Following the recent massive hack of Equifax, experts are now warning consumers about the possibility of fake calls, texts, emails, and social media posts from people who claim to be from Equifax.
When breaches are related to a credit card, like the 2013 Target breach, it’s fairly simply to fix: you close your account, and then open a brand new one. In the Equifax case, however, information like Social Security numbers, addresses, birth dates, and driver’s license numbers generally cannot be changed and/or are a part of your personal identifying information and follow you for a lifetime.
What’s scary is that an identity thief can use all of this information to do things that can greatly affect you. These include:
Opening new financial accounts
Applying for credit using your name
Accessing medical information
Stealing government benefits
Filing for tax refunds
Intercepting financial and government documents
Freezing Your Credit Is Good, But There Is More to It
If you were or even were not part of the Equifax breach, you should consider freezing your credit. This is a proactive step that can help to reduce your risk of becoming a victim of “new account” fraud, but it doesn’t fully prevent an identity thief from taking control of your existing accounts. They can also do things like claim your tax refund, take over your retirement accounts, or even access your bank accounts.
Protecting Your Social Security Number
It’s somewhat misleading to even suggest anyone can “protect your Social Security number”, due to it being widely used and distributed in all kinds of places.
If an identity thief has access to your Social Security number, they can access your Social Security account. If you get benefits, they can contact the Social Security Administration and have the payments sent directly to them. The bad guys can even set up an account in your name, apply for benefits, and then collect the cash.
In this case “protect your Social Security number” is literal. There is a way to stop “Social Security” fraud. Open up an account through the my Social Security option on the Social Security Administration website. This stops people from creating an account in your name, even if the number is accessible to them.
Also, Don’t Forget to Keep an Eye Out for Medical Identity Theft
One of the most profitable ways that an identity theft would use a stolen SS number is to access your medical files. They can use this information to buy medical equipment, drugs, or even get surgery done, and then bill it to your insurance or leave you personally stuck with the bill. Credit freezes do not stop this, and even credit monitoring cannot detect it.
This is why it is so important to check all medical bills and other notices from your insurance company and don’t ignore what comes in the mail. Many people just throw away statements that say “this is not a bill.” So, make sure that you look for services on those statements that you never had and look for medical equipment that you never bought. Sure, it could be a human error mistake on behalf of the insurance company, but it could also mean that you are a victim of a crime.
Is Credit Monitoring Really Worth It?
Since the breach, Equifax has offered free credit monitoring for a year to those affected. Unfortunately, for everyone affected, the negative effects could go on much longer than a year. Even though that’s the case, it still makes sense to take Equifax up on the offer. Just make sure to note when your monitoring expires, and make sure that you don’t get billed for it following the free year…unless, of course, you want to keep it.
Other people, those who do not qualify for, or want, the free Equifax monitoring, are rushing to get credit monitoring from other sources. The question is, does it make sense to pay anywhere from $9.95 to $29.99 a month for credit monitoring? If you are a member of AAA, you can already get credit monitoring included in your membership.
Otherwise, if you can afford it, you should do it. It gives you peace of mind and provides a layer of protection, but you have to also understand the limits of credit monitoring.
These services notify you if there is a change to your credit report, but it doesn’t stop a bad guy from stealing your personal info. At best, you would receive an alert that there is suspicious activity. For instance, it might inform you that there was a change to your address on one of your credit card accounts. This is certainly a red flag that you might be a victim. Due to these limitations, you definitely have to remain vigilant, even if you choose to purchase credit monitoring.
Here are some other things that you can do to protect your identity, and they are absolutely free:
Check out your financial accounts each week (or daily) and keep an eye out for anything suspicious. Don’t wait to get your monthly statement.
Get a copy of your credit report. It’s free, and available once each year. Since there are three credit bureaus, you can check it every four months through annualcreditreport.com
Don’t put a lot of stock in this, but you can put a “fraud alert” on your personal credit file. You can contact any of the three credit bureaus to do this. Fraud alerts warn a lender that you might be a victim of fraud, and then they take additional steps to ensure that it’s you who is requesting credit. Fraud alerts are only active for 90 days, and then you have to renew it.
Keep your eyes open for things that look strange. You might, for instance, get some type of communication from a doctor, lender, insurance company, hospital, debt collector, or government entity that doesn’t make a lot of sense. You also might get a jury summons from a faraway place or a late payment notice for an account that you don’t have. This is probably not a mistake…it’s more likely to be a sign of ID theft.
Watch Out for Social Engineering Attacks
Finally, make sure that you are watching out for social engineering attacks from this breach. It has created a great opportunity for the bad guys to work their magic. So, don’t click any email link, don’t open email attachments, and don’t respond to any text, email, or call that asks for personal info…even if it seems legit. Instead, got to the source. For example, if you get a call from your bank asking you to confirm your account number, hang up, and contact the bank at the legitimate number they have. This way, if it’s legit, they still get the information. If not, they will be informed that a scam is going on.