Posts

Protecting Your Social Security Number

Many people wonder if it is safe in certain situations to give out their Social Security number. We sure are asked for it a lot, but do you have to give it? When is it necessary? Here is some perspective:

One of the best rules you can live by is this: just because a person asks for your Social Security number, it doesn’t mean you have to give it. But also remember there are situations where you will not be provided various services unless you get it out.

You might feel that you have to, though, and freely give it. This could be a huge mistake, though. There are many times when you want to, though, and you should, but you have to do it with discretion.

Here’s the thing. Some of the people and organizations that ask for your Social Security number really have no business asking. Even when they ask for the last four digits of your SSN, don’t give that out, either, unless you know that the company already has it on file.

Really, when the IRS is involved, or other government agencies, or it is something financial that’s credit driven, such as getting a loan, you likely need to give out your Social Security number. In other cases, like applying for a job, you can tell a business you are not comfortable giving your number unless you are hired, and then they would need it for tax purposes.

I give out my Social Security number when required, with a little scrutiny, but in the end, I’m not worried about identity theft due to the fact that I have ID theft protection and a credit freeze which in most cases makes my Social Security number useless to a thief.

Tips to Protect Your Social Security Number

Here are some tips you can use to protect your Social Security number:

  • Don’t put your SSN on any written application or document. If your application is denied because of this, ask them if it’s really necessary, otherwise, give them your SSN.
  • Ask your bank if they absolutely require your SSN to verify your identity. There are other options they can use. But the Patriot Act might require it.
  • Consider extending your ID theft protection to include your children’s SSNs. Teach them to never give it out.
  • If you are at the doctor’s office, find out if you can use another number, such as the account number for your insurance.
  • Don’t send your SSN via email. If someone wants it, call them and give it to them verbally. Even then, don’t give the number out unless you know without a doubt that it’s legitimate.
  • You should get a statement from the Social Security Administration concerning your account each year. If your income is too high, someone else is probably using your number.
  • Don’t keep your Social Security card in your wallet. Instead, memorize the number and keep the card at home.
  • Don’t ever use your SSN as a password for anything.
  • If, for any reason, your SSN is in your PC, make sure the document is encrypted or password-protected.
  • Before you throw away any paperwork that has your SSN on it, black it out, and then shred the documents.

Really, all you have to do is have some common sense when it comes to your Social Security number. For instance, if you are applying for credit, it makes sense that they would need this. If you are getting a gym membership, unless they are granting a credit, they don’t need it.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

If Your Social Security Card is Stolen, This is What You Should Do

Back in the 1930s when Social Security numbers were first introduced, they were not meant to be used as we use them today. However, if you are like most people, you use your SS number constantly; it might be at the bank, the doctor’s office, or somewhere else. You need to use a SS number to get a job, to open a credit or bank account, and even to get married. Since we use this number so often, what happens if your card is stolen or lost? This is what to do:

Put a Fraud Alert on your Credit Report

First, you want to put a fraud alert on your credit report by contacting all three major credit bureaus. When you do this, lenders and creditors use very strict guidelines when they screen any application with your information on it. These alerts last for a year, but you can get an extension when that year has passed.

Freeze Your Credit

If you want to get even more secure, think about freezing your credit. When doing so, you cannot use your credit for things like refinancing or opening a new credit line until you lift the freeze, which is good, because neither can a criminal.

Consider ID Theft Protection

If you can afford a couple of hundred dollars a year, you should consider ID theft protection. This ensures that your credit is monitored 24/7 by a team of experts who can also help to restore your credit if someone steals it.

Watch Your Credit Report

Even if you freeze your credit or get a fraud alert, that doesn’t mean that you are all in the clear. Thieves can definitely steal your identity in alternative ways. So, it is very important that you watch your credit closely. You can get a free report online at AnnualCreditReport.com or with some identity theft protection plans you can get access to credit reports once a month.

