After conducting a public cybersecurity awareness seminar in February, and since my interview in April, the Borrego Sun has been interested in getting additional information and tips for people to stay safer online and protect their personal information. This article is the first in a short series to be published periodically, picking up where the interview left off, and focusing on a widespread problem – Identity Theft. Anyone can become a victim – young or old; in school, working or retired; male or female; any race or nationality – identity thieves do not discriminate! The information presented here is not new and is derived from several publicly available sources, as well as personal experience. The Identity Theft Resource Center (www.idtheftcenter.org) is a nationally recognized organization, based in San Diego, that monitors and reports on U.S. computer breaches resulting in loss of personally identifiable information. They offer free services to people who are victims or think they might be a victim of identity theft, as well as dozens of informational brochures on identity theft prevention and reporting. Another free resource is the Federal Trade Commission, Consumer Protection Division (www.comsumer.ftc.gov). In addition, the three main credit reporting agencies – TransUnion, Experian, and Equifax – all offer information on identity theft prevention and protection.

Before getting started, I’m sure there are some of you reading this and wondering, who is this person, what are his credentials in cybersecurity, and why should I read further? Briefly, my background includes working for the City of San Diego for over 36 years, the first 12+ years in law enforcement as a sworn officer and the following 24+ years working in different capacities related to information technology (IT). I became involved in computer systems before leaving law enforcement, helping with the development of San Diego’s county-wide Automated Regional Justice Information System (ARJIS). During the last half of my career with the city, I had 10 years’ experience in emergency management and preparedness, 13 years’ experience in critical infrastructure protection, and 5 years’ experience in cybersecurity management and cyberterrorism defense. I spent the last 11 years in management positions, and when I retired in late 2011, I had been the city’s IT Operations and Security Manager for the last 5 years. I have worked with the Cyber Squad of the San Diego office of the FBI since 1998, and I have been an active member of the FBI’s national InfraGard public-private alliance for critical infrastructure protection since 2002. From 2010-2012, I was on the steering committee and co-chair of the critical infrastructure workgroup for Securing Our eCity, another public-private non-profit partnership (securingourecity.org) with over 300 members across the San Diego region and nation; whose purpose is public awareness and education of cybersecurity (their mission is “to enable every San Diegan to live, work and play safely in the cyber world”). For the last two years, I have been teaching online courses for the Master’s Program in Cyber Security & Information Assurance at National University.

So, now let’s delve into the criminal world of identity theft, one of the most common types of cyber crimes, and learn what precautions you can take to help protect your personal information. If you think you are reasonably safe from identity theft because you don’t use a computer or the Internet to conduct any financial transactions – think again! Even if you don’t conduct online transactions, your information is stored online by retailers, financial and healthcare institutions, whose systems may be attacked. Also remember, people have been impersonating other people for centuries; so, computers and large databases of personal information have just increased a criminal’s ability to perpetrate and hide this crime. Do you know how many different types of identity theft there are? We will discuss one type that relies on the victim having money or high credit limits to make it worthwhile for a criminal, and three types that don’t depend on the victim having any financial resources or require the use of a computer.

The first type, and the one you hear about most in the news, is stolen credit/debit cards or other banking information, where the criminal’s purpose is to take as much money as possible (as either cash or merchandise). The second type, which is not so well published, is criminal identity theft, where someone takes on your identity, often with a fraudulent Driver’s License and Social Security number in your name, they commit a felony, get caught and arrested under your identity; they post bail and leave the area, and now you have an arrest warrant and a criminal record. The third type, which is on the rise, is medical identity theft, where the criminal uses your identity to gain access to medical treatment or medicine. In either case, your personal medical history will be altered to include whatever ‘new’ condition was introduced by the criminal and could cause adverse (potentially fatal) procedures the next time you need medical treatment or prescription medicine. The fourth and last type covered here, is child identity theft, where the criminal takes the Social Security number of a young child and uses it to get a job, take out a loan or get a credit card; often using the child’s name with a different date of birth close to their real age.

There are lots of details for how criminals commit each of these types of identity theft, which we do not have space to cover in this article. One common method to any type of identity theft, which has been used for decades and is still widely used today, is “dumpster diving” – going through people’s trash to find personal information. Unfortunately, criminals will gather personal information from many different sources, until they have enough to create a false identity (in your name). The rest of this article will address some physical protection methods for your personal information, to the extent it is within your control.

One method to see if you might be a victim of identity theft, is to monitor your credit reports (not just your credit score, which is used by lenders for issuing credit/loans). Everyone is entitled to one free credit report per year from each of the three primary credit reporting agencies – Equifax, Experian, and TransUnion. The best place to access your reports for all three agencies, is at https://www.annualcreditreport.com/. You should get a report from just one agency at a time, spread out every four months during the year, so you can review the information without waiting a full year. You should be checking to see if any new credit requests were made that you did not initiate, or if there are any address changes that are not yours, or if credit balances have reached maximum when you haven’t been using the accounts. If you see any discrepancies, immediately notify the credit reporting agency and contact the company that posted the erroneous information (this may be a bank or credit card company). If you think you might be a victim of identity theft, contact your local law enforcement agency (San Diego County Sheriff for Borrego Springs). You can also contact the ITRC for free advice and counseling (888-400-5530, Mon.-Fri., 7:30am-4:30pm).

Physical protection of your personal information is generally a simple task. If something has only your name and address on it, such as an envelope or other mail-related papers, then you can usually just dispose of those in the recycling/trash. However, if something contains your name and any type of account or ID number – including those free credit card applications, and especially your credit card or banking statements, insurance or medical statements, and even a utility bills (water, sewer, gas, electric, cable TV or cell phone) – then you need to use a cross-cut or ‘confetti’ shredder to destroy those documents before they go into the recycling/trash bin. Don’t use a straight-cut shredder, because those documents can be reconstructed fairly easily. For information about ‘pre-screened’ credit offers, including how to stop them, visit http://www.consumer.ftc.gov/articles/0148-prescreened-credit-and-insurance-offers. Another physical security tip – whenever you are using an ATM or logging in to websites on your laptop/tablet or smartphone in a public place, always be aware of your surroundings and who might be watching you (which might be a remote camera mounted nearby, usually overhead). If possible, use one hand to cover the keypad or keyboard while you enter your PIN or password, so it’s not visible from prying eyes. One last tip – if possible, avoid using a debit card at a gas station, use cash (or at least a credit card), because gas stations are prime targets for criminals using illegal card scanners inserted within the gas station’s payment machines.

Protecting your information in cyber space becomes a little more involved and will be covered with some tips and best practices in the next article – Part 2 on the topic of Identity Theft.