A Credit Freeze Won’t Help With All Equifax Breach Threats

If you’ve placed a security freeze on your credit reports at Equifax, Experian, TransUnion, and Innovis, that will help prevent fraudsters from opening new credit accounts in your name.

Freezing your credit report specifically at Equifax will also prevent crooks from registering as you at the government website “my Social Security,” and block them from attempting to steal your Social Security benefits. *Note: Setting up a credit freeze with Equifax will stop identity thieves from setting up a “my Social Security” account in your name.

But taking these steps won’t protect you against every identity fraud threat arising from the Equifax data breach.

With the information that hackers got, including access to Social Security numbers, birth dates, and an unspecified amount of driver’s license numbers, you need to take other steps to help lock down your finances.

Here are three important ways you can protect yourself.

Tax Refunds

With your Social Security number, crooks can file false income tax returns in your name, take bogus deductions, and steal the resulting refund. Though you are generally not liable for such fraud, if a criminal manages to change your tax records and receive your refund, it can take months to straighten out the mess.

How to protect yourself. The best defense is to obtain an Identity Protection PIN from the IRS, which is a code that must be filed with your legitimate return for it to be accepted. An identity thief can’t file the fraudulent return without your PIN.

But you can get a PIN only if a fraudulent return has previously been filed in your name, if the IRS determines that you’re an ID fraud victim, or if you live in a high tax-related identity theft locale such as Washington, D.C.; Florida; or Georgia.

The IRS did not yet say whether those affected by the Equifax breach would qualify for a PIN.

Andrew Mattson, a tax partner at the Moss Adams tax firm in Silicon Valley, recommends that taxpayers who don’t officially qualify for a PIN request one anyway, by filing a Form 14039, Identity Theft Affidavit (PDF). “Even if the IRS says no, your account will generally be flagged for additional monitoring for suspicious activity,” he says.

Mattson also recommends that you periodically view your IRS account information, which shows when returns were filed and which refund payments were made. Activity there—if it’s not yours—can be a sign of fraud. The balance updates every 24 hours, usually overnight, but there is a one- to three-week lag in the time it takes for refund payments to show up.

If you suspect fraud, contact your local IRS office using the Taxpayer Assistance Center Office Locator.

Health Insurance

Data from the Equifax breach can be used to steal your benefits from private health insurance, Medicare, or Medicaid when the identity thief uses your coverage to pay for their own medical treatment and prescriptions.

Many health insurers have internal special investigation units and anti‐fraud personnel to root out medical identity fraud, and if suspicious activity is detected, they’ll send email alerts to the policyholder, says Cathryn Donaldson, a spokeswoman for America’s Health Insurance Plans, the trade association of health insurers.

How to protect yourself. Get copies of your medical records from providers to establish the baseline of your health before your records are compromised. Increasingly, online patient portals make this easy to do. Check back regularly to see whether providers you didn’t use are listed and whether you’ve been charged for treatments you never received.

In addition, review your free annual MIB Consumer File, which contains medical and personal information about you reported by health, life, disability, and other member insurers. Do the same for your Milliman Intelliscript report, which tracks your history of prescription drug purchases.

The Federal Trade Commission also says consumers should ask each of their health plans and medical providers for the “accounting of disclosures” related to their medical records. That tells who got copies of your records from the provider. The law allows you to order one free copy from each medical provider every year.

If available, sign up for your insurer’s secure online portal, and regularly review the explanation of benefits, which shows which treatments you received when and from which providers. While there, sign up for fraud alerts via email or text message, which will keep you apprised of benefit payments.

Regularly review your credit report for medical collection accounts that don’t belong to you.

Your Driver’s License

Using your driver’s license number, identity thieves can create bogus driver’s licenses and hang their moving violations on you. With more work and information from phishing or further hacking, identity thieves can create bogus checks to pay a cashier, who “verifies” the shopper’s identity by writing your license number on the bad check.

If this happens to you, you may not discover how your license has been used until a police officer tells you, or perhaps, until a bank closes your account because of too many bounced checks.

How to protect yourself. Ask the motor vehicle department to give you a copy of your driving record; most states charge for this, usually about $10. To find out whether any bad checks are attributed to your driver’s license, request your free annual consumer report from each of the big three check verification companies: ChexSystems, Certegy, and TeleCheck.

