Nearly eight years ago I wrote a December 2014 article for the Arizona Republic titled Read fine print when buying ID-theft protection services.
The premise of my article was that the core product offer to most identity theft protection service providers is credit bureau monitoring and that credit bureau monitoring offers a false sense of security.
The fact is that credit bureau monitoring cannot monitor non-financial identity theft events such as taxpayer ID-theft and refund fraud, unemployment ID theft and benefits fraud, medical ID theft and fraud, and credential (e.g. driver’s license and passport) ID theft and fraud.
And while there are many reputable identity theft protection service providers, it is not uncommon for identity theft marketing campaigns to include deception, exaggerated threats and flawed offers.
In addition, I encourage consumers to read the fine print for hidden “exclusions” when selecting an identity theft service provider. Hidden exclusions are commonly found in the “terms and conditions,” where marketing meets reality.
Talking about marketing versus reality, I find it interesting how more consumers are paying for ID theft protection services than ever before and yet there are more victims of ID theft than ever before.
For example and according to the March 2022 Javelin Strategy Annual Identity Fraud Study, identity theft and fraud losses totaled $52 billion affecting 42 million U.S. adults in 2021.
So how can consumers lower their risk to being a weak link to identity theft?
First, consumers need to stay up to date on the most recent data breach and identity theft trends such as Phishing (fraudulent emails), Vishing (fraudulent phone calls and voice mail messages) and Smishing (fraudulent text messages) tactics.
Second, consumers should be taking advantage of risk mitigation tools such as fraud alerts, credit freezes, credit/debit card alerts, and yes – even credit bureau monitoring – as long as you understand the limitations of credit bureau monitoring.
Third, consumers should consider using new and strong passwords every 90 days or use a password manager that can help create new and strong passwords along with scanning existing passwords to flag reused and weak passwords.
Lastly, consider using a Virtual Private Network (VPN) as VPN software scrambles your IP address, encrypts data sent between your computer and the websites you visit, and masks your true location and service provider. This is especially important if you use public Wi-Fi.
To conclude, I would like to reference Kevin Mitnick, the Chief Hacking Officer and part owner of security awareness training company KnowBe4 and convicted hacker turned paid security consultant, public speaker, and author.
Mr. Mitnick is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crimes. He has said many times that "the weakest link in the security chain is the human element."
To add to Mr. Mitnick's comment about the human element, I always say that hackers, social engineers and ID theft criminals depend on human nature, psychology and “trusting” consumers to let their guards down.
Do NOT let your guard down. Always be cautious in revealing information about yourself or your employer. Always "stop, look and think" about emails, texts and phone calls. Always slow down, be aware and be safe.