-purpose identifier, we will be vulnerable to all kinds of identity theft.