Identity Theft Awareness Week: 2023
If there's one thing no one wants to deal with, it's identity theft. Change your password, turn on 2-factor authentication, don't click suspicious links; we know, we've been hearing about it for decades. But it's not until you're a victim of identity theft and visit the FTC website that it really starts to sink in how much of a hassle you're faced with.
Travel nurses in particular are lucrative targets for scammers. Why? Because moving around a lot means your personal information is being shared in a new location every few months.
Here are a few misconceptions about ID theft:
My information was already in a data breach and they gave me free monitoring, I'm covered.
ID Monitoring and Credit Monitoring are two completely different things.
Unless you're incredibly fortunate, your personal information has probably been exposed in a data breach. If enough data was accessed, the breached company may have provided you with 1 year of free monitoring. Here's why that's not a silver bullet.
ID Monitoring is often provided by the breached company. Sounds inclusive, right? It's not. It only scans for specific data that you provide. Name, SSN and DOB are commonly included. ID Monitoring services scan public records, the dark web, social media, etc. ID Monitoring can be helpful in alerting you that someone is using your identity in a way that you haven't approved. It does not, however, monitor financial transactions. For that, you'll need Credit Monitoring.
Credit Monitoring also sounds inclusive but is not. In the US, we have three credit bureaus, Experian, TransUnion and Equifax. Keeping tabs on your profile with all three bureaus is the best way to make sure that no one is using your information to take out a loan, open a new credit card or worse. When you receive Credit Monitoring as the result of a breach, it's commonly for only one bureau. The other two are blissfully unaware that they should be paying extra attention to your information.
Finally, scammers are patient. They'll store your info for a year, until your free monitoring has expired, then use it.
I've only had a few non-financial accounts included in a breach and I've changed those passwords.
Credential stuffing is a technique in which information from one breach is combined with others to create a more complete profile.
For example, let's say that you were involved in the 2019 Capital One breach and your name, email address, bank account number and social security number were exposed. Then in 2018, Marriott International's breach included your email address, home address, credit card number and passport number. 2021 brought a LinkedIn breach and your new email and password were exposed. Facebook's 2021 breach added your DOB to the pile.
The more often bits and pieces of your identity are peppered throughout the internet, the more likely it is that a scammer will put the pieces together and have enough information to "be you."
There were fraudulent charges on my debit card and the bank just took them off. Easy peasy.
You're lucky that you caught it early but that also means that you're on a scammer’s list. A person who means to do you harm can sell your data to someone else, who might try another approach. Don't make it easy for them.
Travel nursing comes with its own challenges. Here are some of the red flags to look out for.
- "Recruiters" that ask you to send your personal information via email or text. There are agencies of varying sizes, but even small agencies should never ask you to communication via non-company channels such as Gmail, Yahoo or WhatsApp.
- If you're being pressured to make a decision to get a higher pay rate, cheaper housing, etc, don't be afraid to take your time and look at all the details. Time-limited offers are designed to get you to overlook warning signs because you want to get the deal before it expires.
- Housing scams are on the rise. Don't wire money unless you're sure the company and listing are legit. Not just a Facebook search either; reverse image search property photos, make sure the person you're talking to is an actual person, google the address and look for anyone else who may have dealt with the landlord or property management company.
- If it's too good to be true, it probably is.
What you can do today & this week.
- Turn on 2-Factor authentication on every account where it’s offered. This is a proven way to make sure that YOU are the one logging into your accounts.
- Take the free ID or Credit Monitoring offered if you are part of a breach. Set it up thoroughly and check your account monthly.
- Fraud Alerts and Credit Freezes are free with each of the credit bureaus. Fraud alerts tell the credit bureaus to keep an extra eye on your information as it may have recently been compromised. A Credit Freeze does just that; it locks your credit so no one can open up a new line in your name. You'll need to remove it if you want to open up a new line of credit but it only takes a few minutes.
- Check your credit score regularly. You get one free per year from each credit bureau.
- Many cases of identity theft are from someone you know. As troubling as it is to think about that, don't leave sensitive information, like your SSN, where anyone entering your home can find it.
- Use a password manager but recognize its limitations. One of the most common apps, LassPass, recently proved no system is infallible as they had their own breach.
Final thought: Biometric ID theft is on the rise. Yup, even your phone that unlocks with your fingerprint or facial recognition can be compromised. It's still one of the safest options but understanding that it's not going to stop all types of fraud is key.
