Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data—including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you.
While most types of customer accounts these days can be managed online, the process of tying one’s account number to a specific email address and/or mobile device typically involves supplying personal data that can easily be found or purchased online, such as Social Security numbers, birthdays and addresses. Failing to set up a corresponding online account to manage one’s services can provide a powerful gateway for fraudsters.
Many people naively believe that if they never set up their bank or retirement accounts for online access then cyber thieves can’t get access either. But one expert said she recently had a client who had almost a quarter of a million dollars taken from his bank account precisely because he declined to link his bank account to an online identity.
It’s a good idea for people with older relatives—or clients—to help those individuals ensure they have set up online identities for their various accounts—even if those relatives never intend to access any of the accounts online. Helping those relatives place a security freeze on their credit files with the four major credit bureaus (and with another, little known bureau that many mobile providers rely upon for credit checks) can go a long way toward preventing new account fraud. This process is doubly important for parents and relatives who have just lost a loved one, because criminals like to scan obituaries for targets.
For the full story, including more suggestions for preventing identity theft, visit Krebs on Security.