8-4-06
Losing Yourself
Identity theft, and the fear of it, seem to incite an anxiety out of proportion to the risk. This irrational response is understandable. I remember well the chill I felt years ago when I looked across a restaurant in Louisville and saw a man who could have been my long-lost twin brother (if I had had one). How much worse, then, is a harmful doppelgaenger?
Many people are desperately afraid that they will inadvertently do something that triggers an identity theft. At the same time, though, they also see it as a random, cataclysmic event that they cannot prevent, similar to a lightning strike. These two fears seem contradictory, but they are not.
Don’t Hand It to Them
Identity theft is in many ways a product of the information age. Once he has a starting point, the thief can aggregate data from many sources virtually instantaneously, giving him all the pieces he needs. Too often, the victim provides that beginning bit.
Consider trash. Can you truthfully say you have never thrown away a piece of paper with an account number on it: a credit card chit from a purchase, or a bank statement, or a bill? I doubt it. How about something with your Social Security number on it? If you shred all those – and you should – great. Have you ever just tossed a cd with computer files on it? And what do you do with expired credit cards? Just remember: going through someone’s trash and retrieving items is not illegal.
Stealing mail is illegal, but it’s done. You should know what time of the month your regular bills arrive. If they are more than a day or two late, call the creditor. And when you pay your bills, do not put the mail out for the carrier to collect. That envelope has a bonanza for an identity thief: your credit card information, your bank information and a sample of your signature to copy.
The Human Factor
As people have become more fastidious about shredding or otherwise thoroughly destroying tangible forms of data before discarding them, social engineering has taken over as a way of obtaining personal data.
Long ago – before caller ID – giggly teenagers would make prank calls pretending to be from the phone company. They could usually find someone gullible enough to “help them check the line for trouble” by following instructions to stand at attention, move the phone to the other ear, then face the other way, walk across the room, and so on.
Their grandchildren or great-grandchildren are now using the same technique to hack into corporate and government computer networks. Using spoofed (fake) caller ID, they call a random extension and claim to be from the IT department. They say they are having trouble with the password function and need the victim’s password to make sure it’s working properly. It may take 20 calls, but someone will give it to them.
You’ve probably seen the e-mail equivalent, called “phishing.” These are the e-mails that purport to be from Paypal, or eBay, or this or that bank, claiming that there has been a security problem and that if you don’t respond immediately reconfirming all sorts of information, your account will be closed. Some of them are highly accurate copies of legitimate formats from these institutions, but clicking the link will send the information to the thieves.
Most people now know better than to respond online that way. The standard advice is to communicate only from what you know to be the business’s real Web site – that is, open your browser and type in “www.ebay.com” or whatever the URL is – or to phone the institution.
The newest version of this scam (dubbed “vishing”) respects this advice. The bogus e-mail includes a phone number for you to call. Of course, it’s not your bank’s number: it’s the scammer’s number, usually relayed through the Internet to a remote country.
Again, most people know better. But even people who do may be in a hurry or flustered, or might have had a legitimate problem to which this could seem to be a response. If the scammer has sent out several hundred thousands of e-mails, even an infinitesimal response rate is sufficient.
A Tax Digression
Some of these phishing and vishing excursions recently have claimed to come from the Internal Revenue Service or a non-existent agency within the Treasury Department.
Let me make this clear: the IRS never communicates by e-mail.
The Scary Part
You can and should take all these precautions. But many places already have your information, and your identity is only as secure as their data protection. You’ve seen the news stories about mega numbers of information lost by a company or government agency.
Now, think about how many theatres you have worked for in your life. What percentage of them would you characterize as hapless or inept in their management? Just remember each of them has payroll records with enough information about you to launch an identity theft.
Are you cringing yet?
How many online merchants do you allow to store your credit card information for future visits? I’ll admit to three. I am certain that American Airlines, Amazon.com and Staples have the best data security possible. I am equally certain that one of them will eventually be breached.
All you can do, ultimately, is to be cautious about giving out information, and alert to the early signs of trouble. The earlier it is caught, the easier the clean-up will be.
So, no matter how much you hate it, open your credit card bills and bank statements the day they arrive and check them for dubious transactions.
Check your credit reports regularly. Everyone in the United States is entitled to a free credit report once a year from each of the three major credit bureaus. (See www.freecreditreport.com.) Since they all draw on the same data sources, this means you can check one every four months.
And considering adding identity theft insurance to your homeowner’s or renter’s insurance. Most companies will cover much of legal fees, time off work and other costs of clean-up for a modest premium.
You know, just in case you’re the person struck by lightning instead of the guy next to you.
Are there money or tax questions you would like to see discussed in this column? Let me know, at 2835 N. Sheffield, Suite 311, Chicago, IL 60657, or call 773/525-1778 (888/525-1778 toll-free outside the Chicago area) or e-mail greg@gregmermel.com.
Greg Mermel is a certified public accountant whose clients in the arts range from individual performers to major theatre companies and suppliers. He has also been known to produce theatre.