If you find that your driver’s license is being used fraudulently, you can file a police report at your local police department and ask the motor vehicle department to flag your license number, which will alert law enforcement officers to be extra careful in identifying people they pull over with your license number. You should also request a new driver’s license number.

If you’re arrested or find criminal charges on your record, go to the Identity Theft Resource Center for advice on clearing criminal identity theft; if you find fraudulent checks on your record, follow the ITRC for advice on resolving checking account fraud. You can also call 888-400-5530 for free assistance.

Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from SherpaThe best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today! 

Article Source: Jeff Blyskal for Consumer Reports

 

How to Protect Your Money After the Equifax Data Breach

If you haven’t already, the first, best, and fastest way to protect yourself from the Equifax data breach is to place a security freeze on your credit files at the big three credit reporting bureaus.

Consumers should apply the freeze to Equifax, and also to Experian, and TransUnion. For extra security, you can apply a freeze to a fourth, lesser-known consumer reporting agency, Innovis.

You can do this by contacting each bureau either through their website or through the customer service number. There may be a fee for placing the freeze.

Equifax stated it would not charge for credit freezes for those affected by the breach.

The massive data breach involves the potential compromise of the personal data of 143 million consumers, including names, addresses, Social Security numbers, and birth dates.

In addition to the credit freeze, there are four more steps to put an iron wall around your money.

Activate Two-Factor Authentication

In today’s world of digital crime and internet fraud, two-factor authentication is an important extra layer of safety. It requires not just a password but a second element, such as a code texted to your smart phone, which you have but a crook can’t easily get. Set up and activate two-factor authentication on all of your existing mobile banking, savings, credit card, home equity line of credit, and other financial accounts that offer it.

Maximize Your Mutual Fund Security

Although the Securities and Exchange Commission requires mutual funds companies to identify, detect, and respond to red flags of identity theft, unlike FDIC-insured banks and NCUA-insured credit unions, these investment firms aren’t required to restore assets stolen by hackers.

You should call your 401(k) plan provider and other investment managers to learn their fraud protection policies, as they can vary from company to company. If your investment company doesn’t explicitly reimburse stolen funds, consider moving your money elsewhere.

Place a Fraud Alert on Credit Reports

A fraud alert is different from a credit freeze. The fraud alert is a notice on your credit report that warns both current and prospective lenders that they must take reasonable steps to verify your identity before granting credit, such as a new credit card or loan, or extending credit on an existing account.

You need to request a fraud alert at one of the big three credit bureaus, which will then pass it on to the other two, and separately place another alert with Innovis. An alert lasts 90 days. If you’re an ID-theft victim, you can get a fraud alert that stays in place for seven years. But you may be better off with the 90-day alert, because that allows you to get a free credit report from each of the four credit bureaus each time you renew the alert, which means you can get up to 16 free reports per year.

Secure Your Smartphone + Email

How you manage your smartphone and email accounts can be critical to your online security. Your phone is where all your second-factor text message codes are sent and where your mobile banking and other money apps live. Email is where your financial institutions send alerts and password reset links.

Here’s how you can make your phone and email harder targets:

  • Activate two-factor authentication on your email account. When you log into your email on an unfamiliar computer or phone, you’ll get a text with the necessary code to complete login. A hacker would need that code, too, but can’t get it without your phone. Better yet, download an authenticator app such as Google Authenticator or Microsoft Authenticator, which generates these codes without the need for texts, which can be intercepted.
  • Use a password management app such as LastPass on your computer’s browser and on your phone. LastPass creates and plugs different passwords into each of your accounts when you log in, so you don’t have to invent and keep track of dozens of passwords. This eliminates the temptation of using the same password for multiple accounts, which can provide a master key for hackers.
  • Never click unsolicited, unexpected, or suspicious-looking links sent to you by email or text. They could download malware capable of spying on your phone or personal computer activity.
  • Follow other security tips for your phone’s specific operating system using the FCC Smartphone Security Checker, a customizable interactive tool.

Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from SherpaThe best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today! 

Article Source:  Jeff Blyskal for Consumer Reports