Identity theft is a huge black market industry, costing US consumers $1.52 billion in 2011 and stealing headlines all last year. Here are five habits that all but guarantee you'll become just another statistic in 2013—and how to break them.
You Keep Your Social Security Card in Your Wallet
You never know when you'll need to open a bank account, admit yourself to the hospital, or apply for a job, so it only makes sense to keep your social security card on you at all times, right? Wrong. A valid social security number (SSN) used in conjunction with your driver's license or banking information is more than enough data for thieves to establish false accounts under your name. And all that's required to obtain these documents is to lift your purse or wallet.
Instead: Memorize your SSN—c'mon, it's fewer digits than your phone number—and lock the physical card away somewhere safe. If you have a Medicare card, which also displays your SSN, photocopy it and black out all but the last four digits (on the copy, you'll still need to show the original to your doctor's office).
You Give Your Personal Info to Anybody That Asks for It
Oh boy! The nice man on the phone says you may have already won a Hawaiian vacation, all you need to do is provide some basic verification information—your name, address, SSN, mother's maiden name, blood type, and a few other details—and he'll send the plane tickets post haste. What could possibly go wrong?
Phone scams like this, wherein a thief calls you posing as a bank, government agency, or legitimate business and pumps you for personal identifying information (PII) with promises of fabulous prizes and rewards are nearly as old as the telephone itself.
Instead: Be cynical. Never give out PII over the phone unless you've initiated the call. If someone calls offering a reward too lucrative to pass up, ask them to send you a written application form. Or if the caller claims to be from, say, your bank, hang up, call the company's customer service line (usually found on the back of the ATM card and on the company's website) and independently verify that the call was legit before handing over your info.
The same goes for in-person information requests—be vigilant when your HR department, doctor's office, or the DMV asks for sensitive information. Don't hesitate to inquire about what the information will be used for and what happens if you refuse. It certainly can't hurt.
You Actually Respond to Spam
Who wouldn't want "Cheep C1alis to make her love you long boom" and a seven-digit inheritance from a long-lost relation that just so happens to be Nigerian royalty? Hopefully you. These email-based phishing attacks are no better than the phone-based social engineering scams that preceded them but, luckily, are just as easy to see through. If you don't recognize the sender, the text is garbled or if anything else seems fishy, simply mark the message as Spam in your email client and move on.
While low level scams like the Nigerian Price are identifiable by their bountiful spelling, grammar, and syntax errors, more sophisticated schemes are harder to spot. They may mirror the corporate letterhead of popular social services, shipping companies, banks, or government institutions to appear legitimate or use threats to coerce you into following a blind link. But no matter how authentic they may first appear, you can still spot the fakes with a bit of scrutiny. Be wary of any request for personal information. Reputable businesses already have your PII on file and therefore have no reason to ask for it again. Also, if a suspicious message demands you verify login data at a linked website, mouse over the hypertext without clicking and compare the two addresses—if they don't match, bail.
The same goes for social networks. Not only should you be sparing in the amount of personal information you post and how openly you share it, never follow the blind links in messages from people you don't know in real life. Yes, I'm sure "Rebeccah" is going to do all sorts of nasty shit to her webcam—while her website injects some equally nasty malware into your browser and compromises your computer's security.
Instead: You've heard this before, but regularly change your passwords and make sure those you use are sufficiently robust. This isn't 1997, mind you—God, Love, Sex, and your dog's name simply don't cut it anymore. Instead, come up with a catchy mnemonic phrase like, "Well shit, if it's gonna be that sort of party, I'm gonna stick my dick in the mashed potatoes." You know, something easy to remember. Then create an acronym from it, WSIIGBTSOPIGSMDITMP, and replace the vowels with numbers to create a highly secure, impossible-to-guess super password: WS11GBTS0P1GSMD1TMP. Your passphrase doesn't need to be this long of course, but should be at least eight words in length.
You Shred Nothing
Once your trash is out on the curb, it's fair game for anybody willing to rummage around for it. In fact, the practice of dumpster diving, retrieving PII and personal documents from the garbage, is a common tool for identity thieves.
Instead: Invest in a pair of file shredders—one for your paper documents and one for your electronic ones. Cross-cut shredders provide a more secure means of eliminating your paper trail by slicing and dicing sensitive documents into confetti, which makes them much more difficult to reassemble than a basic slice-cut shredder. Every document you dispose of that displays more than your name and home address needs to go through the shredder before going in the trash. That includes "preapproved" credit cards, medical bills, the labels off of prescription bottles, receipts, credit card and bank statements. Similarly, programs like CCleaner or Eraser for Windows and Permanent Eraser for OSX, are all very effective at destroying and overwriting your digital documents as to render them unrecoverable.
You Never Check Your Credit
What, it's not like you're buying a car or house anytime soon. Why bother checking your credit score for accuracy? Because, ya dummy, your credit report bears record of all your current and past charge accounts as well as your payment history with each.
Instead: By keeping an eye on your credit report as well as your monthly bank and credit card statements, you'll be able to catch any incorrect information before it becomes an issue and nip any fraud in the bud. What's more, each of the three primary credit agencies—TransUnion, Equifax, and Experian—is required by law to provide you one free credit report every year. Space your requests out quarterly and you'll be able to monitor your credit year round. Head over to AnnualCreditReport.com, which was created and authorized by these credit agencies, to request a report. This service does only provides the credit report itself; the agencies charge a separate fee to check your summary credit score. Also, avoid shady reporting services that require enrollment in pricey credit monitoring programs or charge a fee for pulling the report.
If even following these tips, you find yourself the victim of identity fraud, get off your ass and fix it—like now—before your finances and reputation are left in ruin. File a report with the Federal Trade Commission (FTC) by calling 1-877-ID THEFT or on the FTC website.