I'm terrible at telling lies. It's a fact. If you've ever met me in real life, you know that this is true. You can usually root out the truth from me in the matter of a few minutes. I can't keep a straight face. I'm an Anderson-Cooper-level eye-roller at the best of times. It's the reason I never win at poker (ok, one of many reasons).
So when Adam K. Levin, a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance, told me that one of the best ways to protect yourself against identity theft was lying, I did a double take. Lying?
Absolutely, says Levin, a former Director of the New Jersey Division of Consumer Affairs. When you set your password for email and financial accounts, you are typically asked a series of security questions. The answers to those questions are used to help you retrieve passwords and other information if you forget your password. However, as with your passwords, if you use the same security questions and answers from site to site, hackers can use information from one account to gain access to your other accounts. Sometimes the answers to those questions - commonly referred to as "out of wallet" information - can simply be lifted from social media or other sites.
Remember that cute snap on Instagram about your high school mascot? Or the meme on Twitter about your first car? Or that survey on Facebook about which concerts you attended? Your answers may make you vulnerable to identity theft.
When information gleaned from social media sites can be matched to other data - say, from a recent hack or breach - it's incredibly valuable. It can be used not only to access your existing financial accounts but also to open new accounts in your name. Identity theft, when someone uses your personal information such as your name, Social Security number (SSN) or other identifying information without your permission, can also be used to fraudulently filing a tax return to claim a tax refund: identity theft for tax purposes is so popular that it was named one of the Internal Revenue Service's "Dirty Dozen Tax Scams For 2017."
Thieves don't need a lot of information to make a big impact. Once scammers or hackers have used the information from your security questions to access one account, they've typically hit the jackpot. Since we tend to use the same password over and over, thieves can attempt to access multiple accounts by using the same credentials. That's why security experts like Levin advise you to use a combination of characters that would be difficult for someone else to guess and not to use the same password for multiple accounts.
But even the most difficult-to-crack password is still vulnerable if your security questions are accessible. That's why Levin suggests that you consider lying when you answer. Why, he asks, does your bank or credit card company need to know the real name of your pet or the street you grew up on? That kind of information may be easily available on the web - on Instagram or Facebook, for example - if you tell the truth. But if you lie? You control the answer.
It got me thinking: why can't I decide that the first car I ever owned was a Jaguar E-Type? Or that my mother's maiden name is Cumberbatch? But, I wondered, would I be able to remember my fake answers?
Levin says that clearly you need to be able to remember the fake answers - forgetting the answers to your security questions can cause all kinds of problems. That can be the tricky part. Using a consistent lie is a good idea, and Levin suggests that it's not a terrible idea to write those down someplace safe if you're worried you might forget.
Why go to all of the trouble to lie in the first place? Numbers. There have been, says Levin, at least four major breaches revealing 120 million Social Security numbers in the past year. The reality is that your ability to control how much personally identifying information might be "out there" is limited. But that doesn't mean you should give up trying to protect your identity. Your identity is an asset. You don't leave your car unlocked with the keys in the ignition when you park. And you don't leave your front door wide open when you walk out of your house. You take precautions. So why be careless with your identity?
Levin advises in his book, Swiped, that when it comes to identity theft, you should be aware of the three M's: minimizing risk, monitoring your identity, and managing the damage. While there may be services that can help monitor your credit and alert you when there is a problem, when it comes to taking control of your identity, Levin maintains that this is something that no one can do but you.
It may feel overwhelming. After all, you're just one person. But you shouldn't be complacent: your personal information, once stolen, can be used for a variety of thefts and scams - from medical theft to mortgage applications - making one profile as valuable as the next. "To a scammer," Levin counsels, "Everyone is Kim Kardashian."
