Freezing Credit and Protecting yourself from Phishing.

I had a family member reach out to me this week after after she had been repeatedly contacted by various people asking for personal details like social security number, credit card information, bank account details, etc.  All callers issued various threats that if they did not provide the requested information that their accounts would be shut down, or some poor credit report would be filed.

In one case unfortunately, the caller was so convincing that some of requested information was disclosed.  And almost immediately I was contacted.  Thankfully because the contact was immediately made we were able to take action!  I drove down and maintained a socially distanced visit (if your reading this in the future look up COVID-19 pandemic) to help freeze the families credit and to explain what we were doing and why.

Because personal information was disclosed we collectively wanted to make sure that no new lines of credit could be taken out until new accounts could be issued, and the banks became informed of what was going on.  We created accounts for the two family members with the three credit bureaus in the United States, Equifax, Transunion and Experian (note links are only valid at the time of this writing) and frozen their credit.  The unfortunate frustration of going through this process was very eye opening, as these family members are from a generation where such things did not happen to individuals.

Unfortunately in this day and age, a single response is not usually not enough to protect one's family from modern day fraud.  So the following morning I sent the following email with the subject line "Follow up from last nights credit freeze." the only modifications has been redacting names:

Hi "X" and "Y"!

I hope this note finds you in good spirits, and with the knowing that you are both loved and cared for by my lovely bride and myself.  Thank you for your hospitality and for letting me spend some time with you last night, it's always a pleasure to see you both.

As a follow up to our discussion yesterday, I wanted to give you a few brief notes on what else can be done to protect yourselves from identity theft.  Please keep in mind, these are only steps that I personally follow, they have been effective for me.  But I am NOT a subject matter expert on this sort of thing.

  1. If someone calls you and claims they represent a vendor, a bank, or some other organization you have an account with.  Thank them for their call, ask them for the reference number, transaction id, account number or some other identifying piece of information.  Once you have that information hang up and call the published 800 number for the organization they claim to represent.  This will protect you in that if someone has your phone number, you have the power to confirm that you are indeed speaking with the organization.
  2. Contact your bank as soon as practically possible and explain what has happened with you accidentally giving out a password, credit card number, etc.  Ask them to be on alert for any potential fraud on your accounts.  You may also ask them if it would be practical to have new accounts issued and have your funds rolled over into those accounts.  The latter option will require the both of you to physically go to your bank to do that.  But the new information is something that will not be exposed.
  3. I know that "Y" has already done a great job at working with your credit card companies and has put them on notice that fraud has happened.  To combat this, we have frozen both of your credit records with the big three credit bureaus (Equifax, Transunion, and Experian) last night, so any further attempts to get credit in your personal names will be halted immediately.  Another item you can do, if you can reach out to your credit card companies and request that they issue you new credit cards with different numbers.  This will negate any potential fraudulent transactions that are in progress with your existing cards.
  4. Begin the process of changing your passwords for all of your accounts.  Last night the three of us setup lastpass on "Y"'s phone and her computer.  With that software in place, every account you have can have a unique and difficult to compute/guess password reducing the risk of anyone getting into your existing accounts.  While I know the idea of this is painful and the task arduous I would recommend that both you and "X" do this on all of your accounts and on your phones.  I can help you with this if you would like the help.

Those are the four big ticket items I can think of that would be helpful.  Please note again, that I do not know how you would go about doing the above items for your home business as it is a separate legal entity.  If you have any concerns on that front, please reach out to your legal council.

I know that the last forty eight hours have been difficult and emotionally draining, my lovely bride and I stand ready to provide practical aid in any way that we can.  We both send our love and look forward to hearing from you both.


Now, this entire post can seem odd and out of place for someone who likes to write things about technology.  But I personally believe that in the time we are living in, we will all have a friend or family member who will become a victim of phishing at one time or another.  Because of this, I would like to have written down some at least preliminary things that can be done immediately to help protect those that we love. And while I am certainly not an expert,  there are many things that can be done after the fact to prevent long term consequences from following people around.