Keep Your Identity to Yourself

Although many things have changed since the first version of this missive in the fall of 2017, the threat from identity theft, unfortunately, is not one of them. It is still one of the most pervasive crimes in the U.S. (and the world) today, just like it was back then. And as a reminder, identity theft involves the unauthorized acquisition and use of someone’s personal information, such as social security numbers, credit card numbers, or bank account details, to commit fraud or other crimes. As our world becomes increasingly interconnected and resources available to the bad actors have improved, the risk of identity theft has grown, affecting individuals, businesses, and governments alike.

Further, most victims are not even aware that they’ve been hacked for many months. Fraudsters using your basic financial information can file tax returns in your name to make refund claims, open new credit cards or other credit facilities in your name, steal government benefits, damage your credit status, attempt to wire funds from your accounts, and much more.

Identity theft can take many forms, each with unique characteristics and implications:

• Financial Identity Theft: The most common type, where thieves use stolen personal information to access credit, loans, and financial accounts in the victim’s name.
• Medical Identity Theft: Occurs when someone uses another person’s identity to obtain medical services, prescription drugs, or file fraudulent insurance claims.
• Criminal Identity Theft: Involves the perpetrator using someone else’s identity during an arrest or investigation to avoid legal consequences.
• Child Identity Theft: Thieves use a child’s Social Security number to open accounts, apply for loans, or obtain government benefits, often going undetected for years.
• Synthetic Identity Theft: Criminals combine real and fake information to create a new identity, which they then use to open fraudulent accounts.

Identity theft occurs through various methods, some of the most common include:

• Phishing: Fraudulent emails, websites, or messages that trick individuals into revealing personal information.
• Data Breaches: Large-scale theft of personal information from organizations, exposing millions of individuals to potential identity theft.
• Skimming: Devices attached to ATMs or point-of-sale terminals that capture card information.
• Dumpster Diving: Criminals retrieve discarded documents containing personal information from trash bins.
• Social Engineering: Manipulating individuals into divulging confidential information through deception or manipulation.
• Malware and Spyware: Malicious software that infiltrates devices to steal sensitive information.

The consequences of identity theft are far-reaching and can include:

• Financial Loss: Victims may suffer significant financial losses due to fraudulent transactions, loans, or lines of credit taken out in their name.
• Credit Damage: Identity theft can severely damage an individual’s credit score, making it difficult and more costly to obtain loans, credit, or even employment.
• Legal Issues: In cases of criminal identity theft, victims may find themselves entangled in legal disputes or investigations.
• Emotional and Psychological Stress: The process of resolving identity theft can be long, stressful, and emotionally taxing for victims.

Per Federal Trade Commission (FTC) data,ⁱ the number of fraud and identity theft cases has risen to between 5-6 million per year:

The states with the highest incidents of fraud and identity theft (per capita) are:

Recovering from identity theft is a long and arduous process, and although most of the monetary damage can be corrected over time, you could end up being out more money than you think. Legal fees, late charges and penalties, lost wages, credit monitoring expenses, etc. could cost thousands of dollars. In addition, the time and emotional distress of identity theft and fraud should not be discounted.

So, what can be done to minimize the chances of identity theft and fraud? Well, there is no simple answer, and prudence requires awareness of the multiple ways in which we are vulnerable. Below are a few of our suggestions.

Online, Be Alert

Make sure you understand with whom and why you are sharing personal financial information.

• Avoid phishing emails by not opening files, clicking on links, or downloading programs sent by anyone you do not know. Phishing has become very sophisticated and can be among the most successful vehicles for hackers.
• Use strong passwords (include numeric and special characters) and change them somewhat regularly. Avoid simple passwords that can be easily identified in a dictionary search, or with you, such as children’s names, favorite sports teams, home address, phone numbers, etc. Also, do not use the same password for your e-mail and online accounts.
• Artificial intelligence (AI) is being deployed to hack passwords and is known to hack some passwords in less than one second (those 8 digits or less that are alpha or numeric only). Choose your passwords accordingly. 
• Use dual factor authentication whenever possible. For example, at Schwab, using a mobile app, you can obtain one-time password protection, which is a single-use numeric password that you use in addition to your usual password when logging in to Schwab’s website. You can call 1.800.435.4000 to enroll.
• Of note, personal e-mail accounts and financial accounts should be prioritized for the highest level of security, including both strong passwords and dual factor authentication. 
• Do not give personal information on the phone unless you have initiated the contact.
• Remember to wipe an old computer or cell phone of all data before trading it in for a newer model.
• Use encryption on data and messages whenever possible.
• Sign up for credit monitoring.
• Consider freezing your credit (more info below). Never post personal financial data on social media or send via email.
• Use security software such as anti-virus software, anti-spyware software, and a firewall.
• Be careful using any public wireless/wi-fi network, and never send any personal financial data on an unprotected network. If one must use public wi-fi, a best practice is to access via a virtual private network (VPN). 
• Although convenient, do not use an automatic login feature that saves your username and password, and always use the log off function when finished with a website or app.
• Consider establishing an account with Social Security and safeguarding the credentials.
• Lastly, another best practice is to set up a guest wi-fi network at home to better protect your primary wi-fi network from kids and guests that are not as cyber aware. Bad actors are looking for weak spots in corporate executives’ home wi-fi networks to hack into their company’s systems.

