Merging Into Life: Identity Theft

[00:00:56]
Amanda Greene: Welcome to Merging Into Life, where we navigate life’s milestones one episode at a time. Brought to you by AAA Northeast. I’m your host, Amanda Green. Today we’re going to talk about protecting your identity. We live in a complicated digital world. Data breaches, scams, identity theft. I try to be careful. We all do, but scammers are always developing new and better ways to trick us out of information and money. It takes constant vigilance and skepticism to always be on the lookout for someone, somewhere trying to get something from you that you don’t want to give.

So today we’ve got two guests here to tell you everything you need to know about protecting yourself online from identity theft to scams. We’ll hear from Robert Siciliano, CEO of Protect Now, but first, Mike Bruemmer, Vice President of Consumer Protection for Experian. Mike works with clients who have suffered data breaches and consumers who have fallen prey to online scams. What are some of the more common types of scams that you think people should look out for?

[00:02:04]
Mike Bruemmer: Sure, I’ve got a laundry list. So, romance scams. They’re big anytime of the year, but there’s something beyond a romance scam called pig butchering scam that’s happening right now. Now it sounds a lot worse than it is, but basically you would fatten up a hog before you’d take it to slaughter. It’s the same thing that’s done with the lead in a romantic relationship to get someone to invest. It’s generally cryptocurrency, it might be other assets. And then they get you to transfer those assets to someplace where they can control them and you’ve fallen for it because you think you’re following love, not following fraud.

[00:02:44]
Amanda Greene: So catfishing has now turned into pig butchering?

[00:02:48]
Mike Bruemmer: Yes, it’s another name. And who comes up with these? I don’t know, but that’s the one because of cryptocurrency in particular, it’s making a big headline. You let down your guard when you get in a romantic relationship. But just like having one too many drinks at the bar, your inhibitions go out of the way and you make some decisions that may not be good for financial health, let alone other things.

[00:03:12]
Amanda Greene: And it seems like these scams just come across very believable.

[00:03:16]
Mike Bruemmer: Yes. And then a couple more. Event scams, tickets that are 50% below the market.

[00:03:24]
Amanda Greene: Too good to be true.

[00:03:25]
Mike Bruemmer: Too good to be true. Just to round it out – this is a year- round thing with all the natural disasters that are happening – there are what we call charity scams. So you’ve had a forest fire, you’ve had a hurricane, you’ve had a power outage, and people are in need. They’ll send you a link to donate, even using different language and alphabets to spoof that site, then you’ve clicked on the link and it’s too late at that point because it may already be downloading malware in your system.

And then finally, when you talk about any type of retail, the scams that are involved, you should never use a debit card. You should always have a throwaway, low value credit card that you can use that limits your exposure if you’re shopping online.

[00:04:08]
Amanda Greene: I think everyone wants to believe or think that they would never fall for something like that, and yet it still happens all the time. Who do you think is most vulnerable of falling for a scam?

[00:04:21]
Mike Bruemmer: We’ve seen the most vulnerable classes of folks are young people under the age of 30 because they don’t understand cybersecurity and they have big social media footprints. They’re not aware of some of the cyber hygiene and they’re very trusting. At the same time, the senior citizen class, because they are not as confident with their devices, they also are trusting and they also don’t maybe have the faculties there. But I think what’s important is that even in the middle, everybody – because we’re human – can make a mistake. A determined hacker is going to figure out what your weakness is.

Let’s say you’re into model airplanes or you’re into cars or you’re looking for romance. They will do the work individually to find your weak spot. And so the center of it, we also say that 90% of all the data breaches occur not because of software, not because of hardware, not because the hackers are so smart. It’s because humans are vulnerable and they make mistakes.

[00:05:27]
Amanda Greene: What can people do to recognize these scams as they’re happening and protect themselves from identity theft from these scammers?

[00:05:34]
Mike Bruemmer: Don’t answer unknown numbers. If you hear that space at the beginning of the sentence, it’s generally an auto- dialer.

[00:05:40]
Amanda Greene: So we really shouldn’t be answering inbound calls that we don’t recognize.

[00:05:45]
Mike Bruemmer: Same thing with text. I don’t respond to text unless I’m expecting that text from the person. Because if someone gets into your active directory on your phone and steals any of your contact information, they can go ahead and pose as a good friend of mine sending me an email: ‘Hey, I happen to be in town. I’d like to go ahead and get a seats for the basketball game. Will you Venmo me $ 500 and I’ll buy them for us?’

