Safeguard your identity; keep your personal information secure
Is someone using your personal information to make purchases, withdraw funds, open credit card accounts, apply for loans, or file income taxes? Have you been contacted about a compromise of your information in a data breach? Have you recently lost your wallet or purse? Being a victim of identity theft can cause anxiety and frustration, but there are corrective and preventive steps you can take. The good news is there are more resources than ever before for victims of identity theft, and most institutions have implemented fraud protection and alert processes that make it easier than ever to report and recover from fraudulent activity.
Below are some precautions you can take to lessen your likelihood of becoming a victim of identity theft, as well as some steps you can take if you are the victim of identity theft.
Medical and financial data
Limit what you carry
In terms of credit cards and identity documents, carry only what you need and keep what you don’t need in a secured (locked) location.
Safely dispose of personal data
Shred instead of simply discarding receipts, bank statements, credit card offers, medical or insurance related documents and offers, and any other personally-sensitive information.
Control pre-approved credit and insurance offers
You can opt out of receiving pre-approved credit and insurance offers in the mail, either for a period of five years or permanently. To opt out call 1-888-567-8688 or go to optoutprescreen.com. More information is available on the U.S. Federal Trade Commission (FTC) website.
Tax identity theft
Learn how to protect yourself from tax-related identity theft and IRS imposter scams with the following resources:
- TAXES. SECURITY. TOGETHER. (Security Awareness for Taxpayers; PDF hosted by the IRS)
- IRS Taxpayer Guide to Identity Theft
- See the FTC Events Calendar for free webinars and chats.
Be cautious when handing over sensitive data
If you are asked to disclose sensitive data to an employer, medical professional, school, or tax professional, ask how that information will be used and stored. If you’re not sure, ask why they need the requested information, and about the consequences if you choose not to share it.
Safeguard health plan data
Don’t share health plan information with anyone offering free services or products, and be sure to destroy prescription labels when you discard bottles/packaging.
Identity theft fraud monitoring and recovery services
Fraud monitoring and recovery services are offered by many providers. It’s important to compare the provisions, costs, and benefits of different plans. For more information on these services and the types of monitoring and recovery services available generally, please see the FTC’s Identity Theft Protection Services website.
NYU offers identity theft protection as a voluntary benefit for full time employees. For more information, please see this NYU Identity Theft Protection website.
Passwords and computers
Securely wipe digital storage and mobile devices
Manually deleting documents stored on a device does not erase them from memory. Even files that were emptied from the device’s trash can potentially be retrieved. You can use a utility program to overwrite a hard drive or wipe a hard drive. Hard drives can also be shredded.
- Hard drive shredding may be an option to consider if you have multiple hard drives for disposal. There are many vendors who offer hard drive shredding services, and most NYU administrative units contract with a company to provide this service. For more information, check with your department’s administrative staff.
- A utility program that offers free open-source data wiping software for personal use is DBan.
- Mac hard drives may be manually wiped as follows:
- Make sure your Mac is powered off.
- Press the power button.
- Immediately hold down the command and the R keys.
- Select Disk Utility from the OS X utilities list.
- Select the disk you’d like to erase by clicking on it in the sidebar.
- Click the Erase button.
- To manually wipe a computer using Windows 10, please see How to perform a secure disk wipe with Windows 10’s Format command.
- Before disposing of a mobile device, transfer data to your new device, and seek information from the device manufacturer on how to permanently wipe data from the device being discarded. For laptops, see the information above regarding hard drive shredding/wiping.
- Lost or stolen NYU-provided mobile devices should be reported to NYU Public Safety at 212-998-2222.
Follow password best practices
Use unique, long, and strong passwords (12+ characters composed of lower case letters, numbers, and symbols). For more information regarding password best practices, please see the Connect article Under Lock and Passphrase.
Some basic tips include:
- Use different passwords for each of your accounts. Use of unique passwords ensure that the compromise of one account won’t occasion the compromise of other accounts, as scammers will attempt to use any credentials they obtain in a variety of sites.
- Do not reuse passwords.
- Where possible, secure all devices with a lock-screen passcode or biometric identifier such as a fingerprint.
