Identity Theft Protection: How to Safeguard Your Personal Information

Online quizzes are entertaining. Links in emails, texts, and social media messages are convenient. But both can put you at risk for identity theft – which can be costly and take months to recover from. Putting some identity theft protection measures in place can help you limit the damage.

See more episodes

See Protecting Your Identity with Patrick Glennon for a complete transcript of the Easy Prey podcast episode.

Patrick Glennon has twenty years of experience in banking and consumer identity protection, including roles at JPMorgan Chase, CoreLogic, Arthur Andersen, and Ebates. Currently, he is the Chief Technology Officer for IDIQ, a company that specializes in identity theft prevention and recovery services. Identity theft is a growing concern nationally, and Patrick is glad to have a position at IDIQ where he can help combat it.

Defining Identity Theft

There is some confusion around what “counts” as identity theft. Part of that confusion comes from how much information we make available on the internet. Birthdays, family members, information that could lead to where we live, or even our actual addresses are all online. Even the information that isn’t publicly available can be exposed. The more websites that have this information, the more likely it is to get into the hands of thieves through a data breach.

The real challenge is that we are putting more and more of our personal information out there online.

Patrick Glennon

Patrick defines identity theft as when someone pretends to be you for the purpose of getting access to credit, loans, credit cards, new phones, or anything else they can purchase in your name. Usually, but not always, the consequences of identity theft are financial.

Someone purchasing your credit card information online and using it to purchase things isn’t usually identity theft. Those thieves aren’t pretending to be you, they’re just using your card. This is just credit card fraud, and card issuers like Visa and MasterCard have programs to deal with that. However, credit cards can be used as an authentication method for other things. If someone is using your credit card to try and prove that they are really you to get access to something else, that’s identity theft.

There’s so many different ways that somebody can take minimal amounts of information and gain access to credit, to cash, to phones, to cars, to loans, to all sorts of things that can be done in your name.

Patrick Glennon

We can control only so much.

We do have some control when it comes to limiting our risk our exposure online. After all, we can choose how much to tell anyone about ourselves, from people we send emails to businesses we do transactions with.

But after that, we lose a lot of control. Fact is, there are entities out there—businesses, advertisers, hackers, thieves, police or government institutions—that will collect data (legally or not) to watch what we’re doing.

Privacy Rights

For a growing number of people, Internet anonymity means we should be able to conduct all or some activity on the Internet with anyone tracing that activity back to our individual computers… and ultimately, to us personally. Especially when a person has NOT given permission for anyone to do that.

Identity Theft Methods

Criminals are creative. Every day they come up with new approaches and mechanisms to steal your identity. They have a wide variety of tactics. Here are a few of them.

SIM Swapping

SIM swapping is a relatively new method. Thieves get access to information you use for security questions, and they call your phone provider and convince them to switch your phone number to a new SIM card. That lets them receive your texts and calls. When your bank or credit card sends you a text with a code to prove it’s really you trying to log in, they receive that code and can access your accounts.

This happened to one of Patrick’s relatives, and it was very difficult to sort out. Even more scary, most of us turn on two-factor authentication for better account security, and text messages are a common way to get those security codes. But without taking some measures for identity theft protection, a SIM swapper can get access to those security codes. PayPal even has an option to get a code to bypass the password – if your phone number is switched to a new SIM card, a thief doesn’t even need to guess your password to get into your account.

Change of Address

If an identity thief gets your name and address, they can submit a change of address form in your name. They redirect your mail to a PO box they’ve rented, and then they go through your mail for those preapproved credit card offers. With those offers, addressed to you and preapproved for you, they can get access to credit in your name.

Classic Information Gathering

It’s not all shiny new techniques. Many identity thieves still use classic methods. They find, buy, steal, or phish enough basic information – your name, address, birthday, and Social Security Number – to effectively pretend to be you. Then they can open loans, apply for credit cards, buy cars, and do all sorts of other things in your name.

Purchasing Credentials

There are lists on the dark web that has information from old data breaches. If you’re the kind of person who reuses usernames or passwords, or haven’t changed your passwords in years, thieves can purchase that information for cheap and use it to access your accounts.

Using Social Media

Once identity thieves have access to one person’s account, they use it to get more information. A new version of this happens with Instagram. The thief gets access to one person’s Instagram account and changes the name in a very small way. Then they message the account’s friends, saying, “Hey, I want you to answer a survey about me, I’ll send you a text in a few minutes.” When the friend gets a text with a link from an unfamiliar number, they aren’t suspicious – they think it’s the survey from their friend they were expecting. They click the link, and now their Instagram account is compromised. The thief now has access to more private information on someone else.

Merging the Data

The criminals stealing your identity are working together, and they’re merging the information they get from you. Every detail they get can unlock more of your private information. They might start with a phishing email claiming your buddy wants you to fill out a survey or take a quiz. That gives them an answer to an Instagram security question and now they’re in your Instagram account. With the information from your Instagram security questions and your mother’s maiden name from Facebook, they then call your phone provider and SIM swap you.