[00:06:10]
Amanda Greene: I didn’t know someone could log in and get your contact information. Didn’t realize that was even a possibility.

[00:06:16]
Mike Bruemmer: That’s why you should always lock your phone. There was a scam that went around a local airport recently where there were people on the other side of security screening waiting and watching for you to have an unlocked phone. Say you were on a phone call going up to security. Some of us do say, ‘Hold on, let me put the phone in the bin and I’ll pick up the call on the other side.’ So ,the phone is unlocked. The person on the other side creates a diversion, gets your phone, takes it off into the bathroom around the corner and within a couple of minutes they can download everything on your open phone. Then they come back to security, you’ve gone through and you go, ‘Oh my gosh, where’s my phone?’ And all of a sudden the phone appears at the end of the line, and you think, ‘Oh hey, I got my phone back.’ You don’t report it, you don’t say you lost it to your company if it was a company phone. And then all of a sudden you have identity theft occurring because someone’s downloaded all your contacts, particularly with personal identity information.

[00:07:14]
Amanda Greene: Wowie, how else can we protect ourselves?

[00:07:18]
Mike Bruemmer: I would say that things that most people don’t do that are really simple and easy and they’re in most cases free. One, make sure that you have a password manager and there’s two reasons for that. One, it’ll store all your passwords without remembering one thing except a master password. Second thing is it will auto- generate complex and long passwords so that you can have them securely on the site.

[00:07:43]
Amanda Greene: All right, what else are we doing to protect ourselves?

[00:07:45]
Mike Bruemmer: Well, the other thing that I think is very available and people don’t think about it is having multi- factor authentication on your account. So banks, insurance companies, anything associated with your financial history. This is a username and a password, but then they’ll put on there that they have to call your phone or they have to text you to authenticate you to a third piece of equipment so that your identity can’t be just spoofed if somebody gets your username and password.

[00:08:18]
Amanda Greene: What is your opinion on using face ID to unlock information on your phone to open up apps like your banking app? Does that open you up to additional risk or is that safe to use?

[00:08:30]
Mike Bruemmer: I think anything with biometrics, whether it’s a retinal scan, a face ID, a fingerprint or a voice print, is much harder to spoof than a password that’s been out there. And in many cases, unfortunately, a lot of people reuse their passwords. That’s another reason why you have a password manager so you don’t reuse that. Biometrics in general, let alone face ID, are a good thing.

[00:08:54]
Amanda Greene: Mike will be back with more. But right now I’d like to get into another online risk, identity theft. Here to guide the way is Robert Siciliano.

[00:09:03]
Robert Siciliano: I am CEO of my company, ProtectNowLLC. com. We provide security awareness training, so I speak on how to avoid and remove yourself from dangerous situations in the virtual world.

[00:09:17]
Amanda Greene: Let’s start here. What is identity theft?

[00:09:21]
Robert Siciliano: Identity theft is when somebody takes your personal identifying information, which generally includes, first and foremost, your name, your social security number, and then your date of birth, and in some cases your physical address. And they use that information to open up new lines of credit, get a loan for a home, a car, a boat, a utility, and so forth.

When they use your PII, personal identifying information, including your social, that is pure identity theft and that can lead to bad credit because when the bad guys open up new lines of credit under your name, they’re not going to pay the bill, they’re going to max you out and they wreak havoc.

[00:10:02]
Amanda Greene: How big of a problem is this?

[00:10:04]
Robert Siciliano: Well, certain studies show that there are billions and billions of our records exposed. And what that means is your name, your address, your phone number, your social security number, your email address, and in many cases your passcodes are out there on the dark web being bought and sold, traded and being used to access existing lines of credit or opening new lines of credit.

They may not have got to you yet, meaning they may not have used your social security number yet to open up new lines of credit. They may not have used your usernames and passcodes to access your accounts, but it’s just a matter of time until they do.

[00:10:41]
Amanda Greene: Do you have any real stories of how someone was affected long- term consequences of identity theft?

[00:10:49]
Robert Siciliano: Oh, man. I get calls and emails from victims of various crimes weekly, and it’s heartbreaking. For example, years back I was involved in a construction project in my own property. There was this one particular job revolving around installing concrete on the property, and there was this one kid that was on the job. I was like, “So what are you doing here, man? How’d you get involved in concrete?” He’s like, “Yeah, I’m really not supposed to be here.” I go, “Well, what does that really mean?” He’s like, “Well, I applied for college out of high school. I was an honor roll student and I just couldn’t get in because I couldn’t get any loans.

