Power Up Wealth podcast – Episode 88 – Understanding Identity Theft – Prevent and Protect
James Derrick 0:00
Preventing identity theft is essential for your financial security. Today we’re going to talk about how to protect and prevent that identity theft, and we’ll even discuss what to do if the worst should happen. I’m James Derrick, and joining me today will be Shane Thomas.
Sharla Jessop 0:26
Welcome to the SFS Power Up Wealth podcast where we provide impactful insight and expert opinions on timeless financial principles and timely investment topics, preparing you to make smarter decisions with your money.
James Derrick 0:49
Thank you for joining me today, Shane.
Shane Thomas 0:51
Happy to be here.
James Derrick 0:51
Shane is our IT Specialist at Smedley Financial Services. And Shane, we’re always talking about preventing identity theft, but I just don’t feel like we can talk about it enough.
Shane Thomas 1:01
It’s a subject that definitely doesn’t go away. The bad guys are always looking for some way to disrupt your life.
James Derrick 1:08
So sometimes it is online security that we’re dealing with, and we’ll go there in a second. Let’s talk about just good old fashioned a loss of a credit card. If I think I’ve lost my credit card, or maybe my entire wallet. What do I do?
Shane Thomas 1:23
Well, there’s a couple of things. If it’s just maybe one card, maybe you were at the restaurant. If you think you might have left it in the black envelope that the waiter, waitress dropped by with the receipt. Maybe left it in there. You can some of the credit cards have the ability on their app, on your phone, or on the website, or you can call them, and they can just put a pause on that card while you maybe run back to the restaurant check see if it’s there, and if you’re unable to get it, then they can from right there. You can say, hey, that was the last time it was used. You can see your last charges from the app. Or if you call them and talk to them, you can say, oh, those are the last charges that I made, and I can just reissue you a new card. Now if it’s your wallet, then it’s that same problem, maybe times 10, or it’s.
James Derrick 1:23
A little bit harder. I do like the idea of pause, and I’ve seen that on the apps for on my phone, where I can do a pause and not just cancel the credit card, and that’s that’s nice, because, let’s face it, you know, 99 out of 100 times I probably have just misplaced it. Maybe it’s fell out of my pocket, and it’s sitting in my own car or on my own couch.
Shane Thomas 2:32
Fell in between the seats in your car, from when you’re, you know, at the gas station or the drive through, or you left it at the restaurant, and how many things do we have on auto pay that are already set up? You don’t want to have to redo all of that. And then the next day, you find the card, and then you’re like, well, now I have a new card, and I have to set it up with how many different people? So the pause is a nice option.
James Derrick 2:56
Yeah. And speaking of pauses, let’s if we can, we’ll take these out of order from the way that you wrote about them in the latest Money Moxie at SFS. Credit freezes. People intentionally freeze their credits. Talk about that for a moment.
Shane Thomas 3:09
Sure. Freezing your credit is actually not a bad thing to do. You don’t apply for a new credit card every day. You don’t apply for a car loan or a home loan every day, and by having your credit frozen, if somebody does try to get a loan in your name or credit in your in your name, they’re not able to do that. And if you do know that, hey, next week, we’re going to go buy a car, and we’re going to probably need a loan for it, or you’re going to be signing on a house, you can go in to the credit bureau, online and unfreeze or thaw your credit for that time period while you need to process and have them pull credit and do a loan, and then once it’s done, you can go back in and then freeze your credit once again, and that prevents anyone from being able to open a new line of credit under your name.
James Derrick 3:58
Okay, I’ve got a lot of questions on this one. So let’s see if I can remember all of these. First of all, who would you recommend should do this? Is this for everybody?
Shane Thomas 4:08
I would recommend. I recommend everyone, including children. I would recommend. There’s no reason that a child should need to have credit.