Even Offline, Keep Your Information Secure

Keep your financial documents and records in a secure place at home (safe) or in a safe deposit box at a bank.

• Lock your wallet or purse in a safe place at work.
• Limit what you keep in your wallet or purse, taking only the identification and debit/credit cards that you will need at the time. Leave Social Security cards at home.
• Shred receipts, credit card offers and applications, insurance forms, checks, and bank or physician statements when you no longer need them.
• Remove and destroy the labels on prescription bottles before you dispose of them.
• Take outgoing mail to the post office or at least a collection box. Also, remove mail from your mailbox as soon as possible.

Other Actions to Consider

Consider establishing an online account with the Social Security Administration (before someone else does). This allows you to control your account before a hacker could falsely create one with your social security number. To do so, go here: https://www.ssa.gov/myaccount/.

A credit freeze allows you to restrict access to your credit report, which makes it more difficult for someone (including yourself) to open an account or loan in your name (as an FYI, the freeze does not impact your credit score). To place a freeze on your credit report, you would have to contact each of the nationwide credit bureaus (and there could be a fee based upon your state of residence):

• Equifax – 1.800.349.9960, www.freeze.equifax.com 
• Experian – 1.888.397.3742, www.experian.com/freeze
• TransUnion – 1.888.909.8872, www.transunion.com/credit-freeze/place-credit-freeze2

You have flexibility to lift the freeze, temporarily or permanently, if you need to open a new account, buy a house, or rent an apartment, etc.

A fraud alert allows new accounts or loans to be opened, but only after a verification process. There are three types of fraud alerts available:

• Initial Fraud Alert – If you are concerned about identity theft, but have not become a victim, this alert will protect your credit from unverified access for 90 days.
• Extended Fraud Alert – For victims of identity theft, this will protect your credit from unverified access for seven years.
• Active-Duty Military Alert – For those in the military who want to protect their credit while deployed, this protection lasts for one year.

To place a fraud alert on your credit report, you would have to contact one of the nationwide credit bureaus (there is no fee to place a fraud alert).

Many insurance companies, including the major insurers such as State Farm and Allstate, offer identity theft insurance as a rider to your homeowners or renters insurance policies. Although not terribly expensive (as little as $25 to $50 per year), the insurance (generally up to $25,000) is mostly to cover expenses (such as legal fees, etc. mentioned above) accrued while repairing your credit. Some policies will provide a consultant or case manager to help you clean up the mess.

If You Suspect Identity Theft

If you suspect you have become a victim of identity theft, consider acting quickly to minimize any negative consequences:

• Place a fraud alert or credit freeze on your accounts.
• Contact any vendor, bank, or institution directly affected.
• Contact the FTC and file an Identity Theft Affidavit and create an Identity Theft Report. You can file your report by calling 1.877.438.4338 or visiting www.IdentityTheft.gov. 
• Contact your local law enforcement and file a police report. This police report, combined with the Identity Theft Affidavit, are needed to create your Identity Theft Report. This report will be necessary when working with the credit reporting agencies and others in repairing your credit.
• If your social security number was compromised, contact the Social Security Administration (SSA) at 1.800.269.0271 and the Internal Revenue Service (IRS) at 1.800.829.0433.
• Contact the Postal Inspection Service (the law enforcement and security branch of the postal service) if you believe the theft or fraud was committed by mail, or if any fraudulent change-of-address forms were submitted.

Clearly, this list is (exhausting, but) not exhaustive, so to obtain more information, please see the FTC website for details. With more and more of our lives being realized online, including our financial information, and with criminals in a continuous game of technological one-upmanship with law enforcement, what the future holds for data security is unknown. Will biometric and other technologies make us (and our data) more secure, or will sophisticated fraudsters stay one step ahead? Regardless of the ultimate answer, doing what you can to minimize identity theft and fraud seems to make a lot of sense.

If you would like to discuss any of this in greater detail, please do not hesitate to reach out to your advisor. Stay safe!

[i] https://www.ftc.gov/system/files/ftc_gov/pdf/CSN-Annual-Data-Book-2023.pdf 

Wealthspire Advisors is the common brand and trade name used by Wealthspire Advisors LLC and its subsidiaries, separate registered investment advisers and subsidiary companies of NFP Corp., an Aon company.

This material should not be construed as a recommendation, offer to sell, or solicitation of an offer to buy a particular security or investment strategy. The information provided is for informational purposes only and should not be relied upon for accounting, legal, or tax advice. While the information is deemed reliable, Wealthspire Advisors cannot guarantee its accuracy, completeness, or suitability for any purpose, and makes no warranties with regard to the results to be obtained from its use.

Please Note: Limitations. The achievement of any professional designation, certification, degree, or license, recognition by publications, media, or other organizations, membership in any professional organization, or any amount of prior experience or success, should not be construed by a client or prospective client as a guarantee that he/she will experience a certain level of results or satisfaction if Wealthspire is engaged, or continues to be engaged, to provide investment advisory services.

Certified Financial Planner Board of Standards, Inc. (CFP Board) owns the certification marks CFP®, CERTIFIED FINANCIAL PLANNER^®, and CFP® (with plaque design) in the United States, which it authorizes use of by individuals who successfully complete CFP Board’s initial and ongoing certification requirements.