05/2019 KIPLINGER’S PERSONAL FINANCE 43someone has taken
over one of your exist-
ing accounts and re-
directed your mail.
You can get free
monitoring of all
three reports through
CreditKarma.com (for
Equifax and Trans-
Union monitoring)
and FreeCreditScore
.com (Experian). Some
paid identity-theft
monitoring services
cover all three credit
reports and offer
other features, such
as scanning of the
dark web for your per-
sonal information and
remediation services
if you do become an
identity-theft victim
(see “Early Alert
Systems for Identity
Theft,” May 2018).
If a suspicious
account shows up
on your credit report,
contact the lender’s
fraud department. If
someone has stolen
your identity, file a
police report and fill
out an Identity Theft
Report at the Federal
Trade Commission’s
IdentityTheft.gov
website, then send
those documents to
the lender and the
credit agencies. The
agencies must re-
move fraudulent in-
formation from your
reports if you send
them the FTC form.credit report. Some banks,
for example, ping a poten-
tial new customer’s credit
report for identity verifi-
cation when he or she ap-
plies to open a checking
or savings account. If you
want to use a third-party
service that offers free
credit scores, access to
your credit reports or mon-
itoring of your reports for
significant changes, you
may have to lift the freeze
when you enroll—or, in
some cases, the service
won’t work at all. Ask a
service which credit agen-
cy’s report it accesses—
you may have to lift the
freeze at only one agency.
To create a My Social Se-
curity account online, for
example, you’ll have to
remove a freeze tempo-
rarily only on your Equifax
report; you can re-freeze
the report after you’ve
enrolled (you won’t have
to lift the freeze if you
go to a Social Security
office to open the ac-
count). Whether or not
retirement is near, it’s
smart to create an ac-
count now to prevent
a thief from opening one
in your name and using
it to collect benefits.STAY VIGILANT. Even if
you’ve frozen your credit
reports, keep tabs on
them. Every 12 months,
you can get a free copy
of your report from each
agency at http://www.annual
creditreport.com. Make
sure that you recognize
each account listed.
A credit-monitoring
service, which regularly
scans your credit report
and sends you alerts of
significant changes, may
be useful even if your
reports are frozen. For
example, a change in ad-
dress may indicate thatPHISHING
Don’t get hooked by
fake messages.
The problem: Phishing can come in the form of
e-mails, texts, social media messages or phone
calls that try to extract personal information
from you or infect your device with malware.
These devious messages may address you by
name, appear to come from a person or com-
pany you recognize, and mimic the look and
tone of communications from your bank, social
media accounts or employer.
If you fall for a phisher’s e-mail or other
message and click on a nefarious link, or open
a malicious attachment, “your computer or
phone gets owned by the bad guys,” says Stu
Sjouwerman, CEO of KnowBe4, a company
that provides security-awareness training.
Criminals can monitor your activity, steal your
log-in credentials to sensitive websites, spy on
you by turning on your camera or microphone
remotely, hold your data for ransom, and more.How to avoid it: KnowBe4’s top-clicked phishing
subject lines in the last three months of 2018
included “Password Check Required Immedi-
ately,” as well as the timely “Your Order with
Amazon.com,” and “Happy holidays! Have a
drink on us.” Kelvin Coleman, executive direc-
tor of the National Cyber Security Alliance,
says phishing campaigns often materialize in
relation to big health scares, natural disasters,
tax season and elections.
Scan e-mails for visual cues that something
is off, such as grammatical errors, misspelled
words or distorted company logos, says Brian
Lapidus, head of identity theft and breach noti-
fication at security firm Kroll.
Examine the “from” e-mail address to see if
the user name and domain are recognizable, or
if they contain subtle typos, such as “@amazom
.com.” Hover over hyperlinks with your cursor
to see if the link that pops up matches the web
address in the message. Instead of clicking
on links from e-mails sent by, say, your bank
or brokerage, type the web address into a sepa-
rate tab. A fishy link may lead to a realistic
mockup of the institution’s website, complete