From mobile apps to the Internet, technology has transformed our lives. It facilitates financial transactions and the transmission of information. But it also brings risks. There are weekly news stories about sensitive personal data being hacked online and sold on the black market.
Here are seven questions to help gauge whether you're at risk for online fraud or identity theft:
1. Do you shop online or using mobile apps?
2. Do you pay bills online or with mobile payment apps?
3. Do you use Facebook, Instagram or other social media sites?
4. Do you use the same password or personal identification number (PIN) for multiple accounts?
5. Do you carry your Social Security card in your wallet?
6. Do you wait until the last minute to file your tax return?
7. Have you given up personal information — such as your birthday, phone number, postal or email address, or Social Security number — for entry into a sweepstakes contest or to receive a free gift card?
If you answered "yes" to any of these questions, you're completely normal. But you're also at risk for online fraud, and you should take precautionary measures to protect your identity and your accounts. This doesn't mean you have to avoid using technology. You just need to be smarter about security.
Even if you answer "no" to all of these questions, you're not safe from identity theft and fraud. Just about anyone's personal information may be stolen from paper tax records, medical and death documents, loan applications, or their employer's payroll files. Then the thief may go online to anonymously use your personal data for illicit gain. Either way, technology provides opportunities for creative thieves to commit fraud.
Simple Protection Efforts
You don't have to be especially tech-savvy to thwart these scams. Simply putting your Social Security card in a secure location in your home, installing antivirus software on your personal computer, downloading the latest updates for the apps on your smart device and turning down free offers in exchange for disclosing personal information are steps in the right direction.
In addition, the Federal Trade Commission offers these recommendations to safeguard your personal and financial data from unauthorized hacking:
Be alert to impersonators. Don't give out personal information — including names and addresses, account numbers or biometric data, such as eye color or height — over the Internet unless you initiated the contact or know the person or company you're dealing with.
If a company that claims to have an account with you sends an email asking for personal information, don't click on links in the message. Instead, type the company name into your Web browser, go to its site and contact them through customer service. Or call the customer service number listed on your account statement (not in the email) and ask whether the company really sent the request.
Safely dispose of technology equipment. Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive. Likewise, check your owner's manual or the manufacturer's website before throwing or giving away a mobile device. You want to make sure all of your personal information — including phone books, voicemails, Internet search history, photos and passwords — is permanently erased.
Encrypt your data. Guard online transactions with encryption software that scrambles information you send over the Internet. A "lock" icon on the status bar of your Internet browser means your information is safe when it's transmitted. Look for the lock before you send personal or financial information online.
Keep passwords private and complex. Use strong passwords with your credit, bank and other accounts. Instead of using your mother's maiden name or birth date, think of a special phrase and use the first letter of each word as your password. For example, "I want to go to Australia" could become "!W2go2Au." Combine symbols, numbers, and upper and lower case letters. Use long passwords.
Limit your social networking footprint. If you post too much information about yourself and your family on social media sites, an identity thief can find details about your life and then use them to answer "challenge" questions on your accounts — or to access your money and personal information. Consider limiting access to your networking or profile page to a small group of people.
The IRS also warns taxpayers about tax fraud scams. Tax-related identity theft typically occurs when someone uses stolen personal information to file a tax return and claim a fraudulent refund. Often, victims are unaware that their data has been stolen until they receive letters from the IRS stating that returns had already been filed using their Social Security numbers.
Always file early in the tax filing season — before an identity thief beats you to it. Also, if you receive a notice from the IRS, respond immediately to the name and number printed on the notice or letter. If you believe someone may have used your Social Security number fraudulently, you'll need to fill out IRS Form 14039, "Identity Theft Affidavit."
Call for Help
Dishonest individuals are continually finding clever new ways to exploit technology for their personal gain. Forensic accounting and legal experts can be valuable resources to help safeguard your data and investigate losses when fraud strikes.
Do You Review Your Statements Each Month?
With the prevalence of automated bill payment, many busy consumers don't bother to review their monthly bank or credit card statements anymore. Or they may review only those charges above a certain dollar threshold. But a recent indictment by the Federal Trade Commission highlights how important it is to review every line item on your statements, even the small ones.
In March, a Nevada grand jury indicted a British man living in Las Vegas, Nevada, on 39 counts of wire fraud, aggravated identity theft and money laundering for withdrawing money from victims' bank accounts without authorization. He used the ill-gotten gains to purchase five airplanes, a Land Rover, a Dodge Charger, multiple tractors, five all-terrain vehicles and even a fire truck.
Here's how this scam allegedly worked. According to the indictment, from 2008 through 2013, the fraudster operated a third-party payment processing company that specialized in creating remotely created checks (RCCs). Also known as demand drafts, RCCs are checks created by third-party payees, rather than the account holders. In place of a signature, an RCC contains a typed statement claiming that the check was authorized by the account holder. On behalf of its merchant clients, the company created and deposited RCCs drawn on the consumers' bank accounts.
These legitimate transactions provided access to thousands of accounts. To gain access to additional accounts, the perpetrator purchased "lead lists" that contained detailed personal and financial data of thousands more consumers.
In 2013, he established a phony online business that purported to help consumers find online payday loans. Then he allegedly used the payday loan company to create and deposit more than 750,000 RCCs totaling more than $22 million. Most of the victims never visited the phony payday loan company's website. Instead, the fraudster made unauthorized charges using the personal data obtained from the payment processing company and lead lists.
About half of the fraudulent RCCs were returned by the account holders' banks — often because the consumer noticed an unauthorized charge for $30 on his or her bank statement and disputed it. But the victims never noticed the charges and, therefore, didn't dispute them. When the perpetrator ran out of new accounts to charge, he repeated the scam against accounts he had already charged.
The bottom line? Take a couple of minutes to review your bank and credit card statement every month. If you've gone "paperless" but you're not the type of person who will remember to log in to check your account online, contact your bank or credit card company and request to receive old-fashioned paper copies again.
WILLIAM P. ALLEN, CPA/ABV, CFE
Bill is a member of the American Institute of Certified Public Accountants accredited in Business Valuations (ABV); a Certified Fraud Examiner (CFE) accredited by the Association of Certified Fraud Examiners; and the New York State Society of Certified Public Accountants. He has more than 5 years' experience in public accounting serving both commercial businesses and nonprofit organizations. As a member of the Brisbane team, Bill is responsible for valuation, forensic accounting, and litigation support services. Bill is a graduate of Le Moyne College and has worked with our Firm since graduating in 2006.