Avoiding and Addressing Identity Theft
Identity theft occurs when someone uses your personal information for their own gain. It can take many forms and and have a broad range in the level of severity. In some cases, it can be limited to embarrassment from a compromised email or social media account. In others, someone may steal your Social Security number, credit card or bank account information and open new accounts and make charges that both hurt your credit and leave you liable for the associated expenses. It is also a crime that can go unnoticed for a while and, once realized, can take a long time to resolve.
Below is a list of steps you can take to help prevent identity theft, how Altair will respond to any threats or concerns as well as what to do if you are a victim of this crime.
AVOIDING IDENTITY THEFT
Use Password Management
Most websites now require more secure passwords – longer and containing more symbols – that need to be changed more often. Many are shifting to multi-factor authentication, which requires not only a password and username but a piece of information that only the user should know or have access to, such as a code sent via text message. Using one basic password or keeping them all in your head is less feasible than ever, and not a good idea in any case.
Use complicated, long passwords that are unique for different sites. And always go directly to the site you are trying to access; do not access it from a link in an email, which can be unreliable. Password storage sites, also known as password managers, are hard to beat for strong security and even ease of use once you set up an account. These sites will retain all your logon details and are able to automatically log you in.
How important is it to use randomly generated passwords?
How do you create and use them?
Choosing randomly generated sequences of numbers, letters and symbols is considered best practice for password security. Such passwords are much harder to hack. They also make it easier for you to avoid using similar or duplicate passwords for different sites, so that getting hacked at one site doesn’t put you at greater risk elsewhere too.
Be Mindful Before You Click
When you sit down at your computer or go on the internet with your phone, try to keep this catchphrase in mind: STOP. THINK. CONNECT.
The slogan at the heart of a cybersecurity campaign by the Anti-Phishing Working Group and National Cybersecurity Alliance may sound simplistic. But it is the equivalent of looking both ways before you cross the street – in this case, going online. It is important to keep up to speed on cyber risks, know how to spot potential problems and watch for warning signs.
Never is it more important to stop and think before connecting than when going online in public places. Using public Wi-Fi puts you at risk of being hacked or redirected to a similarly named network where unsecured activity is then recorded. For example, a hacker sitting in Starbucks might name a network Attt instead of ATT and make the signal strong so that it is the first network that pops up.
With such traps in mind, try to limit your activity on public Wi-Fi and avoid logging in to accounts such as email and financial services there.
Using a cellphone with a cellular signal or a personal hotspot can be preferable to relying on public Wi-Fi when doing sensitive activity such as checking on investment accounts.
Tax and IRS Fraud
The other area besides public Wi-Fi where you may be highly vulnerable to fraud is via the Internal Revenue Service. In fact, the IRS calls this scam its No. 1 fraud: identity thieves using stolen personal information such as Social Security numbers to file victims’ tax returns and then receive their refunds. By filing the bogus tax return early, the scammer can receive the refund before the victim is even aware of it. To prevent this, follow the process to get a PIN and use the ID.me verification system of the IRS. More info can be found on the IRS site.
AVOIDING PHISHING AND SOCIAL MEDIA FRAUD ATTEMPTS
The use of fraudulent emails or texts or copycat websites to get people to share personal information – phishing – is becoming increasingly common and ever more sophisticated. You should always keep this in mind when receiving emails purporting to be from a trusted financial firm, including Altair. One scam we see a lot involves fake emails from DocuSign asking clients to “Click here” to sign something. In a word: Don’t.
Besides being cautious about clicking on links in emails or opening attachments, there are several things you can do:
- Do your own typing – do not click on links that come in a notification email, even if a link looks legitimate. In the case of DocuSign, access your documents directly from www.docusign.com by entering the unique security code that always is provided at the bottom of an authentic notification email.
- Be particularly suspicious of emails with generic greetings and/or a false sense of urgency.
