Friday, April 25, 2014
Identity Theft For Real
You read about it in the paper all the time. You and most people you know have probably received lots of the spam e-mails about people who lost all their money in foreign countries asking for financial help or the members of European or African elite whose close relatives have just died. And most often it is just an annoyance of modern day life. But what happens when identity theft gets a lot more close, and invasively personal? Have you had your credit cards received charges you did not make? Or even more intrusive, have you ever filed your federal taxes only to be told someone has used your social security number before you did? Or most violating of all, have you ever discovered that someone broke into your financial accounts--be it retirement accounts, college funds for your kids or any other accounts, and actually stolen your funds? Over the past couple of years, I have experienced all of the forms of identity theft listed above. And most recently, someone broke into my retirement accounts and stole $13K in 5 transactions by opening up a bank account in Virginia in the name of an entirely different identity theft victim. Because my retirement account firm put up a red flag to have 5 transactions made the very morning a new bank account was attached to my account with them, the stolen funds were put on hold, and a week later, recovered. However, the experience of first having my AOL account hacked three times, and then having money stolen from what was thought to be a totally secure, professionally managed retirement account, felt like the modern day version of having someone break into your home in spite of a burglar alarm and no key. I was given a long list of steps I needed to take, from reporting the incidents to the local police, to contacting the FTC, to contacting credit agencies, to hiring a computer security consult to be sure that my computers had not been invaded with spyware or malware. Taking all the steps required countless hours and a chunk of money. And there is no guarantee any of these steps can help identify the thief or prevent this kind of occurrence from happening again. When I first learned that someone had stolen my social security number when I went to file my 2012 taxes, my accountant and I filled out all the paperwork and went through all the added steps necessary for an identity theft victim to first of all file their legitimate taxes and then attempt to make sure it did not happen again. When I went to my file 2013 taxes, voila. Same problem. And this time, after a 45 minute wait for an IRS agent, I learned there is no way to stop it from happening again. I was advised. "Just try to get your taxes in FIRST." I was ready to scream. I filed them in February, as soon as my accountant could provide them given all the paperwork a self-employed person needs to have in place to file taxes! In the case of the stolen retirement funds, my computer consultant was able to find the smoking gun. No malware or spyware on either my MacBook Air or old HP. Instead, having broken into my AOL account using my security question--the one you are asked to answer when someone has "forgotten" their password. I had used my mother's maiden name, and learned from the consultant that most of the security questions--like town you were born in, where you went to high school or college and mother's maiden name--are all very easy to research on the internet. So, for an identity thief, there is no security in answering these questions for real. I was advised to answer these questions with made up answers or complicated algorithms like we are now advised to use for our passwords: the kinds of answers that a regular person could never remember, and end up being locked out of their own account with unless they have a clear system for recording them and accessing them. So, I followed that model, changed my security answers. And voila, this very morning, someone broke into my AOL again twice as I was trying to send an e-mail to a friend! While I am going back to my computer security consultant to ask if any true firewall can be built to keep someone out entirely, I have a suspicion that there really is no way to keep these things from happening again. And yes, people say it is done on AOL, but I have had friends come forward and tell stories of having it done on gmail, yahoo and most every mail service. Cyberspace is a free for all for the most personal and intrusive of crimes in our overly cyber-world. When I went to my financial advisor to set up new retirement accounts (and to learn that not only were funds stolen, but there were early withdrawal penalties for retirement money to contend with as well), both my advisor's right hand man and secretary were horrified, because I was the very first client of theirs who this had happened to. While there are things I am proud to have pioneered, I assure you, this is NOT one of them! Both of them learned from all the steps I have had to take, and took steps to make their own accounts more secure! Long and short, identity theft is real and insidious. You may be able to find the smoking gun of a thief, but their identity is most often invisible. Who they are, where they live and their ultimate motives are beyond discovery. Perhaps a whole new kind of support group is needed for identity theft victims. And honestly, I advocate for the real time, face to face kind of group. For all you know, your on-line group might turn into yet another playground for cyberthieves!