Weisman: Simple steps to foil an identity thief

When it comes to identity theft, things aren’t as bad as you think – they are much worse and 2016 is shaping up to be a banner year for identity thieves.  There is nothing you can do to totally protect yourself from identity theft, partly because much identity theft occurs due to poor security at places with which you do business that fail to adequately protect your personal information. But there are many basic steps you can take that can dramatically improve your chances of avoiding identity theft.

Last week, I provided you with nine such steps.

Today I offer eight more.

1.  My first tip today is actually a repetition of my first tip from last week, but it is so important it warrants repetition.   Always remember my motto, “Trust me, you can’t trust anyone.”  Never give your personal information to anyone who contacts you by phone, text message or email because you can never be sure if they are legitimate or not.

Giving personal information such as your Social Security number or credit card number to someone who contacts you regardless of how legitimate they may appear is a recipe for disaster.  If you think the communication is legitimate, merely contact the real company, such as your bank or credit card company, at a telephone number that you know is accurate to confirm that the initial contact was not a scam.

2.  Because your protection from identity theft is only as good as the data security at the places that have and store your personal information, you should limit as much as possible the places that have your Social Security number and other personal information.  Many companies ask for your number although they have no real need of it.  Your doctor, for instance, does not need your Social Security number.

3.  More and more of us use our smartphones for purchases, banking and other financial transactions, but many people fail to take essential precautions to protect our smartphones from identity thieves.

Protect yours with a complex password, install security software on your smartphone, use encryption software to protect your communications, only get apps from legitimate app stores  such as iTunes or Google Play that attempt to vet apps before offering them, utilize your smart phone’s auto-lock feature and never use public Wi-Fi for anything of a financial nature.  Public Wi-Fi cannot be trusted for financial transactions.  Rather, use a Virtual Private Network (VPN) that will encrypt and protect your communications whenever you use the Internet on your smartphone.

4.  It is important to not only install anti-virus and anti-malware software on all of your electronic devices — including your computer and smartphone — but it is just as critical to update your security software with the latest security patches as soon as they are available.

Many of the current hacking scams and identity theft schemes rely on malware for which security patches have already been issued, but many people, to their great detriment, fail to install.  It is also important to remember that you cannot totally rely on your security software to protect you, because the security software companies are always playing catch-up with the latest malware and generally are at least 30 days or more behind when it comes to developing patches for newly discovered software vulnerabilities.

5.  Remember Murphy ’s Law: “What can go wrong, will go wrong.” So it is a good idea to have two computers at home: One that you use exclusively for financial matters and other purposes where you need to use sensitive, personal information and another computer that you can use for all other purposes.

This is particularly important if you have young children using the computer.  They often will download free video games or free music without realizing that they are also downloading keystroke-logging malware that will steal all of the personal information from your computer and use it to make you a victim of identity theft.

6.  Ransomware is a problem about which I warned you a year ago.     But it is getting much worse.  Once downloaded on to your computer or smartphone, generally through phishing or spear phishing, ransomware encrypts and locks all of the information contained on your computer or smartphone and you are then told by the cybercriminal that unless you pay a ransom, all of your data will be destroyed.  The best way to protect yourself from the latest versions of ransomware is to back up all your data each day in the Cloud or on a USB drive.

8.  Identity theft is high tech, low tech and no tech so it is also important to protect yourself by shredding documents you are disposing rather than merely putting them in the garbage, where your trash can be an identity thief’s treasure.  Also, get a mailbox with a lock so that an identity thief cannot steal your mail and use it to make you a victim.

Protecting yourself from identity theft may seem like a daunting task, however, to put it into perspective I would like to share this story.  I used to work as a professor in a college program in the state prisons of Massachusetts.  One of my students was serving two consecutive life sentences, which technically meant that after he died, he would start his second life sentence.  I asked him how that worked.  He said that when he was sentenced, he yelled at the judge, “How do you expect me to do two consecutive life sentences?”  to which the judge responded, “Just do the best you can.”

Following the steps I have described in this column and last week’s column will not guarantee that you will not become a victim of identity theft.  But just do the best you can and you can significantly narrow your chances of becoming a victim of identity theft.

Steve Weisman is a lawyer, a professor at Bentley University and one of the country's leading experts in scams and identity theft. He writes the blog scamicide.com, where he provides daily update information about the latest scams. His new book is Identity Theft Alert.