Be Smart When Online

Finally, there are some tips and tricks out there that cybercriminals use that people fall for all of the time:

  • Don’t click on any link in email, even if you think it’s from someone you know. At least call them to see if the link is legit.
  • Don’t open emails that look sensational or have a subject with a sense of urgency.
  • Don’t go in and click around on emails in your spam folder.
  • If you can use two-factor authentication, do it.
  • Use an antivirus program on all of your computers.
  • Shred personal documents before you throw them out. This is especially the case if they have personal information like a Social Security number or account number.
  • Only use long-hard-to-guess passwords for all of your accounts.
  • Don’t give out your Social Security number unless it is totally necessary.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Have You Heard of a “Credit Profile Number?” It’s a Fake Social Security Number

Cyber criminals are always trying to keep one step ahead of the crowd, and now there is another scam that you should be aware of. It’s called “synthetic identity theft,” and it is when a bad guy takes some of a victim’s personal information, and then they make up the rest. These people also will use fake Social Security numbers, which are known as “credit profile numbers,” or CPN.

Thanks to this type of identity theft, however, we can see that our credit system is very vulnerable. Essentially, it tells us that it is very easy to create a credit file by using this information, and once they do, they can get a loan or credit card with the information of their victims.

Of course, this practice is illegal, but cyber criminals don’t care, and there is really no way of distinguishing a fake Social Security number from a real one. Social Security numbers are randomly generated, and it makes it very difficult for a lender to notice when a fake one comes in. Technically, these lenders could contact the Social Security Administration, SSA, but most of them don’t take that step. Why? Because the SSA requires a signature from the owner of the SSN, and lenders are too lazy to do this.

A better idea would be to create a way to allow lenders to check to see if a Social Security number is real, but as of now, without the lender making significant financial investments in additional fraud prevention technologies, this is not a possibility. Lenders do, however, have their own tools for fraud-detection, but these fakes still fall through the cracks way more often than they should.

This practice has also made the job of a fraudster easier because they know that this is a system that is very vulnerable. It’s simply a numbers game, the more synthetic identities or CPNs submitted in applications for credit, the more likely they are to get approved. It is true that most lenders don’t accept credit applications from people who don’t have a credit history, which would be the case of a “credit profile number, but some do, and the more often they try to apply for credit or a loan, the better the odds are that they will be successful. Though the lender probably won’t give the applicant a lot of credit, this number can rise the more often it is used.

If there is one takeaway here, it is that you should be aware of any and all scams that are targeting your finances and identity. Take steps now to keep your personal and private information safe.

At a minimum, get yourself a credit freeze and consider investing in identity protection services. These layers of protection make you a tougher target.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

What Happens if Your Social Security Number Gets Stolen?

It might be surprising to know that when Social Security numbers were first given out in the 1930s, that they were not used as a form of identification. However, whether you know it or not, most of us use our SSN every day, from visiting our doctor’s office to doing banking transactions. Your Social Security number is likely being accessed by humans and computers on a daily basis.

Social Security numberYour Social Security number is a form of verification, authentication, and it is even used as a password. Simply having it, simply knowing it, and entering it, verifies and authenticates its holder. However, it shouldn’t be like that at all.

You need your Social Security number to apply for a job, to open credit cards, and even to get married. Since we use this number so often, you might be wondering what happens if it gets stolen. Here’s what you should do:

Fraud Alert – The first thing to do is to get in contact with one of the three major credit bureaus. That one bureau then contacts the other two bureaus. You must put a fraud alert on your report. When you do this, a creditor or lender hopefully will use much stricter guidelines when they get a credit application. Keep in mind that these alerts only last for 365 days, but you can get an extension. Also keep in mind that this is not a full proof plan, the lender may not enable these stricter guidelines at all.

Credit Freezes – You should also consider freezing your credit. When this happens, you cannot use your credit to refinance or open a new line of credit until you go through the unfreezing process. Keep your credit frozen, and then unthaw it when you need it. Getting a credit freeze is a pretty simple process, it does require a bit of effort and organization, however it is a great way to protect your identity from new account fraud, we will discuss this in more detail and future posts.

