Two relatives of mine have had trouble with identity theft in the past month, and it has cost them a great deal of time and anguish. I’m reposting here a brief account of what happened to them and, more importantly, tips on how you can avoid this problem and/or deal with the consequences.
First, an account of the nefarious deeds
Case #1: Sally got phished. Sally received a phishing email claiming to be from “Google Account Management”, asking to reconfirm her password.* She gave them the password, only to discover a few hours later, that (a) her password had been changed, locking her out of her gmail account; (b) the phishers had sent email to all of her contacts with a “Help, I need cash fast, send me money via Western Union” scam; (c) she couldn’t get back into her gmail account because she hadn’t set the password recovery information. It took her days to get everything back to normal.
Case #2: Jane dated a creep. Jane dated a guy who turned out not to be a good fit for her. Unfortunately they moved in together before she figured it out. She had to force a breakup, eventually kicking him out. A few days later she realized he was logging on to her email account and reading her email, and in some cases deleting emails. She changed her password, but to no avail: it seems he had installed spyware on her home computer that monitored what she was typing and informed him of password changes. Yikes.
Second, some advice
For starters, both the Canadian and US government offer comprehensive web sites that tell you what to do to protect yourself against identity theft. Here’s the Canadian site, and here’s the US site. Check them out. They say roughly the same thing. I find the Canadian one a little easier to read.
I gave Sally and Jane some advice specific to their scenarios, as follows:
1. Never reply to an email request for a password. No legitimate business will ever ask you for a password via email. If you’re wondering whether an email is “real” or not, you might try searching on Snopes to see if someone else has reported the same thing.
2. Call Transunion, Experian, and Equifax (the credit reporting agencies) and (a) ask for a copy of your credit reports, and (b) have them flag your file with a “fraud alert” so that nobody can open an account under your name without confirmation. See the US identity theft web page for phone numbers for the credit reporting agencies and a description of how fraud alerts work.
3. From a secure network, log in to your email provider (gmail, hotmail, whatever) and do two things:
(a) Change the password you use to login to email. Here’s good advice on how to create a strong password that’s also easy to remember.
(b) Fill in the “Password Recovery” information in your account settings. This is they info they use to confirm your identity when you click “I forgot my password”… typically, a secondary email address and/or phone number. This step is really vital because if you get hacked without filling in the recovery information you may not be able to get your account back at all.
Notice I suggest doing this from a secure network. In Jane’s case, she couldn’t safely change her password from home because her ex-boyfriend put spyware on her machine. She went to a friend’s house to do this step.
4. Protect your computer and home network.
(a) If you suspect your computer has spyware or a virus on it then install and run a virus scanner. For this I recommend Avast. I’ve had several experiences with Norton products crippling computers that were otherwise fine.
(b) If you think your home network has been compromised (like Jane’s), change the password on your home network router and cable modem / DSL modem.
It’s best to do 4a and 4b in unison. Get a computer-savvy person to help you if you haven’t done this before.
5. Report what’s happening to the police. Tell them you are concerned you’ve been or may become a victim of identity theft. Collect any evidence you can and give it to them.
Since identity theft is still relatively new, you may find it difficult to get police to pay attention to you. In Sally’s case, the local authorities refused to help. The US identity theft site has suggestions on what to do if local police won’t handle your report, and it’s applicable to Canada (and probably other places) as well.
That’s it. There’s heaps more you can do, but these basic steps will help you protect yourself and recover if you run into similar problems. Here’s hoping you manage to stay problem-free.
* I’ve changed names to protect my peeps. They don’t need any more hassles.