In this issue:
- Child identity theft continues to grow: What to do
- Emerging threat: Your current credit freeze won't stop this growing fraud
- Cybersecurity shorts
- Software updates
Child identity theft continues to grow: What to do
More than one million children in the U.S. suffered identity theft in 2017 according to the 2018 Child Identity Fraud Study, completed by Javelin Strategy and Research. The report found that data breaches in particular tend to be very dangerous for children. Thirty-nine percent of children who had their information exposed in a breach became identity theft victims. In comparison, 19% of adults who had their data stolen faced the same fate.
Children are targets for identity theft because they offer clean credit reports. Since they likely have had no credit in the past, it is easy for thieves to get approved credit in the child's name. More than half of the children surveyed in Javelin's study knew the person who had stolen their identity. Only 7% of adult victims could say the same.
And child identity theft is costly. Javelin's report found that child identity theft caused $2.6 billion in total losses and cost victims' families $540 million in out-of-pocket costs to help remedy the theft. But the costs don’t stop there—child identity theft victims often have to dispute the fraudulent accounts and ruined credit for the rest of their lives. Many do not even realize that they have been victims until they go to rent their first apartment or buy their first car and are told that their credit is bad.
What to do
Unfortunately, child identity theft can be difficult to prevent. The first step parents or guardian must take is to determine whether your child currently has a credit report. This can be done by sending letters to the big three credit bureaus—Equifax, Experian, and TransUnion. The letters should request that the agency do a manual search of your child's Social Security number. The letter should contain a copy of the parent/guardian's government issued ID, proof of parent/guardian's address, a copy of child's Social Security card, and a copy of the child's birth certificate. (Note: You can obtain a template of a letter you can use by contacting our office).
If the credit bureaus come back with reports in your child's name with accounts you did not set up, it is likely that your child is an identity theft victim. In that case, you should immediately contact the bureaus and ask them to freeze your child's credit and then work to close the fraudulent accounts.
If the credit bureaus come back with no report found, your child is safe for now. If you live in one of the 29 states that allow it, you should contact the bureaus again and ask them to open a credit report in your child's name and then freeze it. Unfortunately, there is no nationwide law that allows this (although it has been proposed in the House of Representatives). You can check your state's laws here. If your state is not on the list, you should reach out to your representatives.
You should also take this time to talk to your children about identity theft and how to protect their information online. The earlier they begin understanding their online privacy, the better. Help them create strong passwords and talk to them about what information they should never share online.
Emerging threat: Your current credit freeze won't stop this growing fraud
Have you frozen your credit? There may be one more thing you need to do. The Identity Fraud Institute has received multiple reports of people having fraudulent cell phone accounts opened in their names even after freezing their credit at Equifax, Experian, and TransUnion. How? The director of the Identity Fraud Institute, Carrie Kerskie discovered that mobile phone companies were not using any of the big three credit bureaus when new account applications came in. Instead, they checked applicant's credit using the National Consumer Telecommunications and Utilities Exchange (NCTUE).
The NCTUE was founded by AT&T and maintains payment and account information reported by telecommunications companies. You can check your records at the NCTUE by calling 866-349-5185. You can also freeze your file by calling this number or you can do it online. Security expert Brian Krebs, however, attempted to place the freeze online with no success.
Some 81 percent of Americans and 72 percent of Canadians report feeling stressed when they hear news of a data breach. And the stress doesn't stop there. Kaspersky Labs surveyed Americans and Canadians on their cyber-stress levels and discovered that the majority of people are stressed out about their cybersecurity. About half of respondents report having had a cybersecurity issue during the past year and about a third of those find it stressful protecting all of their devices. Nearly half of those aged 16-24 find it stressful to manage all of their passwords. You can read more about the study here.
Are your employees sharing passwords online?Security expert and writer Brian Krebs reported this month on a trend of employees storing passwords on online collaboration sites such as Trello.com. Trello is used by companies to manage projects online and allows users to collaborate and easily update progress on a project. These boards can be password protected or not. Krebs discovered that many organizations (including Uber) had boards that were accessible via Google that stored important passwords in plaintext.
Do you have an online account with the Social Security Administration? It could protect your personal information. The Social Security Administration no longer mails statements to those 60 and younger but encourages everyone to create an account online to check your earnings and estimated benefits. However, 86% of people ages 50-59 have not made an account online, according to MassMutual. Not setting up an account yourself leaves you vulnerable, because someone else could set up an account in your name and even try to claim your benefits. You can set up your online account here.
Twitter users: Change your password! The social media giant is asking all of its users to change their passwords following the discovery of a bug that stored passwords in an unsecured way internally. While Twitter does not believe that any of the passwords were hacked or misused, the company is encouraging all users to change their passwords on Twitter and any other site that uses the same password.
The Equifax breach continues to get worse—driver's licenses, passports, and other ID cards were also compromised. This month Equifax submitted official documentation tor the Securities and Exchange Commission (SEC) detailing exactly what was exposed in its 2017 breach. Equifax originally reported that the breach exposed Social Security numbers and dates of birth of 143 million US consumers and the driver's license numbers and credit card numbers of some people. The new documentation indicates that much more information was exposed. Over 17 million people had their driver's license numbers exposed, over one million had email address shared, and thousands had personal identity documents stolen, such as passports and state IDs that were uploaded to Equifax. You can see the entire list here.
New scams targeting seniors are on the rise. The first scam mimics local phone numbers and calls unsuspecting seniors pretending to be from the county clerk office. They tell the victim that they missed jury duty or that they were involved in a court case and are being fined. In the second scam, a call comes in pretending to be from the local police in regards to unpaid parking tickets. Again, they ask for payment now. Read this story for some more information on how you can help protect the seniors in your life from these scams.
Have you gotten a Chinese robocall? You are not alone. People everywhere are reporting receiving several robocalls in Mandarin. For those who do not speak Mandarin, most hang up and block the number. Mandarin speakers, however, hear the message that the Chinese Consulate is calling on behalf of the Beijing Police Department because of financial crimes committed by the caller in China. Victims of the robocall end up transferring money to a bank account in Hong Kong.
Chili's patrons may have had payment card data stolen in recent breach. The restaurant chain reported a breach this month that occurred between March and April of this year. The payment card readers were infected with malware at certain locations and stole credit and debit card information. Chili's is still investigating who exactly was affected by the breach but encourages all customers to place a fraud alert or security freeze on their account with the three credit bureaus. A security freeze is the most secure option.
Top cybersecurity policy advisor position eliminated by the White House in a move to streamline cybersecurity policy among different agencies. Going forward, the current National Security Council's two Senior Directors will handle cybersecurity policy and issues. Democrats and others have expressed concern with this decision as the threat of cyberattacks continues to grow.
Adobe: As usual, Adobe released an update for Adobe Flash Player this month. The update addresses just one issue, but it is a critical one. If you still need Adobe Flash, be sure to update the program and your browsers immediately. The most up-to-date version is 184.108.40.206.
Microsoft: Microsoft also released an update this month closing a security flaw that is actively being exploited. Your device should prompt you to update automatically, but you can read more about it here.