Somebody stole my identity and I didn’t know about it. And when I applied for loans to get into college, I was denied. I’m doing this job until I get that straightened out.” So here’s a kid just starting off in the world. His identity’s stolen and he’s in a job that he’s not good at. He doesn’t want to be in. His future is already stunted because he can’t go to college to pursue his dreams because his identity’s stolen. He can’t get the loans to go to school. It happens all the time simply because people don’t know what their options are ahead of time.

[00:12:00]
Amanda Greene: I guess I’m surprised to hear that an 18- year-old could already have their life sidetracked because of identity theft. How did that happen so young?

[00:12:08]
Robert Siciliano: So we live in a society, in a culture, in a system where we identify people based on their social security number. And so when you apply for a loan, when you apply for credit, the very first thing they ask for is your social security number. And that is used to access and check your credit. Now, the US government and the IRS has required that parents provide the social security number of their baby in order to claim that child on their taxes for refunds and rebates and so forth.

So, what that means is babies can have credit because we use the social security number as the primary identifier. The very first application for credit that’s signed up for a child at the age of one and the identity thief lies and says that they are 19 opposed to one. The credit bureau is taking it at face value and establish credit on that baby’s identity, and that’s likely what happened to this kid and it can happen to anybody.

[00:13:18]
Amanda Greene: Zooming out a little, can you speak about why having your identity stolen in a modern society is so devastating?

[00:13:26]
Robert Siciliano: We are a credit-driven society, plain and simple. If you have a credit anything less than 500, you are considered irresponsible and you’re just not going to get along in a credit-driven society. So if you are not doing what’s necessary right now to reduce the risk of identity theft, to mitigate identity theft now and something bad happens in the future, you in your twenties, thirties, forties, fifties, or even sixties for that matter, who have been paying your bills all along are now all of a sudden looked at as being irresponsible and you have to do something today proactively to reduce that risk.

[00:14:05]
Amanda Greene: What do you suggest people do to avoid this happening to them or maybe what is the best identity theft protection?

[00:14:10]
Robert Siciliano: As far as your identity is concerned, the way you make the social security number relatively useless to the thief is by engaging in either or both identity theft protection services, which are certainly an option. A paid service that you pay for monthly or annually where it monitors your credit, it monitors new applications that are being filed in real time using your social security number to determine if you are credit- worthy. And that identity theft protection, that credit monitoring lets you know in real time whether or not somebody’s out there using your personal identifying information to apply for credit and you can react and respond in real time to say, ‘No, that wasn’t me,’ or ‘Yeah, that is me actually, I’m applying for an American Express card.’ It’s fine, it’s all good. Go for it.

Credit monitoring by itself, which often can be procured for free, lets you know generally after the fact that your credit has been accessed and a line of credit has been opened, that’s a little late to the game. Cat out of the bag, horse out of the barn so to speak. But really the best thing that consumers could engage in or should engage in is credit freezes. Today you can apply for credit freeze online or over the phone through the three major credit bureaus, Experian, TransUnion and Equifax and essentially lock down or freeze your credit in such a way where going forward you have an access to all three credit bureaus. You have an account at each one, username and passcode, and you can go in anytime and temporarily thaw your credit. So for example, if I’m going to get a new credit card, if I’m going to refinance my house, I’ve got to go to my credit freezes to each of the three credit bureaus and temporarily thaw my credit so that that lender can check my credit and over the course of a week, give them that little window to check my credit over the course of five to seven days, and then it automatically refreezes after a period of time. So between credit monitoring, identity theft protection and credit freezes, all three. You have full control of whether or not somebody can open up new lines of credit under your name with or without your authorization.

[00:16:29]
Amanda Greene: So a credit freeze means no one, including yourself, can take out new lines of credit, but you can thaw your credit when you need to. Does this affect your credit score like a applying for a credit card would?

[00:16:42]
Robert Siciliano: No, not at all. So a credit freeze does one thing and one thing only. It provides you the opportunity, the ability, the resources to freeze and then unfreeze and then refreeze, then unfreeze your credit, and that is all it does. That is the only effect it has is really whether your credit’s frozen or not.