Get ID Theft Protection – You should also think about getting ID theft protection. This can be an investment for some, but it also ensures that there is someone monitoring your credit 24/7. Identity theft protection services don’t actually protect you from much in the way of new account fraud, account take over, credit card fraud, criminal identity theft, tax related identity theft, medical related identity theft, but nothing else does either. However, what identity theft protection service does do is monitor your credit and there is an insurance component that kicks in and activates “identity theft expert restoration agents” that fix stolen identities. These people can get you back on track quickly if your identity is stolen.

Keep an Eye on Your Credit – If around 90 days have passed, and you don’t see anything weird on your credit report, don’t think that this automatically mean you are safe. A thief can use your info in other ways, too, so keep an eye on your credit report. Also keep in mind that your Social Security number can be used by a thief in perpetuity or until about six months after your perish. You can get a free copy online at AnnualCreditReport.com.

Be Cautious When Online – Finally, it is important that you make sure that you are using caution when online. Cybercriminal know every trick in the book, and people fall for them all of the time. Here are some things to remember:

  • Do not click on any email links. This is true even if it is from someone you know. Unless you are expecting it, do not click on anything in an email.
  • Do not open any email that is found in your spam folder.
  • Do not open emails that have sensational or exaggerated subject lines.
  • If you have the choice to use two-factor authentication, you should do it.
  • Have a firewall, an antivirus program, and anti-malware software.
  • Create a unique password for each account you have. Make sure that they are hard to guess, and don’t let them contain information like your name, pet’s name, etc.
  • Use a password manager.
  • Shred all of your documents that contain personal information before you put them into your garbage.
  • Don’t give your Social Security number out to anyone unless it is a total necessity.

Remember, if your credit is frozen and if you have identity theft protection combined, you have “multiple layers of security” and you can give your Social Security number out without much of a worry.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

New Phone Scam Scares with Social Security Sham

We all get scam phone calls, but the newest one is meant to scare. When you pick up the phone, you get a message that your Social Security number is suspended due to suspicious activity, and then prompts the victim to speak with an agent to get help.

The FTC makes something very clear: your Social Security number cannot be suspended for any reason, so any call that states your SSN is under suspension is a scam. What they are really trying to do is to trick you into giving them your actual Social Security number along with information such as your birthday and bank account number. 

This scam is just a tricky variation of a scammer’s trick that often works. In this case, they are trying to scare you first, and then offer to help…but in reality, these scammers are trying to steal your information.

Remember These Social Security Facts

If you get a call about your Social Security number, you should remember the following:

  • The Social Security Administration only calls from one number: 800-772-1213.
  • A Social Security Number cannot ever be suspended.
  • The Social Security Administration won’t ever threaten an arrest.
  • You will probably NEVER get a call from the SSA.

Also, of course, remember this: NEVER give your SSN to someone who contacts you that you don’t know.

The Scam

There are a few variations of this scam. The first is that they call and say that your SSN is suspended due to suspicious activity. They then say, if you want to know more about the case, press 1. When you do, of course, you are connected to an agent who is trained to get your information.

Another variation of this scam is a bit more aggressive. In this case, it states that law enforcement has suspended your Social Security number because of suspicious activity. You are advised to call a toll-free number immediately and verify your SSN. The scam also claims that if you do not call the number, an arrest warrant will be issued, and you, of course, would be arrested. Though not everyone will get one of these calls, if you do, you should definitely pay attention. Again, the SSA would never suspend a Social Security number, nor would it threaten to arrest you. It’s also good practice to never give you SSN to anyone who asks for it over the phone. Instead, hang up and go on with your day.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of the Social Security Administration Employee Scam

There is a new Social Security scam in the news, and you should definitely know about it. The Acting Inspector General of Social Security, released a statement that warns people of this new scheme. Basically, scammers are impersonating Social Security Administration employees.

