Set up Your Financial Accounts As If You Are About to Be Hacked
In the past week alone, Experian , Facebook and Google have experienced (or disclosed, in Google’s case) security breaches of varying severity, potentially revealing people’s personal information. Not to mention Equifax and more than a thousand other violations last year.
That’s why it’s important to defend yourself when it comes to your financial security and set up your accounts as if you are about to be hacked, as Shira Frenkel writes in the New York Times .
The most important step is also the most obvious: creating a strong password. “If I could get people to stop the two practices, they would be: don’t use an obvious password like your name, your child’s name or your birthday, and don’t use the same password for everything,” Frenkel writes. Use a password manager. Lifehacker loves LastPass and 1Password .
Then take your credit report and open your bank statement. Scan each one for signs of fraud. As Lifehacker previously wrote , “Credit reports don’t capture everything, for example if someone steals money from your bank accounts or investment funds … ChexSystems, which is used by banks to verify customer identities, offers a security warning and blocks it. makes it difficult for fraudsters to open fraudulent accounts. ” If you find anything suspicious, contact your lender or bank.
Consider using a single service like Mint to keep track of all of your various accounts so you can more easily check them all for strange activity. Also check your child’s credit report .
Then, freeze your credit reports at three major credit bureaus: Equifax ,Experian, and TransUnion ( now free ). When you need to unfreeze them, Equifax requires a password, while TransUnion and Experian require a PIN (don’t lose it the first time you freeze your account, otherwise getting a new one is a headache ).
Turn on two-factor authentication for all of your accounts that allow it (and consider not using services that don’t offer it if they need your financial information). Remember, Lifehacker previously wrote , “If a site wants you to list, say, the first car you bought as the answer to a restore question, you don’t have to. You can write whatever you want, as long as you remember that your “first car” was actually “[insert fake answer here]” “. Better yet, use a password manager to track your responses.
You should also be wary of calls, text messages, and emails from someone claiming to work for your bank, brokerage, etc. your social security number is from a number associated with your bank, only for it to turn out to be a pretty tricky scam. If you receive a message, call your bank and ask someone to speak to you. If they call you, ask if you can hang up and call back, no matter how urgent they present the situation. This is also true of a government agency like the IRS – chances are they don’t call you , and they definitely won’t call you and threaten you with jail time, even though this is a common scam.
Remember that you do not need to share your personal information, such as a social security number, just because someone, such as your doctor, asks to do so. “When in doubt, ask why you need an SSN, or leave it blank,” suggests Kiplinger . “Some companies need a number so they can track you in case you can’t pay your bills. An alternate identifier — say, your phone number — might be enough. “
Finally, set a calendar reminder to check one of your free credit reports every four months down the road. You may also want to consider a credit monitoring service for an extra layer of protection. But remember also that the best thing you can do is treat each new account or service as if it were about to be hacked the next day: choose a strong password, enable two-factor authentication, and be careful about the information you transmit. And be vigilant.
Updated October 10, 2018 12:00 PM: This post has been updated to reflect that you need to select a six-digit PIN when freezing your TransUnion credit report.