Protecting Your Financial Information

December 11, 2017

Cyber and identity theft are big business. In a recent session I attended on this topic, the presenter pulled up a website that sold stolen credit card numbers. There were over fifteen available stolen credit card numbers in one Edina zip code alone. The presenter mentioned that this was typical of urban zip codes across the U.S. The website was in English and even offered a money back guarantee if that particular stolen credit card number had been shut down (crooks with scruples – go figure!). The presenter (a forensic cybersecurity expert) believed the group sponsoring this website was based in Russia.

The Equifax hack has brought the importance of protecting ourselves financially into sharp relief. Per my reading, the Equifax hackers are unlikely to process this data themselves – they likely sell the data to experts who build, then sell these profiles. When a profile has enough data, identity theft can occur.

What can we all do? Two things:

  1. Regularly monitor our bank, investment, credit card accounts and credit reports for incorrect transactions, and resolve them immediately.

  2. Implement protections such as complex passwords and credit freezes.

You’ll find below a detailed list that helps you implement the two general statements above. Note that we have shared many of these strategies with you previously. But, given the importance of this area, these strategies bear repeating.

If you have any question on how to implement some of these safeguards, we recommend considering the following resources:

  • A tech savvy family member or friend.

  • If you have one in your area, Best Buy’s Geek Squad.

  • If you live in Minneapolis/St. Paul:
    Todd Bauer of TMB IT Solutions, 612-720-4002, todd@tmbitsolutions.com

If you consider employing a consultant to assist you with cybersecurity, one way to think about this is as an annual “tune up.” A consultant could (at least annually) check your home devices for malware updates, help you update any passwords, assist you with running a backup, offer you recent thinking, etc.

Here is our list of cybersecurity/financial protections, both “to do’s” and areas for awareness. We’d like to say that this list is exhaustive, but there are many aspects to cybersecurity, and they are constantly evolving:

To Do’s

(1) UPDATE EMAIL, WIFI AND OTHER PASSWORDS AT LEAST ANNUALLY, EMPLOYING COMPLEX PASSWORDS.

A strong password is a password that resists easy access by trial and guesswork. It tends to have diversity and some length. A suggestion is that your password(s) contain upper and lower case, numbers, symbols, and be at least 8 characters in length.

Consider building your password around a memorable phrase vs. a word. Example: “Somewhere Over the Rainbow” becomes “Sw0tR8nBO.”

It is encouraging to know that hackers spend their time going after the “low-hanging fruit,” i.e., the easier passwords to figure out. By moving to complex passwords, and regularly changing them, you are doing a lot.

(2) ROUTINELY CHECK YOUR BANK, INVESTMENT, AND CREDIT CARD ACCOUNT STATEMENTS TO VERIFY ALL TRANSACTIONS.

In terms of your accounts through us, we are very careful about withdrawals. If you send us a withdrawal request via email that names a new recipient (a new account or a wire to a bank), we will call you to confirm the request before executing the transaction. To protect you, we DO NOT send out withdrawals to a new account or recipient without prior verbal telephone authorization.

(3) VERIFY INFORMATION WITHIN YOUR CREDIT REPORTS, AT LEAST ANNUALLY. ENSURE THAT ADDRESSES ARE CORRECT AND ALL CREDIT LINES ON THE REPORT WERE A RESULT OF YOUR ACTIVITY.

You are entitled to one free copy of your credit reports every 12 months from each of the three nationwide credit reporting companies (TransUnion, Equifax and Experian). Order your report(s) online from annualcreditreport.com, which is the only authorized website for your free annual credit reports, or call them at 1-877-322-8228. You’ll need to provide your name, address, social security number, and date of birth to verify your identity.

There is a fourth credit reporting agency, where you should check your credit report, called ChexSystems (or Innovis). Simply Google “ChexSystems Credit Report” for information.

(4) IMPLEMENT A CREDIT FREEZE ON YOUR THREE CREDIT REPORTS.

