The specter of online surveillance has become common enough to be the butt of jokes but a study by Javelin of identity theft in 2017 is unlikely to get people to laugh. With 16.7 million victims, last year was the most prolific recorded for identity thieves. Many of them have improved their methods even as major data breaches presented opportunities for easy steals.
It’s not simply a matter of scale, though. The overall picture of identity theft in 2017 is quite different from earlier years. With EMV protection now commonplace for credit cards, hackers have turned their attention to other sources. Card-not-present fraud, such as illicit transactions in online stores, were 81% more common that credit card fraud. Hackers also frequently targeted loyalty/reward accounts and cryptowallets.
With cybercriminals regularly targeting non-credit card accounts, it’s important that people use more varied ways of protecting their identity. You should adopt overall cybersecurity measures to make sure criminals can’t gain access to even one account—because each one could serve as a link to the next.
Secure Your Credit
Criminals may be moving away from old school credit card fraud, but it’s still one of the options—especially if you make it easy for them. So while buffing up your defenses elsewhere, keep an eye on your credit. Watch out for suspicious activity or enroll in a credit monitoring service; these have become more popular in the wake of major data breaches.
If you suspect you’ve been the victim of identity theft, you can take further actions. You can place a fraud alert on your credit reports, so that credit card issuers and other lenders will know to contact you before opening an account in your name. Alternatively, you could freeze your credit, preventing new accounts from being opened in your name at all.
Secure Your Online Accounts
There’s a tendency for online accounts to link to each other one way or another. Sometimes it’s built-in, as when email accounts are used to verify other accounts. Other times, it’s by choice, as when people use the same login details for different accounts—which you should never do, by the way. Because of this, any one account can serve as the link weak enough for a criminal to break in and collect enough details to impersonate you online.
The first step to protecting your account is by choosing a strong password. The old guidelines of mixing up symbols and numbers don’t quite cut it anymore. It’s helpful, in a sense, but a password’s strength is based mainly on its length and its resistance to typical cracking methods. Because human memory has limits, using uncommon words alongside symbols and numbers usually works; alternatively, use acronyms for phrases that you can remember, but would otherwise make no sense. These strike a good middle ground between tough to crack and easy to remember.
Alternatively, you could use a password manager. These programs are designed to create passwords that are resistant to know code-cracking methods. Better yet, they remember the passwords for you and are safe from intrusions.
In addition to passwords, you should consider two factor authentication (2FA). It’s a method for accessing accounts that requires a password as well as another piece of information; this could be a code sent to your mobile phone or it could be some biometric data, like your fingerprint. 2FA is available on most major web platforms. Simply look for it in the account settings and enable it.
Criminals could also gain access to your account information by intercepting it when it’s sent through a network or by going through your correspondences. In order to prevent this, you should ensure that you have a reliable level of encryption whenever you go online.
One way to do this is to stick to secure networks and connections. Usually, your home network will be secure (this assumes you have a password on it), while most public networks will not be secure. Some will have a bit of protection—requiring a password either before connecting or through a login portal—while others will be entirely open (don’t use these). Meanwhile, you can check if a web page offers a secure connection by checking the address bar. Secure pages will have a lock icon there or the word secure, as well as “https://” in the url.
Alternatively, you can ensure constant encryption by using a virtual private network (VPN). When connected to a VPN, all information your device sends or receives through the net passes through an encrypted tunnel. This ensures that it stays safe from unwanted surveillance. The VPN also assigns you an IP address based on the server you connect to. This effectively conceals your original IP address, making you more difficult to track—which makes it harder for criminals to attach any personal details to you.
Using all of these methods together should provide you with well-rounded protection, but your vigilance shouldn’t stop there. Be mindful of where, when, and how you disclose personal information. Take care in storing or disposing documents that contain personal data, as well—a piece of paper could put you at risk just as an unsecured network could.