I was a victim of identity theft my freshman year of college. Someone I’d never met used my checking account to spend $600 at a bar in Barcelona.
It was every penny I had to my name.
I’m not sure how this person found my financial information, but ever since I’ve made it my mission to arm myself and my friends against cybercrime.
If you’ve ever worried about keeping your data out of the hands of hackers — and you wouldn’t be alone, a 2014 Gallup poll found that Americans are more afraid of being hacked than of getting murdered — you’ve come to the right place.
Where is your data stored?
Before you do anything else, you need to figure out where your data is being stored. Think about any space that has access to your personal information like your SSN, home address or your place and date of birth.
It’s important to track down all of this data because hackers love to work their way up the information ladder.
How might this look in real life?
Imagine you get a call that appears to be from your bank. You pick up the phone. A representative says that you’ve been “the victim of fraud” and you need to identify yourself with the last four digits of your SSN before they can proceed.
What you don’t know is that the person on the other end is actually a hacker using a program to mimic your bank’s number. Before calling you, they poured over your Facebook page and found that birthday post from your mom where she said the time and place you were born. As CGP Grey explains, that’s all a hacker needs to figure out the first five digits of your SSN — and you just gave up the last four.
If you think this kind of leapfrogging sounds like a stretch, think again. A few phone calls to the right companies combined with good, old-fashioned lying allowed a teenager to break into the CIA director’s personal AOL account. (Why the director of the CIA still uses AOL is anyone’s guess.)
The goal here is to cut down on the number of digital spaces that store your personal information — and make you more mindful of how you spread that information in the future.
How do you protect your information?
Once you’ve got a list of every digital space that contains your personal information, you need to consider how all this data is protected.
These sites should require you to have a password to open an account, but is yours strong enough? A lot of people will use a pet’s name and add their birthday to the end, which is really easy to crack if you’ve ever posted about your pet on social media.
You should also compare your current login credentials against Time’s list of the 25 worst passwords.
So what password should you use? I’ve had luck with condensing longer sentences. For instance, take the phrase “Dose is my favorite website and I like to check it every day” and condense it thus: “Dimfw&Il2cied.” Do you think anyone’s going to be able to guess that?
Sadly, many sites still rely on antiquated security questions to let you access your account in case you forget your password. What’s the point of creating secure login credentials if a hacker only needs to know your hometown to compromise your information?
If there’s no way for you to avoid submitting to these dumb security questions, make sure to choose something that can’t be found on your social media.
What should you do when you’re compromised?
Unlike hackers in TV and movies, real criminals generally don’t announce themselves. A big skull and crossbones won’t show up on your screen and you won’t be given the chance to “hack back.”
Like me, you’ll probably find out about a hack only after you notice a chunk of your money missing from your bank account. This is also why you should be checking your accounts every day.
Once you know you’ve been victimized, you need to immediately call your bank. They’re going to ask you a lot of questions about how this might have happened, but you’ll be able to get your money back relatively quickly and you can then close all affected accounts. Make sure to have new credit and debit cards sent to you.
Contacting the police may be a good idea simply to have the issue on record, but don’t expect any results. As a representative from my bank told me all those years ago, finding online thieves is virtually impossible.
Following your discussion with the bank, you’ll want to purge every password connected to your accounts. If you’re the kind of person that uses the same credentials for every account you have, this is the perfect time to come up with some unique ones.
If you’re really paranoid — or if you have more than $600 to lose — you may want to invest in credit monitoring services. These organizations keep a close eye on your credit reports and will alert you if they run across suspicious activities. Here’s a good list of the best companies to use.
Finally, don’t beat yourself up. You’re the victim here, and it’s not your fault that some ass clown decided to hack you. All you can do is learn from the experience and move forward. You might even get the chance to write about it someday.