Identity Theft

Updated: 9/9/2024 with new links to Freeze your Credit.

Identity Theft is when a hacker uses your personal identifying information and pretends to be you in order to commit fraud or to gain other financial benefits. Thieves look to steal user’s personal information: full name, home address, email address, online login and passwords, Social Security number, driver’s license number, passport number, or bank number.

How do they get My data?

Some of the most common ways personal information is stolen is through phishing attacks, skimming attacks (stealing this data off your magnetic strip of your credit card) by placing a card reader over top the real card reader at a Gas Pump, or ATM machine, and even WiFi hacking. They can also purchase this information on the dark web from hackers who have breached company databases and sell access to “Identity” information dark web forums.

What harm can they do with my data?

Once hackers have some or all of your personal information, they use it to register for a Credit Card in your name or take a loan out in your name.  If they breached a company and stole hundreds, thousands, or millions of records, they might turn to the dark web to sell your private data to other hackers who might steal your identity.

Source: Norton

Additional Reading: How To Protect Information From Identity Theft

Related Terms: Phishing, Social Engineering

What should you do as an SMB Owner?

Protecting your staff’s personal information and assets from being stolen is an important action to be taken in any business. Many business owners don’t realize that the threats don’t stop at the office doors, employees go home and may have less secure measures in place to defend against cyber threats at home. That can lead to an infection from home showing up at the office unknowingly. Protecting your staff and business from these threats is vital. Follow CyberHoot’s best practices to reduce the likelihood of you or your employees becoming victims to identity theft:

• First and foremost, to prevent identity theft and the issuance of credit in your name, lock your credit with all four credit agencies as outlined below (see below).
• Second, train employees on cybersecurity basics, helping them become more aware of the threats they face when interacting online. (Phishing, Social Engineering Attacks)
• Phish Test Employees
• Be wary of public, unsecured WiFi (use a VPN if dealing with sensitive information)
• Govern employees with the proper policies, following NIST Guidelines (WISP, Acceptable Use, Password Policy, etc) 
• Employ a Password Manager, require it in your Password Policy 
• Enable Two-Factor Authentication wherever possible
• Work with your IT staff or third-party vendors to ensure your critical data is being encrypted properly
• Regularly back up critical data according to the 3-2-1 method
• Use the principle of least privilege 
• Subscribe to CyberHoot’s Newsletter to stay current with the always-changing cyber threats.

By implementing these measures at your business you’ll become more aware and more secure.  You may not have perfect security but you’ll be doing what you can to reduce the risks you face.

How and Where to Lock My Credit:

Anytime static data that cannot be recreated is breached there are long-term consequences which is the case with the Equifax breach and the more recent NPD Breach both of which included financial data including: Social Security Numbers, birth dates, home addresses, and driving license numbers.  Putting a credit freeze on your account will protect you largely from hackers taking credit out in your name, but doesn’t prevent them from submitting fraudulent tax returns in your name. Get your tax documents in order and submit them as early as possible.

Primary Credit Bureaus

All links last Updated: 9/15/2024

Visit the following Primary Credit Bureaus and Freeze your Credit to protect yourself from hackers taking out credit in your name.

Transunion Credit Freeze
Equifax Credit Freeze
Experian Freeze Center
Innovis Security Freeze

Secondary Credit Bureaus

You should also consider freezing your credit at the following Secondary Credit Bureaus
ChexSystems Security Freeze
Clarity Services Security Freeze

Lexis/Nexis Security Freeze (formerly Sage Stream)

Certegy Security Freeze:  no online freeze available, you must call them (800-237-3826).
CoreLogic Teletrack Credit Freeze: Update 9/29/2024: CyberHoot Blog Reader Derek Langley updated CyberHoot that Teletrack had added an online freeze website form you can use if you don’t want to call them at 877-309-5226 to request a freeze.

MicroBilt/PRBC Freeze Details Webpage: no online freeze available, you must fill out this form at this URL and send it in.

Credit Bureaus are often Missing Multi-Factor Authentication for Credit Freeze Accounts!

Apparently, this commonplace security measure is not universally available for Credit Freeze websites.  This is why CyberHoot highly recommends you use the longest password possible on these accounts and store them in a password managers.

Here’s a list of which credit agencies support or do not support MFA as of 9/1/2024:

Transunion: supports MFA
Equifax: supports MFA
Experian: supports MFA
Innovis: Not available
ChexSystems: Not available
Clarity Services: Not available
Lexis/Nexis Security Freeze (formerly Sage Stream):  Not available
MicroBilt/PRBC: Not available

To learn more about Identity Theft, watch this short 2 minute video:

https://www.youtube.com/watch?v=Fztuohj3Fck

Secure your business with CyberHoot Today!!!

Sign Up Now