The scam started out fairly small and localized, but now, people from across the country are reporting that they are getting calls from people stating that they are from the Social Security Administration. The caller attempts to get personal information from the person they call including address and banking information.

Here’s How the Scam Works

Almost all of these calls are coming from a 323 area code, but don’t think for a second they won’t change this up. The caller says that they are an SSA employee, and sometimes tells the victim that they are getting a cost of living adjustment, so their benefits will be higher. Many callers believe this, of course, so when the scammer asks them to verify things such as their name, their birthday, their Social Security number, and even the name of their parents, they gladly do it to get an increase in their benefits. Once the scammer gets the information, they then contact the SSA and change the victim’s account information so that the benefits now go into a different account. Then, they can collect the cash.

Currently, the Social Security administration does contact people by phone in certain cases. However, the person usually knows that they should be expecting a call. It is also possible that an SSA employee might ask a person to verify information. So, none of this really seems unusual to anyone who has dealt with the SSA.

What to Do if You Get a Call

Hang up. Plain and simple. If you get a call from the Social Security Administration, you should report it immediately to 1-800-269-0271. You can also report it online.

It is also very important to be cautious, and you should avoid giving any information, such as your bank account number or Social Security number, to anyone who calls you. To check if it is a legitimate call from the SSA, tell the person calling that you are worried about scams, and ask if you can call them back. A legitimate SSA employee should be perfectly fine with this. Then, look up the number yourself. Don’t call a number that they give, no matter what. Finally, you can also contact the Social Security Administration at 1-800-772-1213 if you have any question about any text, letter, email, or call that you get.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

A “Credit Profile Number” is a fake SSN, and it Works

Cyber criminals are constantly trying to stay one step ahead of the good guys, and there is now another scam out there that you should know about: synthetic identity theft. Basically, the criminals take information from someone, and then make up the rest. They also often use fake Social Security numbers, called CPNs, or “credit profile numbers,” or names.

This type of identity theft shows us that our credit system is more vulnerable than we might think. Basically, it is easy to create a credit file on these identities, and once they have that, they can get a credit card or loan.

Of course, using a CPN like this on an application for credit card or loan is illegal, but lenders currently don’t have a conclusive way of distinguishing a real Social Security number from one of these fake ones. The Social Security Administration generates SSNs randomly. This makes it difficult for a lender to notice a fake one. Technically, a lender can contact the SSA and cross-check, but most of them don’t. Why? Because the SSA requires a handwritten signature from the person who has that SSN, and this is a pain in the neck for lenders.

So, of course, the best thing to do is to create a way for lenders to instantly check to see if a Social Security number is valid or not, and as of now, they do not have the capacity to do this. Lenders do, however, use their own fraud-detection tools, but these requests for credit still fall through the cracks.

This practice also has created more open windows for fraudsters, because they know that the system is vulnerable. It’s true that many lenders won’t accept a credit application from someone with no history of borrowing, which is the case with a CPN, but some still do, and the more activity the file sees, the more likely it is that credit will be given. Once credit is approved, a full credit report is created. Though it likely won’t be a high amount of credit, many lenders take a chance on new borrowers, and at a minimum, extend a couple of hundred dollars. Some people will even get a card that has, say a $300 limit, and use the card for a time. Once they establish a good payment history, they can get a credit increase, and that’s where the fun really begins.

This is just one more scam that you should be aware of, and one more reason to keep your private and personal information safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Mobile Phone Numbers Are as Sensitive as Your Social Security Number

All of us have cell phones these days, and if you are like the vast majority of the population, you access everything from social media to banking information right from your mobile phone. However, if you do this, which everyone does, you are putting yourself in the position to get hacked. With only your mobile phone number and a couple other pieces of information, a hacker can get into these accounts and your life could drastically change.

