How to Protect Yourself Against Identity Theft and other Cyber Crime, by Scott Larson
To read CEO Larson’s North Oaks News article, click here: http://www.presspubs.com/north_oaks/news/article_6351fa80-9864-11e5-a94b-973742473c71.html
If you want to visit some of the included links, the content of the article (and the links) is below:
Posted: Tuesday, December 1, 2015 9:00 am
By Scott Larson/Contributor
We have had an increase in reported theft of mail from mailboxes and credit card fraud in our community. As a former FBI special agent, we were trained to prevent and fight crime — including bank robberies and white-collar crime. The prolific bank robber, Willie Sutton, was asked by a reporter (circa 1950s) why he robbed banks. He replied, “because that’s where the money is.” Well, today the money is in your information, bank accounts, tax returns, online investments and circulating throughout your home wireless network. In the interest of brevity and space, I would like to share some helpful tips to protect yourself and your family:
1. When traveling, have a neighbor pick up your mail or put a hold on your mail at the Post Office (https://holdmail.usps.com/holdmail/). Also follow these tips from the USPS: (https://postalinspectors.uspis.gov/investigations/mailfraud/fraudschemes/mailtheft/tipthieves.aspx).
2. Consider updating your mailbox to a locking mailbox. One neighborhood has been hit and thanks to a conscientious neighbor and a call to the North Oaks Company, the neighborhood is in the process of upgrading its mailboxes. Some newer neighborhoods already utilize such mailboxes (e.g., http://lockingmailbox.com/).
3. The Federal Trade Commission (FTC) has excellent free resources online to protection and response (https://www.identitytheft.gov/) and (http://www.consumer.ftc.gov/features/feature-0014-identity-theft). Securely dispose of paper sensitive documents (shred).
4. Get your free credit report. There are three main credit bureaus so you can spread requests out every six months to one of the companies (https://www.consumer.ftc.gov/articles/0155-free-credit-reports) .
5. Credit freeze or credit hold. You can implement a credit freeze with the major credit bureaus preventing new cards from being issued. Beware, this may cause some delays when you want to open another credit card quickly with a telephone call — usually at the merchant counter where you have to give your PIN and/or password. One of the three credit bureau links is provided below for your information (http://www.experian.com/consumer/security_freeze.html).
6. Reporting identity theft. There are two main agencies to report online: the FBI Internet Crime complaint Center File Compliant Tab (http://www.ic3.gov/default.aspx) and the FTC’s Complaint Assistant (www.ftccomplaintassistant.gov/). These complaints go into a large database, so response is not often timely but useful to help “connect the dots.” Last but most important, report it to our Ramsey County Sheriff’s Department’s non-emergency number at 651-767-0640 or our community services officer. Stay connected with the city of North Oaks and NOHOA for news, alerts and proactive community activities.
7. Use anti-virus and host (PC or Mac) firewall software. The free varieties like those offered from Microsoft work as well as the paid versions in most circumstances, but have fewer features. Please use what you like and are comfortable with using, but use one. Keep the tools updated (http://windows.microsoft.com/en-us/windows/security-privacy-accounts-help) and (www.apple.com/support/security/).
8. Update your operating system (e.g. Windows, Mac, Linux and mobile devices) and applications (e.g. Office, Adobe, Java) against malware and unauthorized access. (See http://larsonsecurity.com/securitytips/ for more information on the major vendors.)
Fake Tax Return Fraud
9. Unfortunately in the identity fraud lifecycle, after ID theft and/or credit card fraud happens, often we see fake tax returns being submitted in the victim’s name the following February. This type of fraud also is a result of criminal organizations targeting our Fortune 500 and other large employers in the area. Frequently you as the victim, won’t know until your actual return is denied because one has already been filed fraudulently with the IRS. In addition, for those residents working for a nonprofit or who happen to be a highly compensated officer in a public company, your name and wages (or a large portion thereof) are published through Form 990 or Securities and Exchange Commission (SEC)-related filings, respectively. Some help is in the IRS’ Taxpayer Guide to Identity Theft (www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft).
Wireless Access and Use of Passwords/PINS
10. When using a home wireless network, ensure you encrypt the connection with the WPA-2 setting that encrypts the wireless traffic from your PC/mobile device to the wireless access point (WAP). For those who enjoy reading security documents, the National Institute of Standards and Technology (NIST) has a Guide to Securing Wireless Networks (along with more than 100 other guides you may find useful (http://csrc.nist.gov/publications/nistpubs/800-48-rev1/SP800-48r1.pdf). In addition to using a strong password (at least 8 characters with a combination of capital letters and numbers), when logging into Google Gmail or Facebook, use their Secure Socket Layer (SSL, aka TLS) settings. These provide the https:// and the locked browser icon on your browser to prevent eavesdropping on your data connections (more and more sites are doing this by default). In addition, many sites and service offer two-step authentication where you get a six-digit PIN sent to your mobile device/email each time you login or you use a PIN code generator like that on Facebook or the free Google Authenicator app for iPhone and Android devices which displays a PIN that changes every 30 seconds. I highly recommend using two-step authentication if you always have your mobile device with you.
Computer security and protection against identity theft is a journey and process. We will all have fallen victim to some sort of data breach of our login ID’s and passwords or the loss of our customer records for e-commerce or medical records in our lifetime. Data breach notifications from businesses and financial institutions are becoming very common. If you receive one of these letters you most likely can sign up for free credit monitoring. Stay safe online and in our neighborhoods.
Scott Larson is a North Oaks resident, former FBI cyber crime chief and CEO of Larson Security. He specializes in digital forensics, cyber security and incident response. He is also an adjunct professor at the University of Minnesota teaching computer security and cloud security. He currently serves as an adviser to the Georgetown Law Center’s Cybersecurity Law Institute and the University of Minnesota’s Information Technology Infrastructure Advisory Board.