If it feels like every holiday season comes with more warnings about identity theft and cyber risk, you’re not wrong. In fact, a survey conducted by credit bureau Experian showed that nearly 1 in 4 people reported being a victim of identity theft or fraud during the holidays; with 21% saying that the theft happened while shopping online.
Hackers buy and sell personally identifiable information (PII) on the dark web, and can be skilled at hiding when they are taking advantage of your personal information. But there are a few things you can do to proactively secure your identity leading into the holiday season.
Freeze your credit
While it might sound counterintuitive to shopping the season away, freezing your credit can keep your sensitive personal data from being accessed by people you wouldn’t give consent to. That means being able to block fraudulent credit applications, even if a hacker has insider info like your Social Security number, address, or birthdate.
Check your credit reports regularly
What you don’t know can hurt you. Your credit report (which is more than just your credit score) is vital to your overall financial well-being, so it’s important to keep an eye on things like credit inquiries, open and closed accounts, payment history, and other credit-related data. Checking it at least once a year (if not more) will help you better spot anything that looks suspicious and be able to report it in a timely manner.
Safeguard your Social Security number by only giving it out when absolutely necessary
Following the thread, your Social Security number (SSN) can be used to apply for credit in your name. If you’ve bought a car, opened a bank or credit card account, taken out a mortgage, or any other major financial activity, you’re probably familiar with this. And no one has a legal right to your SSN but you. So if someone is asking for it, that’s a red flag. Double check whether it’s absolutely necessary, and don’t enter it (or any other personal or payment data, for that matter) anywhere that’s unencrypted.
Beware the phish, smish, and vish
You’ve probably heard of phishing (email) scams, but what about those strange voicemails (voice phishing, or vishing) or text messages (SMS phishing, or smishing) that seem to be cropping up everywhere these days? Well, they’re all out to deceive you into clicking links and sending cyber attackers your personal data. It’s a little something we call social engineering, which basically means they’re tricking you into thinking their messages are legitimate. Whether it sounds like a customer support issue or you’ve won a free gift, you should always be wary of any messages asking you to click on a link or open an attachment.
Use strong passwords and add multi-factor authentication to your accounts
By now, the idea of washing your hands should be pretty familiar, right? You do it often and are probably wondering what on Earth it has to do with cybersecurity. Well, both of these things are all about good hygiene. You know, basic things you can do to protect yourself. One of the easiest (and best!) ways to protect yourself online is by using multi-factor authentication (MFA) to secure your user accounts.
MFA provides an extra layer of security that makes it very difficult for bad actors to get around and dig into your data. It requires users to verify their identity with two or more pieces of evidence (or factors). These factors are typically something the user knows, such as a username/password combination, plus something they have in their possession, like the code from an authentication app on a mobile device. And you’re probably already using it without realizing it. Like using your PIN number at the ATM!
These days, most online accounts offer some form of multi-factor authentication, so dig into your profile settings and set it up wherever possible.
Shred documents that contain personally identifiable information (PII)
This one is self-explanatory. The good old fashioned shredder is still the best way to keep any and all printed personal information out of thieves’ hands. If you don’t own one, not to worry. Check online for local shredding events in your area, as many cities and counties now offer them. Or find a local shipper or printer who provides these services.
Use a digital wallet
Since most of us are all about convenience anyway, taking advantage of today’s plethora of digital wallets can make your life easier and more secure, all at once. What’s a digital wallet? ApplePay, Google Wallet, PayPal, Venmo, and Cash App are a few examples. They all take advantage of digital capabilities like Bluetooth and wifi to securely transmit your payment data at a point of sale, encrypting your credit card number at the same time. That means no swiping your card and worrying about stripe readers or accidentally leaving your card behind. Just make sure you use a secure, well-established provider and a password-protected device.
Happy (and secure!) shopping awaits
While all of these tips are a great starting point to protect yourself and your family, if you suspect your identity has already been stolen, it’s important to act right away. Start by visiting the FTC’s Identity Theft website to report the theft and create a recovery plan. If you ever receive a suspicious email that appears to be from Salesforce, or suspect your Salesforce credentials have been compromised at any point, whether related to theft or not, report (and forward) this immediately to firstname.lastname@example.org.