How does this work? If a hacker already has your mobile phone number, they can get other information, such as you address, birthday, or even the last four digits of your Social Security number, through social engineering schemes via email or on social. Once they have this information, it’s like handing your phone over to them and letting them do as they please, including accessing your accounts.

The scam may not even begin with you, it may begin with the mobile phone companies themselves. There have been many incidents where the carriers are scammed into handing over troves of personal identifying information to scammers posing as the victim. In many cases the phone companies are even allowing the scammers to get phones with the actual victims phone number by transferring everything to a new phone the perpetrator charges to the victims account.

Here are some things that you can do to keep your mobile phone number safe:

Use Your Passcode – You can and should put a passcode on your phone, you should definitely do it. This isn’t totally foolproof, but does give you an extra level of protection.

Add a Passcode – Your mobile carriers online account should have an additional second passcode to make any changes to your account. This additional passcodes works with both the web and calling customer service. Nothing happens unless this additional passcode is presented.

Disable Online Access to Any Mobile Phone Account – This is frustrating, of course, but it certainly can protect you. If you need to change your account, you should go to the store or call your provider.

Use Google Voice – Google Voice is an excellent choice for many, and you can even forward your current number to your Google Voice number. This helps to mask any call you make, which means no one can have access to your real number.

Access Your Cell Phone Account with a Carrier-Specific Email Address – Most of us use our email addresses and phone numbers to access our online accounts. However, you should really have three separate emails. One should be your primary email address, one should be only for sensitive accounts, like your bank or social media accounts, and one for your mobile phone carrier. This means, even if your main email is hacked, the hackers cannot get into your other accounts.

Talk to Your Carrier – Consider asking your carrier to make a note in your account to require a photo ID and special passcode before any changes are made. Though it’s possible that a hacker could pose as you with a fake ID, the chances are quite low that this would happen.

Use Complex Passwords – One of the best ways to protect online accounts is to use complex passwords. Or at least a different password for every account. You should also use a password manager. If you don’t, make sure your passwords are very random and very difficult to guess like “58&hg#Sr4.”

Do Not Be Truthful – You also might want to lie when answering your security questions. These are easy to guess or discover. For instance, it’s probably easy to find out your mother’s maiden name. So, make it up…just make sure you remember it!

Don’t Use Your Phone Number for Important Accounts – Also, make sure that you aren’t using your phone number for any important account. Instead, use that Google Voice number. 

Use a Password Generator – This is part of two factor authentication. Protect yourself by using a one time password generator, as part of a two-factor authentication process. It may be your mobile or they look like keyfobs and produce a new password very frequently. The only way to get the password is to access the generator or your mobile.

Use a Physical Security Key – You should also think about using a physical security key. To use one, you must enter your password into the computer, and then enter a device into the computer’s USB port. This proves that you are the account owner. So, even if a hacker gets your password, they must also have the physical security key to access the account.

Think About Biometrics – Finally, to really protect your accounts, when available, use biometrics. You can buy biometric scanners that read your fingerprints, your iris, or even recognize your voice. When you use these, you cannot access any account until you scan your finger, eye, or speak.

Yes, it’s true that some of these seem time consuming, it is much more time consuming to have to deal with getting hacked or a stolen identity. So, take these steps to remain as safe as possible.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Your Social Security Card Gets Stolen: Now What?

You might be shocked to know that when Social Security numbers were first given in the 1930s, the intention was never to use them as a form of identification. However, most of us use our Social Security numbers all of the time, from doing transactions at the bank to visiting our doctor’s office.

You need your SSN to apply for jobs, to open credit cards, and even to marry the love of your life. Since we use this number of often, what happens if you lose your card, it gets stolen or it’s leaked in a big data breach? Here’s what to do:

Contact the 3 Credit Bureaus – The first thing you should do is to contact one of the three major credit monitoring bureaus. You have to put a fraud alert on your credit report. By doing this, a lender or creditor uses much stricter guidelines when they receive an application for credit. These alerts only last for 90 days, but you can also get an extension when that 90 days passes.  But there’s better:

Freeze Your Credit – Another step that is even more secure is to freeze your credit. When this happens, you can’t use your credit to open a line of credit or refinance until you go through a simple “thaw” or unfreeze process. Keep your credit frozen for the remainder of your life and thaw when needed.

