An 89-year-old in Port Townsend receives an email that includes one of her account passwords. The sender demands $2,900 in bitcoins and threatens to notify her friends and family that she’s watching porn online.
Of course she isn’t, she tells the AARP Fraud Fighter Call Center. She knows it’s a scam but has no idea how her password was stolen or what to do.
A Seattle woman had her identity compromised after a family friend, hired to house-sit, rifled through financial documents and set up multiple accounts online using the homeowner’s information.
“It took her years to clear this up,” recalled Jean Mathisen, director of the AARP call center from 2006 to 2014. “One of the things that became clear to me was that as older folks, we’re more likely to have people come into our homes and do things for us. We have to really be cautious about leaving information where people can see it.”
Any tidbit can have value to an identity thief, whether it’s nabbed online or on paper, according to Chuck Harwood,
director of the Federal Trade Commission’s Seattle office.
“You might think, How would a random password or username be useful? The crooks get them and use what are called account checkers and brute-force tools—software that constantly tries to gain access to other sites,” Harwood explained.
In AARP Washington’s 2018 survey “Up for Grabs: Taking Charge of Your Digital Identity,” 62 percent of state internet users failed a digital-identity quiz. Some survey recommendations:
- Freeze your credit reports. This means no one can access the information or use it to open a new account in your name; under a new federal law there is no cost to freeze or unfreeze. Alternatively, placing a “fraud alert” on your credit history requires that a merchant take reasonable steps to contact you first when presented with a new credit application.
- Create online accounts and monitor them regularly. Only half of the Washington adults surveyed had set up online access to all their credit card accounts; 27 percent said they don’t access them online. Of people who stayed offline, 41 percent said they “feel safer” that way. The reality is that secure online access to financial accounts allows you to spot and report discrepancies more quickly than waiting for statements in the mail.“I don’t think what makes you more vulnerable to identity theft is being online,” Harwood observed. “What makes you more vulnerable is how and where you share information.”
- Strengthen passwords and privacy settings. Privacy protection means watching what you post on Facebook and other social media sites and limiting who can see it. And 45 percent of Washingtonians surveyed said they use the same password for multiple accounts, increasing the damage hackers can do if they breach any of them.
A 2016 password-psychology survey by LastPass (an online password-management site)and market research firm Lab42 found that despite the risk of reusing passwords, 61 percent do it. In the “Up for Grabs” survey, 6 in 10 Washingtonians said they think it’s “inevitable” that their personal information will be stolen.
Harwood believes being proactive makes a difference. “The first step is to do something—and do it now.”
Chris Thomas is a writer living in Seattle.