[00:17:04]
Amanda Greene: You have given us a lot of information to go and take and apply, and I would hate to find out what happens if you don’t follow all of these steps because this is some real scary stuff and all of the work to undo it sounds more complicated than the work to try and avoid it.

[00:17:22]
Robert Siciliano: Agreed. This is Adulting 101. This is stuff that you should be doing at 18 years old and following through for the rest of your lives. It’s not complicated, it’s not difficult, it’s easy. It’s like baking a cake. You may have never baked a cake before, but once you pull up a good recipe and get the right ingredients, you follow the instructions. Bang, you got a cake.

[00:17:45]
Amanda Greene: I’m going to add some of those ingredients to my shopping list. So get a trusted password manager, use multifactor authentication when offered, don’t click on unsolicited links and don’t answer calls from numbers you don’t know. It’s a good idea to use a low- limit credit card for online shopping. And above all, assume your information will be stolen. With so many data breaches happening, make your information as useless as possible, freeze your credit and use identity protection services. The ProtectMyID Essential plan is free with your AAA membership. Here’s Mike.

[00:18:20]
Mike Bruemmer: Well, with AAA, they have a firm belief in safety, security and peace of mind. And we have our ProtectMyID product that’s actually both free as well as paid- for versions of that. And identity theft protection is a great thing, not only to monitor your accounts, not only to have insurance to cover any funds lost or paid back for time spent on doing it, but the secret sauce with identity theft protection is you have access to a dedicated fraud resolution agent and they can solve any issues. They can answer any questions, and you have the peace of mind. So it’s a great thing.

It also has ability to monitor your minors in your family as well as it gives you real- time alerts as monitoring your credit file. If something changes on your credit report, you’re going to get an alert and you don’t have to worry about it. Giving you the peace of mind you need.

[00:19:15]
Amanda Greene: Before we let Mike go, it’s time for a little rapid- fire quiz section. Here we go. What is the best action to take if you receive a suspicious link in a text message?

[00:19:26]
Mike Bruemmer: Don’t click on it.

[00:19:27]
Amanda Greene: What is one thing you should never share on social media?

[00:19:31]
Mike Bruemmer: Your social security number.

[00:19:32]
Amanda Greene: What is your number one tip for a strong password?

[00:19:37]
Mike Bruemmer: Make it a long phrase. Length trumps complexity every time, so make it as long as you possibly can.

[00:19:45]
Amanda Greene: And how often should you change your passwords?

[00:19:48]
Mike Bruemmer: I suggest changing your passwords at least twice a year.

[00:19:51]
Amanda Greene: And what’s something you should look out for when you’re downloading a new app?

[00:19:56]
Mike Bruemmer: Don’t download any apps from an email. Go to the app store and make sure that that app has been rated. It’s certified and download only from a reputable store.

[00:20:09]
Amanda Greene: Last one. Has anyone in your circle ever fallen for a scam? And what kind was it?

[00:20:16]
Mike Bruemmer: Whether it has been family or friends, I think I’ve had probably two or three dozen people fall prey to scams that I have known and have come to me. Romance scams. Travel scams. They downloaded some malware onto their computer that was key logging software so that the hacker on the other side could see all your keystrokes. And this was years ago. But then they figured out they could act as the person because they knew what kind of typing convention that they had and who they were sending stuff to. And this person actually copied information to be able to have a wire transfer done out of their brokerage account because of key logging software.

So I’ve seen quite a few, and unfortunately everybody’s susceptible. Even with really good hygiene, you might be better protected than the person that doesn’t do the things that I’ve talked about on the podcast, but everybody, because we’re humans, you’ll make a mistake once in a while.

[00:21:13]
Amanda Greene: Thanks so much to my guests, Mike Bruemmer, Vice President of Consumer Protection, and before that, Robert Siciliano from ProtectNowLLC.com. You’ve been listening to Merging Into Life where we navigate life’s milestones one episode at a time. Brought to you by AAA Northeast with assistance from JAR Audio. I’m your host, Amanda Greene. If you’re learning as much as I am, follow us wherever you get your podcasts and leave a review. We’d love to know what you think. Email us at podcast@AAANortheast.com.

Whose number is this? ‘Greetings, Amanda. It’s been quite a while. Want to go to a game this weekend maybe? I will buy tickets if you send money now.’

And a link that looks very sus. Not falling for that one.

The views and opinions expressed in this podcast are not necessarily the views of AAA Northeast, AAA and/or its affiliates.