James Derrick 4:18
So let’s say I’m, I’m a new father, and I’m not, but let’s say that I that I am. And I’ve got a six month old, they have a social security number. Could, could somebody actually take out a credit card using that social security number?
Shane Thomas 4:33
Potentially, yes. They can also file taxes under that individual and or open lines of credit under that and they you may not find out until that person, your child, turns, you know, 18, 20.
James Derrick 4:46
It could go on for years.
Shane Thomas 4:47
Goes to get a credit card, and they find out that there’s stuff that’s been open under their name.
James Derrick 4:52
That’s unbelievable to me. And so freeze it. You freeze it, and you won’t even have to unfreeze it until they’re 18.
Shane Thomas 4:59
Yeah, until they actually need to, you know, apply for a loan, maybe their first car, and you want to help them, and they, you co-sign with them, or open a credit card for to start building credit, and or they want to sign rent on an apartment, and credit gets pulled, there wouldn’t be a reason until then. And so for most people, you know, including children and especially even aging adults. I mean, how often does my mom go buy a car, you know, or take out a loan? She doesn’t, and so there’s no reason to have her credit just sitting there open. She can have that frozen and prevent anyone from being able to go and take out a loan or open a card under her name.
James Derrick 5:38
Okay? And then, if we are as an adult, freezing and unfreezing the account, then that means that we all need to have login credentials. We need to set up logins with the major credit bureaus?
Shane Thomas 5:52
Correct.
James Derrick 5:53
Okay, so just do that, just like you would for your bank or your investment company.
Shane Thomas 5:58
Whether it’s with Experian, TransUnion, or Equifax, those are the three main credit bureaus.
James Derrick 6:04
You got to set it up with all three?
Shane Thomas 6:05
You would set up an account with each one of those and create a really hard password and and I believe they do ask for the two factor authentication. So whether that’s an email sent to you with a code or a text, or if you use a third party application, an authenticator app, to get a revolving code to get in. But yes, you should set up an account with each of those three.
James Derrick 6:26
I want to go into all of those in just second. One last question. Let’s say that I freeze my credit, and then I go to buy a car and I pull my credit. What’s going to happen? Let’s say that I forget to unfreeze it.
Shane Thomas 6:37
Typically that particular, you know, dealership, if, if that’s where you were at, would get some kind of an alert. And you, when you set up and freeze your credit, you can turn on alerts. So even if you have your credit isn’t frozen and you’re at the dealership, you will get some kind of an alert. To give you an example, last month, I purchased a new car with my daughter. We went into the dealership and applied for the loan. I got a text and an email within five minutes of the dealer running my information to apply for the loan, sent to me that says, hey, you had an inquiry at Equifax for this car loan from you know, this dealer, was this you? So it happens pretty fast, and you’re notified fairly quickly of something happening like that. So at the dealership, most likely they would say, Oh, hey, looks like we can’t pull your credit, it’s restricted, and you can go and unfreeze your credit, or thaw it and try again the next day.
James Derrick 7:38
Okay, I love that, and I appreciate that you mentioned that you can get the emails or the text messages about it as well. I think that just adds to some peace of mind.
Shane Thomas 7:47
Sure, yeah. And then let’s say you have it, you’re in the process of working through that, and you don’t have your credit frozen, and something pops up. You’re like, that’s not a strange why would that have happened? And you could look into it, and it doesn’t affect credit you currently have, like loans already open with companies. Those particular companies you’re using, can still see that you’re making payments on time as they reevaluate your your credit.
James Derrick 8:14
This is just for applying for new credit?
Shane Thomas 8:16
Right.
James Derrick 8:16
Okay, a lot of room for for improvement, for me and probably for a lot of the listeners out there, that would be really helpful. Let’s talk about passwords. Passwords are just, oh, really hard part about living in the year 2025, yeah, aren’t they?
Shane Thomas 8:32
Passwords have been terrible for forever, really?
James Derrick 8:36
Yeah, whoever invented the password, right? But you can’t live without them. So could you talk about good passwords versus bad passwords and the best ways to keep track of them?
