You're A Target
Deric Palmer was an active-component Marine when it happened. He was stationed in Okinawa and got a call from his bank at 2 a.m. The representative wanted to know if Palmer had just bought a TV at a Wal-Mart in New Jersey.
Palmer had taken out a so-called active duty-alert before deploying. That is a “fraud watch” on his credit file. It required his bank to contact him if there were major purchases on his account.
He told the representative that he had not purchased a television. The bank removed the charge from his balance, canceled his credit card and issued him another one.
“Anyone is susceptible to identity theft,” says Palmer, who now works as a special agent in the Cybercrime Unit for the Army Criminal Investigation Command. “Be proactive. There is a multitude of ways that you can get scammed.”
And current and former service members seem to be frequent targets. One reason is, the personal data for many has been available for purchase on the dark web since 2014. That’s when a hack of the Office of Personnel Management exposed the Social Security numbers and security clearance information of 21.5 million individuals, including current and former military personnel.
Blake Hall, a former Army Ranger and CEO of ID.me, says another reason is, many service members have been conditioned to share their personal information, and former members often use sensitive documents to prove their veteran status.
That attracts notice. According to the Federal Trade Commission, “imposter scams” represent the largest fraud complaint from members of the military. In 2019 alone, the FTC processed 28,413 reports of identity theft from current and former service members
Chris Hadnagy, the founder of Social-Engineer LLC, a company that helps to protect consumers and groups from digital vulnerability, says identity theft victims have to act quickly.
You can freeze your credit, he says. That will stop someone from using your information to open up an account or take out a loan. But then you’re still not safe because criminals “build” a profile from the data that they can collect from and about you.
Scammers use different approaches in getting consumers to “handover” personal information.
“Vishing” is one, says Ryan MacDougall, the chief operating officer of Social-Engineer LLC. This is where adversaries mix contacts or calls in an effort to obtain personal information. MacDougall’s team makes 2,500 calls like that every month to find weak areas in organizations and then warn them.
He says scammers try to sound helpful with statements like, Your Social Security card has been disabled and we’re here to assist.
“Take a step back,” MacDougall advises clients. Use critical thought with questions for yourself, such as, “Is this actually a problem?”
Hadnagy says he once received an email from what he thought was Amazon. The caller said there was a problem with his order. He started to type in his personal information before realizing it was all a scam.
Anyone is susceptible to identify theft.
—Deric Palmer, a special agent in the Cybercrime Unit for the Army Criminal Investigation Command
He uses that same approach as a consultant. His research shows that 72% of people will provide personal data to someone claiming to be in their employer’s information technology staff. Some of that data includes employee identification and Social Security numbers.
It takes work to protect yourself, he says. But it can take years to clean up if your identity is stolen.
Hadnagy says there is vulnerability any time you have large, disjointed organizations. That’s why, he says, so many members of the military have their identities stolen. “It’s definitely getting worse,” he says. “We’re seeing advanced attacks.”
Hadnagy suggests approaches to help like password managers. Examples include “Dashlane,” “Lastpass” and “Onepass.” He also recommends credit monitoring, which is free at credit bureaus like Experian.
You need a strategy to lessen risk with identity theft. That’s the advice of Chris Roberts, a so-called ethical hacker who helps companies and organizations by finding flaws in their information architecture before others can.
“Question more,” he says. “Believe less. Put yourself in the shoes of somebody that wants to take advantage of you.”
“Good passwords will restrict access, but a lot of it is educating yourself,” explains Roberts, who has spoken to Guard audiences, including company-grade officers at NGAUS conferences.
Tools like “Creditwise” and “Privacyrights.org” can help. But often, you just have to rely on the same type of discernment that helps you to survive in the field, he says.
Roberts uses the OODA loop in responding to this threat. That came from the Air Force Col. John Boyd when he advised fighter pilots to observe, orient, decide and act in response to threats. The same can apply to your finances.
Rod Griffin can relate. He had his information taken in an IRS data breach. Now Griffin works as senior director for consumer education and awareness at Experian, one of the major credit bureaus.
Griffin says you can create an “active-duty alert” at credit bureaus, and businesses will take extra steps before opening an account in your name. It’s the same as a “fraud alert.” Both are free and can be taken out in one-year increments.
He also advises to be wary of those around you. “We do see friends and family being sources of fraud,” Griffin says. “They have access to your information.”
The Identity Theft Resource Center is a nonprofit in San Diego that helps victims. It tracks data about identity theft and reported that in 2019, there were 1,473 publicly notified data breaches in the United States, which exposed 164,683,455 sensitive records from the world of business, health care, government/military and banking.
Scammers look for “personally identifiable information” like your bank account number, driver’s license number, physical address, full name and date of birth, and even your biometric data, explains Donna Parent with IdentityForce, a company that makes software to protect consumers.
“This stolen PII makes its way to the dark web through a variety of streams, where criminals buy the information for surprisingly low amounts,” Parent says.
The scammers see it as an opportunity. When you go to work, they go on the hunt, and their goal is your data.
The author is a Sylvania, Georgia-based freelancer who specializes
in military subjects.
Preventing Identity Theft
Personal vigilance is the key to preventing identity theft. Catching and stopping identity theft in its early stages — or before it has even begun — is the best way to protect your money and your reputation. You should monitor your financial accounts closely for irregularities or fraudulent expenses, and check your credit reports annually for errors.
Below are some other recommended steps that you can take to prevent identity theft:
- Shred documents containing personal or financial information.
- Protect your Social Security Number.Don’t carry your card in your wallet and don’t give out your number unless certain it is necessary.
- Don’t give out personal information over the phone, mail or internet unless you know the recipient and their intended usage.
- Safeguard your military ID.
- Never lend credit cards or share account information.
- Don’t click on links in unsolicited emails. Type web addresses you know directly into the browser instead.
- Use complex, secure passwords, not obvious words, dates or numbers, such as a mother’s maiden name, birth date or Social Security Number.
Source: Defense Department