- Make a call if you are unsure. Call Altair if you have any doubt whatsoever that the email you received concerning your account is legitimate.
Social Media Fraud
Cyber criminals increasingly use Facebook and other social media platforms to distribute malicious browser extensions and ransomware. Two of the most popular types of attacks are link-jacking, or redirecting users from trusted websites to malware-infected sites, and like-jacking, when criminals post fake Facebook “like” buttons to web pages and get you to download malware by clicking on them. Do not click on unfamiliar links.
The more details about your life that you allow others to see in your Facebook or Twitter profile, the more at risk you are to leaking information that could be used for account takeover.
Practical Steps for Reducing Identity Theft Risk
- Use encryption. Opt for the built-in encryption feature in your phone. If it is stolen, it will be far more difficult for a thief to gain access.
- Set a numeric password of more than four digits. Take advantage of the longer options.
- Update your software. Keep your software up to date to protect against the latest threats.
- Avoid or at least limit activity in public. To gain a secure connection, create a VPN (virtual private network). You can obtain the software to encrypt your connection. Among the best-known are ExpressVPN, Surfshark and NordVPN; google CNET’s Best VPN 2023 for specifics.
- Turn off Bluetooth. If you are not actively using an enabled device, such as a headset, make sure your Bluetooth is turned off.
ADDRESSING IDENTITY THEFT
What Altair will do if you fall victim to identity theft
Despite anyone’s best efforts, identity can be compromised. We want you to understand what we will do when you contact us with identity concerns. Our response will vary based on the severity of the identity incident, but our actions and advice are summarized below.
- We will reset the password to our client site.
- We will alert all relevant Altair employees that your information has been compromised to thwart any attempt at fraud. We do not transfer funds without a callback to you to establish the destination. We will not act on an email alone.
- We will alert your custodian (BNY Mellon/Pershing/Schwab) so that they will also be aware. Your custodian will not act on any direct instructions without contacting Altair, in general. No new accounts will be opened or loans taken out without your permission.
What To Do if You Are a Victim of Identity Theft
If you have become a victim of identity theft or think you may have become a victim, it is important that you take the following steps:
1. Immediately notify all four credit bureaus that your identity has been compromised.
EQUIFAX: Report Fraud
EXPERIAN: Report Fraud
TRANSUNION: Report Fraud
INNOVIS: Report Fraud
Examine all credit reports carefully and report any fraudulent activity in writing to the credit bureaus and the credit issuers.
2. Report the crime to your local police office.
If the crime occurred in another city or town, you should consider filing a report there too. Before you leave the police department, review the report to make sure it lists all fraudulent accounts. It is also important to request a copy. Credit card companies and banks may require you to show the report in order to verify the crime.
3. Contact any creditors named in fraudulent accounts.
If your credit report shows fraudulent accounts opened in your name, contact those creditors immediately by phone and in writing.
4. Report suspicious brokerage account activity.
You do not have the same protections against loss with brokerage accounts as you do with credit cards or bank accounts. The SIPC will only restore customer funds when a brokerage firm fails. If you suspect your brokerage account has been targeted by a thief, immediately report the incident to the brokerage company and notify the Securities and Exchange Commission (www.sec.gov) and the National Association of Securities Dealers (www.nasd.org).
5. Consider a legal consultation if necessary.
If creditors and credit bureaus are not cooperative in removing fraudulent entries from your credit report, you may want to consider consulting with an attorney to determine if legal action is necessary.
The material shown is for informational purposes only and should not be construed as accounting, legal, or tax advice. Altair Advisers LLC is a registered investment adviser with the Securities and Exchange Commission; registration does not imply a certain level of skill or training. While efforts are made to ensure information contained herein is accurate, Altair Advisers cannot guarantee the accuracy of all such information presented. Please see Altair Advisers’ Form ADV Part 2A and Form CRS at https://adviserinfo.sec.gov/ for additional information about Altair Advisers’ business practices and conflicts identified.