Shane Thomas 8:49
Sure. First thing is, every password you should have should be a really difficult password. We call them strong passwords. Don’t use familiar phrases. Don’t use familiar things like birth dates or your kids birth dates, or your kids names, or your dog’s name, your pet’s name. Try to make them really hard. And if it’s hard to come up with a strong password, which it it is, I would recommend 12, 15, 20 character passwords with uppercase and lowercase and special characters. If that’s really hard to do, which it is, I would recommend using a password manager. The password manager generates the passwords for you. It can save the passwords for you, including, you know, the website that it goes to or the app that it goes to, and including the username. So then you’re not writing that down somewhere and making sure that you spell it correctly. So the next time you go to get in, it doesn’t lock you out. And it remembers it so that when you do go to the website, it autofills that password for you, and you’re not having to remember that.
James Derrick 9:54
I really love the password managers, and I appreciate that I can load it onto my computer. And on to my phone.
Shane Thomas 10:01
Yeah.
James Derrick 10:02
And then my wife can have access to it, and she can have access to all of it, or she can have access to portions of it.
Shane Thomas 10:02
Right.
James Derrick 10:02
And I think that is incredibly valuable.
Shane Thomas 10:08
Yeah.
James Derrick 10:13
So what about AI? Is AI having any impact on the possibility of getting hacked, having my password stolen, my identity taken.
Shane Thomas 10:26
There’s always going to be some kind of potential with with AI, because they could be using your voice. They could use your voice from audio clippings from this podcast. They could be using the voice from phone calls and then taking that and piecing it together to become a phrase that sounds like you, that you might have said across 20 different conversations, and piecing it in together into one conversation. So there have been some people that have felt like they heard their grandmother on the phone saying certain things, and it really wasn’t their grandma. It was their grandma’s voice that had been spliced together. Many people have seen different videos online, whether it’s a president or a famous singer splicing their words together to sound like they said something, but they really didn’t. So I mean, AI is something to certainly be aware of.
James Derrick 11:23
That is scary.
Shane Thomas 11:25
Yeah.
James Derrick 11:25
Honestly, very scary. What just today, I was logging into a website with the password manager, so it remembers my long password. I usually do 18 digits, because I figure, why not? Because the password manager makes it easy. So I usually do 18 make it, you know, let the password manager make it for me and make it as difficult as possible. And then still, they ask for two factor authentication. More and more I understand like I’m I should turn that on. If they ask me if I want it, I should say yes at all times. Today, I had the question, how would you like to receive the two factor authentication? And you know, do you want it texted? Do you want it on the app? How do you want it? Could you maybe talk a little bit about the way you might prioritize?
Shane Thomas 12:08
Sure.
James Derrick 12:08
Categorize those options?
Shane Thomas 12:10
Sure, yeah, some of the the two factor options can come as a text message to your cell phone. Some can come as an email to you. Some might come through the app itself. Let’s say you’re logging into Facebook on your computer. It knows you’re already logged in on the app on your phone. So you might have a phone, it might say, check your app on your phone and approve, or don’t approve the login, and you look on your phone and you’ll say, oh, Facebook says, Is this you logging in from this location on this computer? And you can say, oh, yeah, that was me or not. The other option, the fourth one, would be an app that has a revolving code that changes every 30 seconds or every minute. And that option is probably the most secure, because that code is only known in that app, and it revolves all the time. The code going to your email. Let’s say the bad guys are in your email. Your bank sends the code to your email. Well, you can see it well, so can the bad guys if they are somehow in your email, they’ve shown that a text message obviously isn’t secure and that the bad guys have been able to get the text message. So if they’re watching for the code through your text messages, and you’re watching for it, they could potentially get the code that way. But any two-factor is better than no two-factor. If that makes sense.