Your age doesn’t matter, whether you’re a private citizen or a company, whether you’re part of a utility creator or whether you’re part of a bank, everyone’s getting targeted. And the methods are getting more sophisticated.

Patrick Glennon

Merging information from multiple sources is vital to criminals. And they’re targeting everyone. Often people caught by fraudsters feel like they were targeted specifically. Identity thieves aren’t targeting anyone in particular. The people who got defrauded were just the ones who weren’t thinking too much about identity theft protection. The fraudsters cast a wide net, and they just happened to be the ones who answered the phone or clicked the link.

Avoid Problems… Crime

Still, for most of us that just means we want to be treated decently and not have our private information (or private/personal Internet activities) abused. We don’t want to be victims of identity theft or other Internet scams. We might not like it (or even know) that businesses are tracking our Zip codes, or that online advertisers have captured our IP address and send out custom ads, but we won’t get up in arms about it.

For others (some decent folks, some not, some paranoid or activists), there’s the desire to have NO traces of any kind, by anyone, on any our their Internet activity.

Identity Theft Protection and Your Information

Many people’s personal information is just floating around online. There was the Yahoo hack in the early 2000s, as well as the Equifax breach in 2017. Chances are good that your information is already exposed somewhere.

Your information is probably already out there. It’s probably getting handed around and it’s probably getting resold.

Patrick Glennon

People in the identity theft protection industry often look at credit alerts and credit scores. If your information is already out there, making identity theft protection about keeping the information private is a lost cause. The key is to make sure you know the minute someone tries to do something with your information. That’s the point that your exposed information actually means something. And that’s when it actually becomes dangerous. Once someone starts using your information, they can harm your time, your finances, and your reputation.

When we talk about identity theft prevention, what we’re really talking about is spotting the scenarios where someone has got a hold of that information and is now using that information to try to obtain for themselves something in your name.

Patrick Glennon

Often the damage is financial. It only takes a few pieces of information to open a credit card or obtain a loan in your name. With a little bit more, they can do a SIM swap to get your two-factor authentication codes and access your accounts. But the damage isn’t always in terms of dollars. The CEO of Twitter got SIM swapped, and the criminals posted racist, misogynistic, and other horrible things on his Twitter account. The damage was reputational – it wasn’t financial, but it was still harmful.

Anonymity Advocates

Supporters of total for Internet anonymity argue that it is the most important aspect of free speech on the Internet. Anonymity allows for Internet users to express themselves freely without worry of being discovered or tracked, ridiculed, or harassed. They would say that is important to online discussions and forums, especially forums involving personal questions or topics, such as sensitive medical issue.

Advocates might also say that Internet anonymity is important when it comes to sharing or giving information that really should remain anonymous, such as reporting illegal activities through on online tip. Would you want someone (reporters, crooks, etc.) to trace your police tips back to you?

On the other hand, it’s no secret (or you just found out by reading this) that there are plenty of people who don’t want to be tracked because they’re into very illegal activities. They might support anonymity for some of the right reasons, but they also don’t want the authorities to shut down or interrupt their illegal activities.

Identity Theft Protection Tips

It is possible to take steps towards better identity theft protection. Often, the steps that improve your identity theft protection aren’t difficult or complicated. Patrick recommends the following measures.

Switch Up your Security Questions

If you can, set up different security questions for every account. If that’s not an option, have answers that are unique to each account. (A password manager can help you store which answers you used on each account.) You don’t want to use your mother’s maiden name and father’s middle name for everything. Once that information gets out, every account you have is at risk.

Don’t Answer Online Quizzes

Online quizzes are very popular, especially on sites like Facebook. But the questions could lead you to inadvertently expose personal information. The questions can get very in-depth, asking what month you were born, your star sign, what day of the month you were born on … most of them stop short of asking for your Social Security number, but there probably are a few out there that do. It’s safest just to avoid them entirely.

Don’t Expose Yourself on Social Media

People get very comfortable very quickly with handing out information online. But be careful. Most people aren’t very strict about who can see their posts. You may be posting private or sensitive information and aren’t aware that anyone can see it. Or you may be posting something that seems innocent to you but can expose personal information to malicious actors.

People will routinely and casually hand out very sensitive pieces of information without giving it much thought … combined with other bits of information, [criminals] can get relatively unfettered access to your identity and use it to do all sorts of things.

Patrick Glennon

Never Click Links

Don’t click on a link that gets texted to you. Don’t click on a link that gets emailed to you. If you get an email from your bank asking you to change your password, don’t click it – go to your bank’s website directly. If someone is asking you to take a quiz, don’t click on the link in the text message. So many links are malicious and can give criminals access to your information. If you want to improve your identity theft protection, don’t click the links.

Just distrust every link that is sent to you all the time.

