By: Joseph Goldy, CFP®
Recently, a client reported that she suspected her ID had been stolen and her online accounts hacked. We promptly told her to go to the Federal Trade Commission's website, www.identitytheft.gov, to report the incident and quickly follow their steps to deal with the breach.
Fortunately, in our client's case, it turned out to be a false alarm, but the FTC site is an excellent resource for anyone that believes they have been the victim of ID theft. They have sections on what to do immediately after a suspected breach and actions for certain accounts like student loans or investment accounts or unique forms of ID theft such as medical, tax, or child ID theft issues.
According to The Consumer Sentinel Network, which is maintained by the FTC and tracks consumer complaints filed with enforcement agencies, fraud overall has seen a significant increase in 2020. As seen in the graphic below, the most considerable increase was in identity theft complaints. Fraud has been widespread, with 47% of Americans experiencing financial identity theft in 2020.
Identity Theft and Fraud Reports, 2016-2020
A big reason for the increase in fraud overall is the Covid pandemic. Unemployment identity theft rose sharply as extended unemployment benefits were in the criminals' crosshairs and made for an easy target. Yet, the number one Covid scam was aimed at federal stimulus payments, according to Equifax. Ironically, the relatively simple portal that the IRS set up to facilitate payments to people in need made it easy for scammers to enter someone's information and redirect their stimulus check.
While there are many important aspects to staying safe online, it all begins with a strong password. With the holiday shopping season quickly approaching, here are some tips to ensure your passwords are up to snuff.
Perhaps one of the easiest and effective ways to protect yourself is making sure your password is a minimum of 10 characters long, preferably 12 or more. According to a 2019 Scientific American article by Jean-Paul Delahaye that analyzed the math behind hacking, an 8-character password made of just lowercase letters would have over 308 million possibilities. In contrast, a 10-character password, which includes upper and lowercase letters and symbols, increases the combination possibilities to 72 to the 12th power which would lengthen the amount of time for a hacker to crack your password from a few days to millions of years.
Make your passwords random, not based on dictionary words or personal information such as children's names and dates of birth. Try to create "passphrases" rather than passwords. It will be easier to remember but still strong. A good example given by the online education site GCF Global is instead of Chewbacca and pizza, you can turn that into chEwbAccAp!ZZa.
Using a free password manager such as Lastpass or Google's password manager is helpful since they offer the ability to memorize your various passwords for different sites allowing you to have different passwords for each site which is a good practice. Even better is using the password generator feature of these services, which will create a completely random password for each login.
Check to see if your password has been previously exposed to a data breach at https://haveibeenpwned.com/Passwords. You may be surprised to know the password that you thought was impenetrable was used by someone else and hacked in the past. Obviously, if your passwords do come back with a hit, immediately change them.
Whenever possible, utilize two-factor authentication. This security measure is where a website will require a separate code, usually emailed or texted, along with your regular login information to verify that it is you trying to log into a website.
Don't go phishing. According to the FBI's Internet Crime and Complaint Center, there has been a spike in phishing emails (fictitious emails attempting to get your personal information) around everything from unemployment benefits to cryptocurrencies. Fraudsters continue to get better at making fake emails look like they're from legitimate companies. Remember that companies will not have you enter any personal information such as your social security number or address. Phishing emails will usually, but not always, contain typos in the body of the email.
Utilize the "hover" technique if you are suspicious about an email containing a link. Hovering your mouse cursor over the link will display the actual web address so you can see if it is real or not. This technique can also be used on mobile phones by holding your finger down on the link for a few seconds, and the web address will appear. If it looks suspicious, simply close the window.
One final piece of advice is to go through the Global Community Foundation's Internet Safety course. The course is free and provides a comprehensive overview of many different aspects of staying safe online. The GCF lessons cover everything from Wi-Fi security to Social Media Privacy Basics and are found at https://edu.gcfglobal.org/en/internetsafety
Joseph Goldy, CFP®, is a wealth advisor and CERTIFIED FINANCIAL PLANNER™ at Highland Financial Advisors, LLC, a fee-only fiduciary wealth advisory firm based in Wayne, New Jersey.
Joe specializes in working with newly independent women because of divorce or losing a spouse. He understands firsthand the value of having a clear financial picture pre- and post-divorce and a plan to restate goals as a single person. When he is not helping clients, Joe enjoys spending time with his two sons outdoors and volunteering to help raise money for Type 1 diabetes organizations.