James Derrick 13:40
That, that makes a lot of sense, and that’s a really good point. So don’t let fear over getting itright.
Shane Thomas 13:45
Don’t worry that if they potentially could get it from your email or potentially from your text messages, you know, or some other thing, it’s better to have the two factor turned on and using it than with a hard password than not using it at all.
James Derrick 14:01
Okay, well said, and it sounds like you like the apps with the revolving number that changes like every 30 seconds. You like that the best you like the app, one next best.
Shane Thomas 14:12
Yes.
James Derrick 14:13
And okay, that’s good to know just in case. And I guess the more important the website is to me, the more I should make sure those things are all turned on and prioritized correctly. Let’s talk about phishing because, wow, it used to be back in the day, maybe 20 plus years ago, we get these emails, and it was some rich prince from some country you’d never heard of wants to give you money. Just give them your bank account number, and it was clearly a phishing scam. Nowadays it’s getting harder. The lies are more believable, fewer spelling errors. Sometimes it even looks like your bank. Talk about what to do if you’re unsure.
Shane Thomas 14:52
Yeah, the bad guys, unfortunately they’re really smart, and unfortunately they use their smarts for bad purposes.
James Derrick 14:59
I mean they have kits, right? I mean, they buy online kits that help them do this.
Shane Thomas 15:03
They do.
James Derrick 15:04
It’s an entire business.
Shane Thomas 15:05
It’s an entire business. It’s a service. If you’re a bad guy, you can go out there and buy a whole kit that will help you figure out how to, you know, hack something, how to spoof people, how to hack people. And it’s a whole kit. And they have, you know, they have tech support for their own bad people. Like, if you don’t know how to make it work, they can help you make it work. We have to be vigilant. And so if you suspect that it’s something, that it’s a phishing email, if you suspect that it’s that it’s not from your actual bank, then just go to your actual bank’s website and see if there’s, you know, something, and maybe they have a message center that say, Hey, we sent you paperwork. And if you you know, you were suspicious of the email they sent, and they should have a link right inside of their own bank portal that shows what information was included in that. If you feel that it’s, you know, your aunt sending you some kind of video or link or a picture and you weren’t expecting it, you can just delete it, or call them and say, Hey, did you really mean to send me that PDF attachment of or a spreadsheet or a Word document? And if they said, Oh yeah, it was, you know, the the list for Christmas cards or whatever, then Okay, great. And if not, then just delete it. Don’t open it.
James Derrick 16:19
The number of of emails and text messages come is unbelievable and and oftentimes, like, you know, I’ll get one, it’ll say, well, Amazon’s unable to deliver your package with a little link. And it’s like, Amazon doesn’t send messages like that.
Shane Thomas 16:34
No.
James Derrick 16:35
If the bank sends me an email, I’ll usually in not click on the link, even if I think it’s legitimate, I will pull up the website directly from the web browser and then log in instead of using their link. And I have to admit, I think almost every time it has been a legitimate email, but I think that habit makes me feel better about it.
Shane Thomas 16:58
Sure, well, and most of the time the email is something that says, hey, you know, you’ve got a new notification about something, and click here to go there. Well, what if that link that you’re clicking isn’t actually going to your bank and it’s going somewhere else? And then you enter your credentials into that website, and they take those and then they actually go and use those on the real website and go in as you so that’s where, once again, turning on the two factor authentication can help, because then they wouldn’t be able to get into that website with just your username and password. They would need that code as well. So jumping back to the email, the best thing would be, yeah, go just go directly to your bank’s website, log in, look for the message center, or call them. Call them, say hey, I got an email and it said you had questions about the account or the whatever, and they should be able to look in there and see if it was legitimate or not, and if it wasn’t, just delete it. You know, when in doubt, delete it.
James Derrick 17:54
You don’t do anything else, just delete it. What about you mentioned over sharing? And I have to admit, this is kind of a nebulous idea. Could you help me, help the listeners get an understanding of what does it mean to over share on on social media, in the public forum, and you know what kinds of things are stepping over the line?