Patrick Glennon

Switch Your Two-Factor Authentication to an App

With SIM swapping, thieves can create a “back door” for themselves. Even if you change your password, if your two-factor authentication method is a text message, they can still get in. For the best protection, don’t use texts for your two-factor authentication. Use an authentication app instead. That way even if you get SIM swapped, you still have access to your app.

Turn On Informed Delivery

If you’re in the United States, the US Postal Service has an option called Informed Delivery. They will scan the outside of each piece of mail and let you know what’s being delivered every day. Scammers sometimes set that up for houses they’re targeting so they know when to come steal credit card offers or billing statements. You can also sign up for the NCOA, the National Change Of Address list, which lets you know if someone tries to reroute your mail to somewhere else.

Don’t Just Trash It

Identity thieves can collect a lot of personal information just from going through your trash. Identity theft protection isn’t always technological tools – sometimes it’s just shredding your mail. If you receive a preapproved credit card offer and throw it away without opening it, someone going through your trash just got a nice credit card offer with you footing the bill. The best practice is to shred anything that has your name or information or the name of any company you do business with on it.

Recovering from Identity Theft

Once you realize your identity has been stolen, identity theft protection shifts from prevention to limiting the damage. Unraveling identity theft once it happens takes a lot of time. You can’t just focus on the specific exposure you noticed – you have to assume everything was compromised. That means you have to go through everything to secure your accounts and undo what damage was done.

This task is challenging even if you find out quickly, respond quickly and efficiently, know exactly what to do and what steps to take, and do everything in the right order. Depending on what has been done, identity theft protection and recovery can have you looking at weeks or months of work. Plus, locking down your finances to prevent damage can leave you a little shy on cash or credit in the short term.

Even if you’re lucky enough to get off without much financial exposure, just the amount of time it’s going to take to get back on stable ground … time is a big factor.

Patrick Glennon

On top of that, there are emotional and reputational repercussions. There’s the anxiety and fear of someone getting into your accounts and messing with your stuff. There’s concern about what the thief has done to you financially and what other access they might have that you don’t know about it. If they accessed your social media accounts, there’s also the concern about what they might have said to your family or friends in your name. All in all, identity theft protection and recovery can be a long, difficult, and complicated journey back to stability.

What Steps to Take

Your first step should always be to lock down all your financial accounts. Lock your cards and freeze your credit. This temporarily limits access to new credit, but it also stops a thief from getting credit in your name. Then recover all of your accounts.

If you’ve been SIM swapped, get your SIM card assigned back to your phone. Get access to all of your financial institutions, banks, credit cards, investment accounts and retirement accounts. Change all your passwords. Change all your security questions. If you have the option, change your username. Do this as fast as possible – the more time an identity thief has access to your accounts, the more damage they can do.

It Never Hurts to Get Help

IDIQ and other companies in the identity theft protection, prevention, and recovery business can be invaluable. They, and other certified credit recovery specialists, are trained to help you through it, identify the next steps, and help you work towards recovery and improve your identity theft protection. It’s difficult on your own to think of all the things you need to go through. It’s also time-consuming – when Patrick’s relative was SIM swapped, it took two days to convince his phone company to switch his SIM card back.

It can be challenging to recover from [identity theft] on your own, and that’s assuming from the beginning that you were alerted in a reasonable amount of time.

Patrick Glennon

Companies like IDIQ help people navigate, get recovered from, and limit the damage of identity theft. They’re experts at getting things locked down, working out issues with credit bureaus and financial institutions, and keeping up with the best identity theft protection strategies and new ways thieves try to steal your information. If your bank thinks you’re pretending identity theft to get out of paying your bills (an excuse some people use to get out of paying legitimate debts), an identity theft protection company can sort it out. Where IDIQ and others come in is knowing who to contact, where to contact them, and what the processes are. They also spend their time, not yours, getting it fixed.

Identity Theft Protection for Ourselves and Others

We need to stay on top of identity theft protection methods to protect ourselves. But we also need to make sure it’s not just ourselves who are protected. We all have family members, elderly and young, who are vulnerable to identity thieves’ tricks because they’re unfamiliar to them. They might see a credit offer that they think will be great, but it’s actually stealing their identity.

You not only want to be educated for your own sake and for your spouse’s sake, you want to be educated for your parents’ sake and you want to be educated for your children’s sake.

Patrick Glennon

Patrick has a 21-year-old child and a 16-year-old child. The older one is brand new to the world of credit, and the younger is about to enter it. He and his wife both have elderly parents. People we love are at risk. We need to be educated not just to protect ourselves, but to help them and provide them with some protection. When the oxygen masks come down on the plane, put on your own first, but once you have it on, help your kids and your parents and anyone else in your sphere that you want to be protected.

Learn more about IDIQ on their website, idiq.com. There, you can get information about their plans and services, enroll in their services, or check out their articles. They provide information about what new tactics are popping up, how to protect yourself, how to recover from identity theft, and what tools are available.