Preventing Identity Theft

In today's interconnected world, protecting your personal information has become more critical than ever.

Did you know your valuable data costs less than a cup of Starbucks coffee on the dark web? (source)

Here's what info criminals can buy:

• Personally identifiable information package (SSN+full name+driver's license #, passport #, and email address): $4
• Digital passport: $5
• Credit card with a balance between $1,000 and $5,000: $10
• Information about a compromised bank account with a $10,000 balance: $25
• Hacked remote desktop: $35
• Distributed denial-of-service attack: $165 per hour
• Driver’s license: $1k
• Physical passport: $3k

It's a startling reality that highlights the alarming prevalence of identity theft and the urgent need to fortify our defenses.

In this comprehensive guide, we will equip you with the essential knowledge and practical strategies to safeguard your personal information.

Discover the most common tactics employed by identity thieves and learn how to effectively thwart their malicious efforts.

Together, we can outsmart the criminals and protect what matters most – your identity.

Ways you can protect yourself

The police can't protect consumers. People need to be more aware and educated about identity theft. You need to be a little bit wiser, a little bit smarter and there's nothing wrong with being skeptical. We live in a time when if you make it easy for someone to steal from you, someone will.
- Frank Abagnale

Use a password manager

Use different random passwords for all of your services. No exceptions.

Easily generate, store, and track them in a password manager like 1Password, KeePassXC, Proton Pass. They all have mobile apps so you can access your login credentials from anywhere.

Harden your password managers with two-factor authentication (2FA) to make them more difficult to penetrate.

Set up two-factor authentication

Utilize two-factor authentication (2FA) on all of your services, wherever it’s available.

2FA requires that you use a second randomly generated code in addition to your password. It makes it nearly impossible for someone to login to your accounts even when they have your email address and password.

It's either generated in an app like Google authenticator or Authy or sent to you via an email or text message (much less safe and not recommended).

2FA authentication apps also generate backup codes in case something happens to your phone. It's imperative to protect and store these backup codes in a safe place outside of your phone.

Use a hardware authentication key like YubiKey to simplify your life. You can leave it on your key ring and insert it into your USB port when you need to login somewhere. Think of it as a key to your digital home.

Opt-in to paperless billing and shred the rest

Hackers only require small amounts of information to social engineer their way into your accounts.

If you've locked yourself out of an account, many companies still use your home address and last 4 digits of your credit card to let you back in.

The FTC speculates that Americans receive over 4 million tons of mail (pre-approved credit card offers, coupons, bills, statements) each year with this sensitive info. This is a treasure trove for dumpster diving identity thieves.

Sign-up for paperless billing on all of your accounts to produce less mail, and destroy the rest via a micro-cut paper shredder.

Turn off overdraft protection and never use a debit card

Only use your debit card at trusted ATMs.

For every day transactions, use a credit card instead. Credit cards act as a natural intermediary between you and a business. If your credit card is stolen, the issuing bank will resolve the issue almost immediately.

If cash is stolen via your debit card (or by other means), it might take weeks for that money to return, if ever. Large sums are often never returned, and you become completely liable if you don’t report the fraud within a short window (often 48 hours).

Update smart devices, computer, and router

Consistently check for updates to your router and any other smart devices in your home.

If a device hasn't received an update in over a year, check to see if its manufacturer is no longer supplying them. You may want to consider replacing it.

Remember to change their default password at set up. If you want to go the extra mile with your smart home devices, partition them to a separate network on your router.

Use “unlinked” email addresses for finances

If you signup with every service and marketing list with the same email account, there’s a good chance your email is in thousands of databases.

There are database leaks on a daily basis. If a malicious actor gains access to your email account, they can probably gain access to your financial accounts through a password reset at your financial institution.

Mitigate these risks by creating and using a single-purpose email account:

1. Create two new Gmail or ProtonMail accounts with addresses that would be difficult for anyone to guess.
2. Use one address exclusively for your financial accounts. Nothing else, ever.
3. Link the other address as your backup account in case you forget your password (don't ever use this one for anything).
4. Remember to use 2FA on both accounts and do not link a phone number to them.

If you want to go the extra mile to thwart spam, phishing, and preserve your online privacy, use an email alias generator like SimpleLogin.

Overwrite old data on devices

Did you know "deleting" information from your devices doesn't really delete it?

When you delete information, your device just removes the path to that information and marks it as available space on your hard drive to be overwritten later with new information.

Free forensic analysis tools often recover ridiculous amounts of pictures, videos, texts, emails, and other information from phones and computers after they've been factory reset, etc.

The easiest way to prevent this from happening is by overwriting the information:

• Phones: encrypt the device and then load large video files onto it that take up the entire hard drive, then factory reset it. Repeat this a couple times.
• Internal hard drives: use DBAN to overwrite all the information and then perform a factory reset. If you’re not as technical, try encrypting the drive using Bitlocker if it came pre-installed on your Windows machine, and then use CCleaner on it, then perform a factory reset.
• For external hard drives: use CCleaner.

Turn off NFC and Bluetooth unless necessary

It's trivial for hackers to gather information from your phone when you're walking around with any of these protocols turned on. You can automate these settings based on your GPS location via IFTTT applets.

Be wary of random WiFi hotspots

Look for the "HTTPS" or lock icon in omnibox of your browser if you need to use the Internet from public Wifi, but don't trust it enough to login to your banking portal.

You can use a VPN, but most are scams and not created equal. When you use a VPN, you're only changing who can see your browsing activity. If you trust your VPN provider, then use them instead.

Encrypt cloud storage

If you store anything in the cloud that you don't want hackers to access (taxes, accounting, photos, health records, etc.) then secure the information before it touches the cloud by putting it in an encrypted container using a service like Cryptomator. Think of it as a vault inside your cloud storage.

If you want to go the extra mile, encrypt and hide all of your locally stored sensitive data by using VeraCrypt.

Use encrypted chat apps instead of SMS

Your text logs are a treasure trove of personal information to SIM card swap scams and phone thieves that use them for social engineering.

Use an encrypted chat service rather than text message. Telegram and Signal are two prominent ones with self-destructing message features.

Uninstall old apps

Lower your attack surface by uninstalling old or unused apps. The more apps you have on your phone, the more opportunity an attacker has to utilize its permissions.

Even an action as seemingly inconsequential as gathering a list of all your installed apps on your phone can be nefarious when utilized by a hacker.

Android has a great proprietary app that helps you identify unnecessary files and apps to remove.

Sign up for Have I Been Pwned?

This free service alerts you if your email address has been identified in a data breach.

You can use this information as a reminder to reset your password and double check that you utilize 2FA.

In Brief

Protecting your identity is not just an option; it's a necessity in today's digital era.

Don't let cybercriminals profit from your personal information. By implementing the strategies outlined in this article, you are taking proactive steps to safeguard your personal information from falling into the wrong hands.

Take charge of your online security, and encourage others to do the same. Share these valuable insights with friends, family, and colleagues to create a safer digital community for everyone. Together, we can create a strong line of defense against identity theft and ensure a more secure future for all.