Hacked: What I learned when I was credit hacked …

Yesterday, I told the said story about how some bad guys tried to steal my identity and open up credit cards and car loans in my name.

Bottom line: An ordeal that burned up a bunch of my time and caused plenty of angst … but, no serious damage (that I know of).




Now, as a public service, here’s what I learned that may help you …

Remember, I’m not a cyber crimes expert … just a victim with a bit of experience navigating the system.

Here are the takeaways from my experience:

1. Take this privacy stuff and ID theft seriously.  If it happened to me, it can happen to you.  My view: not a matter of “if”,  it’s a matter of when. This is an instance when an ounce of prevention really is worth a pound of cure.

2. Tighten-up user IDs and passwords. If you use common User IDs (e.g. your name), it’s like shooting fish in a barrel for hackers. Similarly, simple passwords are easy to crack. Use letters & numbers, caps & lower case, special characters. Be as random as possible – e.g. don’t just cap the first letter.  Strong passwords aren’t unbreakable to pros, but can hinder the amateurs.

If you’re not yet a believer, see Gotcha: How long does it take to hack a 16-character password?

3. Hold the phone.  Mobile is the weakest link in the security system … by its general nature … and because people are lax re: cell security.  My take: Any and all mobile transactions open you up to trouble. Do your banking via your smart phone and you’re asking for trouble.

4. Subscribe to an ID theft tracking service.  They’re a relatively cheap insurance policy.  They don’t catch everything, but I’ve been impressed with what they detect and how quickly they report what they find – essentially real-time.  And, while they don’t fix the problem, they can usually point you in the right direction.

5. If hacked, immediately place a fraud alert with the credit bureaus (Equifax, TransUnion, Experian). Easy to do online – just go to any of their sites – if you notify one, they notify the others.  Fraud alert lasts for 90 days.  During that time, there are extra levels of scrutiny – including a phone call to you – if somebody tries to dink with your accounts or apply for credit in your name.  Extra bonus: when you place a fraud alert, you get a free copy of your credit report. Note: you can place a 90-day fraud alert proactively … even if you haven’t been subject to suspicious activity.

6. File a police report.  Just call a local station and ask how to do it. In my case, an officer was promptly dispatched to my house.  He was courteous, and efficient.  The entire process took only a few minutes.  Armed with a police report number, you have the option to extend the fraud alert for years, not just months.

7. Read your account statements.  Don’t just glance at them and throw them on a stack.  Scan for unusual transactions, and check your credit max and current balance – if either move unexpectedly, figure out why. Note: Sometimes crooks will hack in and simply shift your credit line to a different (new) card within the account.

8. Heads-up when you complete a big, extraordinary transaction.  I don’t know how or when the bad guys got my info, but I have some suspicions.

  • Last year, I e-filed my Federal taxes for the first time – and all my deep personal info went across the grid.  Soon thereafter, the bad stuff started happening.
  • This year, I sold a house. Lots of folks got a look-see at a lot of my personal info – buy-side & sell-side-realtors, mortgage lenders, appraisers, etc. – with much of the processing done by low level clerks.  Soon thereafter, another flurry of bad stuff.
  • Occasionally, I have mail forwarded from my primary address …  bad stuff seems to happen when the forwarding starts.

All  these things – e-filing, house sale, forwarded mail –may just be coincidental, but the timing makes me a bit suspicious.


If you have any security ideas for me and other HomaFiles readers, please send them in …

* * * * *
Follow on Twitter @KenHoma             >> Latest Posts

4 Responses to “Hacked: What I learned when I was credit hacked …”

  1. james Says:

    Regarding #4, I recommend LifeLock. Great service — I get email and text alerts anytime my social security # is used.

  2. Peter Gasca (@petergasca) Says:

    Great post, Ken. Thanks for sharing!

  3. Peter Gasca (@petergasca) Says:

    One last piece of advice … never use “free” Wi-Fi spot. If you must, never enter any login or password information. Free Wi-Fi spots can often be simply some guy/gal in the vicinity with a hotspot, generating Wi-Fi to everyone around him/her. They can then capture your keystrokes while on the network, compromising any information you have entered.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: