Debunking the Top 10 Identity Theft Myths

In today’s world, we have been trained never to click on links or attachments that arrive in suspicious emails because they’re usually malicious efforts to get your personal information. That’s always a good rule to follow, but scammers are clever. They’re on to the fact that we’re on to them, so they continue to devise new and more sophisticated ways to steal identities and financial information.

No one is immune from becoming a victim, but arming yourself with knowledge and good security habits will help you safeguard your financial future. Let’s start with identifying and debunking the Top 10 Identity Theft Myths, and then establishing best practices to protect your identity, both on and offline.

Myth #10: Identity thieves are mysterious, scary people.

While identity thieves can, and do, exist in dark places, they can also live in the same neighborhood, shop at the same stores, frequent the same coffee shops and even work in the same office as you.

Protect Yourself: Always keep a close eye on your devices, and make sure they are password-protected. Never share privileged information, like passwords, with anyone — a friend, co-worker or boss.

Myth #9: Phishing scams are easy to spot.

Until recently, phishing scams — attempts to obtain personal information, usually through email — often included tell-tale signs of deceit, such as misspelled words, improper use of the English language, or an obvious redirect from a legitimate website to a fraudulent page. Scammers are becoming more and more careful, though, and, as a result, are making it harder to spot phishing emails.

Protect Yourself: Be wary if an email has any of the signs listed above, and/or claims there’s a problem with your account or payment information, asks you to confirm personal information or tells you to click on a link to make a payment. If you receive a suspicious email, reach out to the company the email supposedly has been sent from, using a phone number or website you know is real, not the contact information in the email. Read this article from the Federal Trade Commission to learn more about phishing.

Myth #8: I know a fake call when I hear one.

Voice phishing, or vishing, occurs over the telephone. The scammer creates a scenario to prey on human emotions, commonly fear, empathy or greed, and convinces the victim to disclose sensitive information, such as credit card numbers or passwords. Vishing calls exploit the fact that we're more likely to trust a human voice, and may target the elderly and technophobic, who may not know about these types of scams.

Protect Yourself: Never give out personal information to someone on the phone, even if you feel pressure to do so. Tell the caller you are hanging up and will call back to a published number for the company they say they represent (a number from the company’s official website, for example). An ethical person will never object to that. See a video of an actual vishing call, and hear how easy it is for a scammer to elicit confidential information over the telephone.

Myth #7: Social media is safe as long as I only share with family and trusted friends.

Friends and family members might not do anything intentionally to expose you to fraud, but when social media posts are shared over and over, it is easy for malicious games, click bait and phony retail offers to get passed to you. In the first six months of 2020, people reported losing a record high of almost $117 million to scams that started on social media platforms such as Facebook, Instagram, Snapchat and TikTok.

Protect Yourself: Review your social media privacy settings, particularly what you’re sharing publicly. Don't participate in online games that ask for the month, day or year of your birth, your mother's maiden name, or the name of your favorite pet. These pieces of information, along with others, can be used to defeat security measures on your accounts and to guess your passwords. Check out this article from the Federal Trade Commission for additional advice on social media safety.

Myth #6: If I am a victim of identity theft, I will get an alert.

Credit monitoring and dark web monitoring are two of the most common types of alert services that help consumers know if their personal information is at risk. However, even the most sophisticated monitoring services can't detect some types of identity theft, such as the "credit account takeover," where a criminal poses as you and takes over your existing lines of credit. Since they’re not opening a new account, credit monitoring will not alert you to this activity.

Protect Yourself: Make sure you have credit monitoring and dark web monitoring working to help you stay aware of risks, but don't get a false sense of security. You still need to review your account statements often. Online banking makes it easy to review your statements and transactions, 24 hours a day, seven days a week, and it allows you to set up additional security alerts. Bank of Utah customers also have access to CardValet, a free app that helps you tailor the settings on your Bank of Utah debit card to monitor and protect against fraud, and to turn your debit card off and on, if needed.

Myth #5: It's no big deal if someone breaches my email.

You may not think you have anything important in your email inbox, but for hackers, email addresses are priceless. They can use the address itself in scams, or even use it to build fake identities to open fraudulent lines of credit. Further, they can rummage through your email account and maybe find a tax return or mortgage application that has your Social Security number, address and date of birth — a gold mine for hackers!