Get Identity Theft Protection – Also, consider getting identity theft protection. This might be a bit of an investment for some people, but it also ensures that someone is monitoring your credit all day, every day. These experts can also quickly get you back on track if your identity is stolen.

Watch Your Credit – If 90 days has passed, and you don’t see anything strange on your credit report, that doesn’t mean that you are safe. Thieves can use your information in other ways, too, so you should continue to watch your credit report. You can get a free credit report each year at AnnualCreditReport.com

Use Caution When Online – Finally, make sure that you are being careful when browsing the internet. Cybercriminals are sneaky, and people fall for their tricks quite often. Here are some things to keep in mind:

  • Don’t click on any link you get in an email. This is the case even if you believe that it’s from someone you know. Unless you’ve just signed up for a website and you need to confirm your email address.
  • Don’t open any email that is in the spam folder.
  • Don’t open any email that has a subject line that is exaggerated or sensational.
  • If you can use two-factor authentication with your online accounts, you should.
  • Use an antivirus program, anti-malware software, and a firewall.
  • Create a different password for each account. Make sure they are difficult to remember and stay away from those containing your name, date of birth, or even 123456.
  • Use a password manager.
  • Shred your personal documents before throwing them in the garbage. This is especially important if the document contains information like your SSN or an account number.
  • Don’t give your SSN out to anyone unless it is totally necessary, such as on a job application or when applying for a loan or credit card.

I give out my SSN all the time. But, I omit it from applications often. And if the applications administrator says “we can’t process your request without the SSN”, I may briefly question them, but inevitably give them my SSN. I have a credit freeze and identity theft protection. I’m not worried.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

SSN and Its Afterlife

What’s one billion? That’s about the number of possible permutations of the Social Security number. Which begs the question: What happens to an SSN when someone kicks the bucket?

8DCurrently, SSN’s are never repeated when they’re issued by the Social Security Administration. As of June 2011, the SSA made the issuance entirely random (previously, for example, the first three numbers were determined by place of birth).

With nearly a billion permutations, there’s no point in any number surviving the holder’s death and being reissued. Now in theory, the combinations will eventually run out, because eventually, a billion people will have been born in the United States. But this isn’t exactly in the near future. Why worry?

Nevertheless, some people like to plan way ahead. Maybe this scenario can be mitigated with a 10-digit number. Maybe numbers will stay at nine but be recycled. But for now, your number is as unique as your DNA. But, unlike DNA, a SSN can be used fraudulently.

The three credit bureaus maintain a list of the deceased based on data from the Social Security Administration’s Death Master File Index. Sometimes it takes months for bureaus to update their databases with the Social Security Administration’s Death Master File Index.

Here’s how to avoid identity theft of the deceased:

  • Report the death yourself by calling the Social Security Administration at 1-800-772-1213.
  • Contact the credit bureaus directly to report a death and request the information to be recorded immediately.
  • Right now, before anyone perishes, get the person a credit freeze. Upon death (as in life), the person’s Social Security number will be useless to the thief.
  • Invest in identity theft protection. This is a layer of security that monitors one’s information, including Social Security number, in the wild. Have it activated for six months to a year after death.
  • The Identity Theft Resource Center suggests, “Immediately notify credit card companies, banks, stockbrokers, loan/lien holders and mortgage companies of the death. The executor or surviving spouse will need to discuss all outstanding debts. If you close the account, ask them to list it as: ‘Closed. Account holder is deceased.’ If there is a surviving spouse or other joint account holder, make sure to notify the company the account needs to be listed in that surviving person’s name alone. They may require a copy of the death certificate to do this, as well as permission from the survivor.”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.