One common misconception about fraud and identity theft is that it takes a highly intelligent, tech-savvy person to perpetrate an attack. Sure, it requires a special breed of hacker to carry out a large-scale intrusion like last year’s Target credit card breach or the more recent Ashley Madison scandal, but the majority of incidents happen on a much smaller scale and the tactics employed are low tech. They are designed to take advantage of opportunities where your personal information is viewable just long enough to be compromised. No password or 128-bit encryption required. For consumers, this means that it’s just important to keep the personal information in our wallets just as secure as the information we keep stored online. Here are just a few of the common low-tech (but no less inventive) ways that identity theft can be carried out.
Shoulder Surfing
Shoulder surfers use crowded, public settings where people are likely to flash their ID, debit or credit cards to quickly read and memorize personal data from unsuspecting victims. This is most common at walk-up ATMs where an attacker can simply glance over your shoulder to view a credit card or pin number. If someone is standing too close for comfort at your ATM, don’t hesitate to ask for a little space or find a different machine. An awkward conversation or a little added inconvenience certainly beats a bank statement full of unauthorized purchases. Shoulder surfing isn’t always about seeing your information. It can also be about hearing it. Avoid saying any kind of personal information while making a cell phone call in public, even if it’s just your birthday. This type of information might seem harmless, but it actually provides an identity thief with a strong hint for usernames and passwords.
Dumpster Diving
Even highly skilled hackers have to start somewhere. They need that first little bit of information, like a parent’s name or the college you attended, to start building a data profile that can be used to crack passwords or answer security questions on your behalf. A great place to start is the garbage, which can contain a treasure trove of discarded bank statements, junk mail, receipts and other personal documents. How do you outsmart the dumpster diver? Easy. Buy a paper shredder and set it next to your trash can. Shred everything, especially credit card offers and bank statements. That way when an identity thief starts going through your trash they only find scraps of paper and spoiled food. Also, when it comes to receiving credit card statements and paying bills, consider going paperless. It’s one less piece of mail, and one less thing to worry about.
Impersonation
We are so used to being asked for personal information over the phone and online, that it can become an automatic response. Con artists and data thieves love to take advantage of this bad habit. If you receive a call from a company that seems legitimate or that you regularly do business with (like a bank or utility), do not offer any personal information. To avoid fraudulent activity, most companies have a policy that they do not directly call their customers to inquire about personal information. There is no harm in asking if you can call the person back with the information at a later time. If they refuse, hang up. If they agree, verify that the phone number they give you matches that you regularly use to contact this company.
Kay Hadashi says
Thanks for the reminders, Terry.
Terry says
You’re welcome, Kay. Aloha!