Protect Yourself: Change your password often. If you’re afraid you’ll forget your passwords, use a reputable password manager, an encrypted digital file that securely stores your log-in information for all your apps and accounts. If your email does get hacked, the Federal Trade Commission has good information on what to do next.

Myth #4: I use antivirus software, so I'm fine. I will know if something bad gets to my device or information.

Because antivirus software vendors are almost always playing defense against hackers, using antivirus software will never protect you 100 percent of the time. Plus, many people download antivirus software, then forget about it. Antivirus software needs maintenance and updates, and it needs to remain active on a subscription. Even free antivirus software may have a time limit. Furthermore, fraudsters can get your personal information without gaining access to your computer, by intercepting your online signal while you’re using an unsecured Wi-Fi connection, for example.

Protect Yourself: Update your antivirus software regularly, and make sure your subscription doesn’t expire. Use caution with email attachments; don't open one simply because it looks like it’s coming from someone you know. Don't accept "free" offers on the internet, in particular screen savers, because they can distribute viruses, adware or spyware. If a window pops up on your computer screen and you’re not sure it’s legitimate, close it. Do not click on buttons within the pop-up; even clicking on "no" or "cancel," may trigger a virus or spyware installation.

Myth #3: I use a complex password – a hacker would never be able to break it.

While having a complex password is still a good idea, and required by most companies, gone are the days when a certain number of characters and symbols alone was enough to deter thieves from accessing your accounts. Today, cybercriminals have the ability to run billions of password combinations through sophisticated programs. Breaking into an account can take seconds.

Protect Yourself: Change your passwords regularly – it’s one of the most important security measures you can control – and consider using a passphrase where possible, which is like a password, but longer and more secure. Also, use different passwords for your different accounts. If a criminal is able to gain access to one of your passwords, you don't want it to provide the universal key to unlock all of your accounts. In addition, enable two-factor authentication everywhere you can, which requires you to provide two different types of information to log in to your accounts.

Myth #2: My personal information is already out there. I don’t need to be careful.

Yes, very large data breach incidents, at Equifax and the U.S. Office of Personnel Management, for example, have occurred in the past several years, exposing the personal information of millions of Americans. In addition, hundreds of other smaller data breach incidents occur each year. But this is the very reason that you must be more careful with your personal information, and more vigilant. An identity thief who is intent on "grooming" a stolen identity, that is using the identity for an extended period of time, will look for a victim who is careless with their online and offline habits.

Protect Yourself: Again, change your passwords often. Don't use the same username and password combination for all of your accounts. Watch your banking and other transaction statements for suspicious activity. Take part in credit monitoring and dark web monitoring so you get fraud alerts, and seek professional help quickly if identity theft strikes.

Myth #1: I don't have a lot of money, so I’m not a target. Identity theft only happens to other people.

The Federal Trade Commission's annual report on fraud, the 2020 Consumer Sentinel Network Data Book, estimates that scammers steal as many as 9 million identities each year. The report also shows that identity theft occurs in all age ranges, even young children whose identities can be used to establish alternate identities for illegal purposes. Economic status is not important to an identity thief. Even if you believe you don’t have enough credit or assets to be a target, your identity information is still a goldmine to an identity thief.

Protect Yourself: Stay vigilant. Treat your identity information like cash: Keep it safe, share it only when necessary, and don’t leave it laying out where anyone can find it. And remember, regardless of the balance in your bank account or the credit limit on your credit card, you are still extremely valuable to criminals.

We’re here for you!

Now that you know the myths, the realities and good security practices, also know that Bank of Utah works hard to make sure you, your information and your money is safe. If you think your identity has been compromised, please reach out to us. We will do our best to help you. And keep in mind, Bank of Utah will never call, email or text you to ask for the following:

• Account number
• Username or password
• Social security number
• Personal Identification Number (PIN)
• Birthday
• The answers to your security questions
• A one-time code
• Address

If you’re ever skeptical that a bank call is legitimate, hang up and call back to talk to a bank employee. If you’re skeptical of an email from the bank, call and ask us before you click. Our phone number is 801-409-5000 (remember, fraudsters can spoof this number and make it look like Bank of Utah is calling; don’t forget, we will never ask you for the information above). Our website is https://www.bankofutah.com. Always make sure you have our contact information readily available; never use the contact information in a suspicious email. Also, be aware that you may be asked to verify confidential information if you call the bank.