MSGID: 1:229/664@fidonet 86bf984b
TZUTC: -0400
CHRS: ASCII 1
TID: FastEcho 1.46.1 7731285
What is Identity Theft?

Identity theft happens when a criminal steals information about you and uses
that information to commit fraud, such as requesting unemployment benefits,
tax refunds, or a new loan or credit card in your name. If you don't take
precautions, you may end up paying for products or services that you didn't
buy and dealing with the stress and financial heartache that follows identity
theft.

Your personal information exists in numerous places all over the internet.
Every time you browse or purchase something online, watch a video, buy
groceries, visit your doctor, or use an app on your smartphone, information
about you is being collected. That information is often legally sold or shared
with other companies. Even if just one of these gets hacked, the criminals can
gain access to your personal information. Assume that some information about
you is already available to criminals and consider what you can do to slow down
or detect the use of your information for fraud.

How to detect it

 * Review your financial cards and other accounts regularly for any charges or
   payments you did not make. An easy way to do this is to sign up for email,
   text messages, or phone app notifications for payments and other
   transactions. Monitor them for fraud.

 * Investigate situations when merchants decline your credit or debit cards.
   Look into letters or phone calls from debt collectors for overdue payments
   for credit cards, medical bills, or loans that you know are not yours.

 * Pay attention to letters that inform you about unemployment or other
   government benefit claims for which you never applied.

 * If available in your area, review your credit reports at least once a year.
   For example, in the United States, you can request free reports from
   annualcreditreport.com.

What to do when it happens

 * Contact the organization that is involved in the fraud. For example, if a
   criminal opened a credit card in your name, call that credit card company
   to notify it about the fraud. If someone filed for a tax refund or
   unemployment benefits in your name, contact the corresponding government
   organization.

 * File a report with law enforcement to create an official record of identity
   theft. You can often do this online. For example, in the United States you
   can report at identitytheft.gov. Follow the site's instructions for any
   additional steps you may need to take.

 * When responding to fraud, keep records of your interactions with your
   financial institutions and law enforcement, as well as the costs you incur
   due to identity theft in case these details will be needed later.

 * Notify your insurance company; you may have identity theft protection
   included in one of your policies.

How to defend against it

Here are some simple steps you can take to decrease the chance of identity
fraud happening:

 * Limit how much information you share about yourself with online services
   and websites.

 * Use a unique strong password for all of your online accounts and enable
   two-factor authentication as additional protection for your most important
   accounts.

 * If applicable in your location, restrict who can get access to your credit
   reports. For example, in the United States freeze your credit score so that
   anyone who tries to get a credit card or loan in your name has to first
   temporarily unfreeze it.

 * Consider getting insurance coverage, either through a dedicated policy or
   as part of your existing insurance plan, that covers the costs of dealing
   with identity theft.

Guest Editor Lenny Zeltser is the CISO at Axonius, a cybersecurity asset
management company. He also teaches malware combat and writing at the SANS
Institute. Lenny is active on Twitter as @lennyzeltser and writes a security
blog at zeltser.com.

OUCH! Is published by SANS Security Awareness and is distributed under the
Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute
this newsletter as long as you do not sell or modify it.

(C) SANS Institute 2021
www.sans.org/security-awareness

---
 * Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (1:229/664)
SEEN-BY: 1/123 90/1 105/81 120/340 123/131 129/305 226/30 227/114
SEEN-BY: 227/702 229/101 424 426 664 700 1016 1017 240/5832 249/206
SEEN-BY: 249/317 400 282/1038 317/3 322/757 342/200
PATH: 229/664 426