Here is an easy-to-understand summary on credit freezes, published Sept 11, 2017, in the Chicago Tribune:

“In basic terms, freezing your credit means placing restrictions on who can view your credit report. Why is this important? Well, applying for housing, checking accounts or new credit cards can all involve a credit pull by potential landlords, mortgage lenders or banks. If you prevent them from pulling your credit, it’ll frustrate the fraudsters who need these organizations’ approval to open fake accounts using your stolen identity.

Freezing your credit comes with a $5 to $10 charge for each credit bureau. The amount of the charge depends on where you live. To get the ball rolling, visit the relevant websites of Experian, Equifax and TransUnion. You can also call Equifax (1-800-349-9960), Experian (1-888-397-3742) or TransUnion (1-888-909-8872).

The credit agencies will ask for your personal information including your name, address, date of birth and Social Security number. Once you’ve supplied those and frozen your credit report, nobody except your existing lenders, or their debt collectors, will be able to see it, according to federal regulators. The only other entities that are allowed to see your credit report at this point are government agencies carrying out a search warrant or subpoena, and yourself.

But what do you do once your report is frozen and you need, say, a credit card company to look at it?

In that case, you can contact the credit bureaus again and ask them to lift or “thaw” the freeze. To do so, you’ll need a PIN that your credit bureau gave you when you enabled the freeze. The reporting agencies are required to put the thaw into effect no later than three business days after you submit the request. You can also choose to lift the freeze only for a specific amount of time, in order to limit your exposure. Lifting the freeze can also come with a small fee.”

See whole article at: http://www.chicagotribune.com/business/ct-how-to-freeze-your- credit-equifax-20170911-story.html

Also, consider filing a credit freeze with ChexSystems (check their website for details.)

Awareness

(1) WHEN RECEIVING EMAILS, DO NOT CLICK ON LINKS OR ATTACHMENTS IF YOU’RE NOT POSITIVE THAT IT’S FROM THE BONAFIED SENDER. (EMAILS CAN LOOK LIKE THEY ARE FROM AN ACQUAINTANCE OR A FIRM FIMILIAR TO YOU, YET NOT BE.) EXAMINE THE SENDER’S EMAIL ADDRESS CAREFULLY. WHEN IN DOUBT, CONSIDER CALLING THE SENDER BEFORE CLICKING.

Example of a recent phishing scam: Emails supposedly sent from UPS indicating that you have a package waiting – just click the link to find out where you need to pick it up, or to provide the necessary information. Everybody loves a package, right? Turns out the email was from a hacker posing as UPS and clicking on the link enabled malware to be downloaded onto PCs.

(2) NEVER ACCESS BANK OR INVESTMENT ACCOUNT INFORMATION THROUGH AN OPEN WIFI NETWORK, SUCH AS IN A COFFEE SHOP OR AIRPORT. THIS ACTIVITY IS BETTER DONE BEHIND A PASSWORD PROTECTED WIFI SUCH AS YOUR HOME WIFI.

  • YOUR TECHNOLOGY CONSULTANT WILL LIKELY RECOMMEND ANTI VIRUS OR FIREWALL PROTECTION. WE BELIEVE THAT, WHILE SUCH APPLICATIONS MAY NOT BE FOOL PROOF, THEY HAVE MERIT.

  • ONLY DOWNLOAD FROM SITES YOU TRUST. FOR EXAMPLE, SOME FREE PROGRAMS SUCH AS SCREENSAVERS CONTAIN MALICIOUS SOFTWARE.

  • DO NOT RESPOND TO PHONE CALLS OR POP UP WINDOWS SAYING THEY ARE FROM MICROSOFT, etc.

A scam has been occurring where “Microsoft” is on the phone or supposedly sends you a pop up window on your computer, claiming that they have detected a virus on your system, which they can then fix with just a couple of mouse clicks. HANG UP immediately, or turn off your computer without clicking anything. If you’d like, call Microsoft directly to check status.

Please contact us with any question on the above. While we are not cyber security or technology experts, but we do want to do all we can to help enhance your financial and cyber security.