I may have had my identity stolen. What should I do?

I may have had my identity stolen. What should I do?

My iPhone’s been hacked!  We hear this almost every day. And in every case, after listening and asking a few qualifying questions, what we find out is that the iPhone isn’t hacked; the caller is suffering from identity theft.

This is the starter playbook that we our Trusted Internet Virtual CISOSM team offer during our first encounter with a victim of a potential identity theft.

Identity theft is most often caused by the loss of usernames and passwords. 

Here’s a checklist:

    Freeze your credit files with EquifaxExperianInnovisTransUnion, and the National Consumer Telecommunications and Utilities Exchange for free. Credit freezes prevent someone from applying for and getting approval for a credit account or utility services in your name. 

    Immediately change your passwords across the board. We find users using common credentials across multiple accounts in almost every case.  Create complex passwords that identity thieves cannot guess. Change your passwords if a company that you do business with has a breach of its databases. 

    Enable two-factor authentication. As soon as possible, or while changing passwords, get on Two Factor Authentication. Most banks offer it. Where not possible, request it or call Trusted Internet for a Duo dashboard. 

    Perform a search for yourself for potential areas of loss and remediation options. You can also attempt to perform this yourself. We usually engage a brand monitoring tool like Brand24 to monitor open-source information (news, social media, etc.) for high-level threats. When we find something suggesting a deeper look, we recommend Trusted Internet.

    Purchase a credit monitoring service. I’ve used Zander monitoring service for years, but there are several good ones on the market – Toms Guide offers a good breakdown of what they believe to be the top 10.

Where user credentials have been compromised, assume your office and home to be compromised as well. 

    Install layered cyber security measures. Next-Generation Firewalls block botnets from entering (or exiting) networks. If your credentials have indeed been stolen, there’s a likelihood that they may show up in a dark web marketplace. Botnets will visit you. Install a firewall now. 

    Consumer-grade antivirus is rarely enough. Trusted Internet sells primarily Fortinet products, including their endpoint protection application (FortiClient). In recent CyberRatings testing, Sophos Home Premium ranked number one. Where we don’t install FortiClient, we normally recommend Sophos Intercept X.

    Monitoring is a must. Because most Identity Theft occurs because of lost passwords, there's a high probability the attacker will try again. 24x7 Continuous monitoring should be considered a requirement.