Shane Thomas 18:13
Sure, oversharing comes from, you know, Instagram or Facebook, maybe Twitter, not so much, or X. The concern is sharing too much personal information that’s publicly available for people to use. Let’s say, for instance, you’re getting ready to go on an amazing trip, and you share all these packing ideas, or what things you’re taking, or all the suitcases and stuff that you have, all the things you’re taking with you, and you post that, and then you head out of town for a week or two or a month, and all this information is public. Well, then at that same time, anybody who sees that will know, hey, well, there’s nobody at their house. Nobody’s there for the next week or the month. Do you really need to share all that information?
James Derrick 18:59
And people do, though, people. People do this all the time.
Shane Thomas 19:02
And they do and it can set you up for becoming a victim and not even knowing that by sharing that information, bad guys can look at that and say, Oh, well, what could we do with this?
James Derrick 19:14
So I guess, if I’m a professional on social media, you know, that might be my business sharing some of those things, but if not, I should really think twice about what I’m saying.
Shane Thomas 19:23
Sure.
James Derrick 19:23
That’s fascinating, and what one final question, what if the worst should happen, and through one of these methods, or some other method, my identity is stolen? What do you do?
Shane Thomas 19:35
The first thing I would do is go to identitytheft.gov and right at the top it says what to do if you’ve been a victim of identity theft. The website will walk you through, ask you questions, what happened? Where did it happen? It’ll build out a plan and figure out what steps you need to take.
James Derrick 19:55
That’s great and very specific, and I can just imagine that in a situation like that. I’d be in a little bit of a panic.
Shane Thomas 20:01
And it could be that maybe they stole your credit card and used it for purchases, and then you you reached out to the credit card company and and got the charges stopped, and they’re reissuing a card. Maybe it could be simple as that, or it could be that you lost your wallet, maybe didn’t know about it for several days, and they used many cards. Maybe they took mail from your mailbox.
James Derrick 20:22
Maybe you don’t know how they got it.
Shane Thomas 20:22
And maybe you don’t know how they got it, and they’ve opened up cards or loans under your name, and you only discovered it because maybe you went to go buy a car, they pulled your credit and they said, well, we can’t lend you because you’ve got too many outstanding loans. And you thought, well, that’s strange that I don’t have any loans, or I only have one car loan. And then you look into it further, and you find out that somebody’s had stolen your identity and is using your good name for these other things. And so you find out about it. This would be a good step to take. Is jump on there, fill it out. It’ll ask you a bunch of questions about what’s going on and how severe the problem is, and build out a plan to get you back on track.
James Derrick 21:02
Excellent, excellent advice. Thank you for that. One more time that website.
Shane Thomas 21:06
The website is identitytheft.gov.
James Derrick 21:10
Identitytheft.gov. Thank you, Shane, for coming in and sharing all of this with us.
Shane Thomas 21:14
You’re welcome. Thanks for having me.
Thank you for joining the Power Up Wealth podcast. Smedley Financial is located at 102 S 200 E Ste 100 in Salt Lake City, UT 84111. Call us today at 800-748-4788. You can also find us on the web at Smedleyfinancial.com, Facebook, Instagram, Twitter, and LinkedIn. The views expressed are Smedley Financials and should not be construed directly or indirectly as an offer to buy or sell any securities or services mentioned herein. Investing is subject to risks, including loss of principal invested. Past performance is not a guarantee of future results. No strategy can assure a profit nor protect against loss. Please note that individual situations can vary. Therefore, the information should only be relied upon when coordinated with individual professional advice. Securities offered through Osaic Wealth, Inc., member FINRA/SIPC. Investment advisory services offered through Smedley Financial Services, Inc.® Osaic Wealth is separately owned, and other entities and/or marketing names, products, or services referenced here are independent of Osaic Wealth.