Activate built-in firewalls
For more information on activating built-in firewalls, please see the ServiceLink knowledge base article Security Education: Recommendations for getting secure.
Limit what you share online
Be selective when sharing information about yourself and others. Scammers regularly review social media accounts to gather information for targeted attacks. Avoid any unintended sharing by customizing your social media privacy settings.
- For information on managing your privacy settings for Facebook, Twitter, LinkedIn, Instagram and Pinterest, please see The Ultimate Guide On How To Manage Social Media Privacy Settings (SocialPilot).
- Never share information on social media that you use to answer security challenge questions, such as “What was the name of your childhood pet?”.
Perform system and application updates promptly
Updates to operating systems or software applications are often released in order to patch known vulnerabilities and should be installed as soon as possible after they become available.
Ensure online transactions are secure
When performing online transactions, look for the locked padlock icon in your browser’s address bar, which indicates a secure site.
Online transactions should only be performed over secure, password-protected wifi (e.g., NYU Roam Wireless or your home wifi). Online transactions conducted over public wifi with a password made broadly available may not be secure and your credentials may be compromised. Additionally, online transactions should not be performed on public computers, such as hotel or library computers. If possible, avoid logging into any of your accounts on these devices. If you must do so, change your login information from a secure device/connection at your first available opportunity afterwards.
Enable multi-factor authentication (MFA)
Activate multi-factor authentication (MFA) on all accounts for which it’s available. This type of authentication adds a second layer of security following your initial authentication with your username and password. For example, you may be asked to enter a code received via a secure app. NYU requires the use of MFA to access critical systems and services. See the NYU IT website for more information about NYU Multi-Factor Authentication.
Be aware of suspicious website pop-ups
Some sites might be programmed to display pop-ups purporting to be from reputable services such as Microsoft and Apple, offering you tech support, antivirus software, and other services. In these scams, malicious actors are seeking your credit card information or are attempting to install malware on your device. They may even direct you to a website offering phony customer testimonials. Microsoft, Apple, and other reputable tech and security companies will never reach out to you in this manner.
To close suspicious web pop-ups, force quit your entire web browser using Ctrl+Alt+Delete on a PC or Option+Command+Esc on a Mac. Clicking any of the pop-up elements, including “Cancel” or “x” on the dialog may trigger the installation of malware and closing the browser tab will be ineffective.
Be wary of unsolicited email appearing to be from a known sender
Scammers will sometimes attempt to steal your confidential information by posing as a reputable source, such as your bank, by sending an email with an embedded link to a “spoofed” page that looks similar to your bank’s (or other organization’s) website. On that page, you will be asked to enter your login credentials. Once entered, the credentials are stolen/compromised and the user is redirected to the legitimate site. It is recommended that you never provide credentials after clicking a link embedded in an email. For more information, please see the following Connect articles:
Steps you can take if you believe you are the victim of identity theft
- For specific steps you can take, based on the type of information that was lost or stolen, please see the Federal Trade Commission (FTC) website.
- You can report identity theft and get a recovery plan at the FTC’s Identity Theft website.
- Report any unauthorized transactions as soon as you detect them. Call the companies where fraud occurred to put a freeze on your accounts.
- Change logins/passwords/PINs for all impacted accounts.
- Consider placing a fraud alert with one of the three credit bureaus. The credit bureau you contact must inform the other two:
For more information on fraud alerts, please see the FTC consumer information web page.
- Obtain free credit reports from Experian, TransUnion and Equifax via annualcreditreport.com or by calling 1-877-322-8228. You are entitled to one free report per year from each credit bureau, so you may wish to space them out throughout the year.
- Beware of other websites or browser pop-ups offering you access to a free credit report. If you get a phone call, email, or pop-up from someone claiming to be from one of the three credit reporting bureaus or annualcreditreport.com, offering you a free report, it’s likely a scam. For more information on credit reports, please see the FTC consumer information site’s free credit report page.
Consider a credit freeze or lock which limits access to your credit report, making it difficult for identity thieves to open accounts in your name. For more information, please see the FTC’s credit freeze webpage.