Branch lobbies are closed effective Friday, March 20. See the latest information about the COVID-19 outbreak. READ NOW.

Routing Number: 307070050
Search Our Site
Type a word or phrase in the search field below. If you are unable to find the information you are looking for, please contact us.
Kirtland Federal Credit Union logo

Welcome To The Insighter!

Explore the latest happenings at Kirtland FCU and learn about important topics from around the financial world. Here’s your insight!
To learn about retirements, investments and financial planning, check out Invested now.

All Posts > Security

Security Fraud

2020 is the year of the big 10-year U.S. census, a count of every person in the United States. The 10-year census, as well as the smaller and lesser known annual American Community Surveys, are an essential tool for states and local municipalities, as well as the federal government, to properly budget and allocate resources. 

The surveys ask some pretty unusual questions—such as what time you leave for work—and as such tend to spark more than a few phone calls from citizens concerned about fraud. Because of these unusual questions and the blanket method with which information is collected during the 10-year census, it can be difficult to tell the difference between a legitimate census communication and a fraudster’s attempt at capitalizing on the survey to steal your information.

Census-based fraud can happen year-round and may come in the form of fraudulent mailings, phone calls, e-mails, texts and even in-person visits. 
  • You receive an e-mail communication. Like many government agencies, you’ll almost always receive official communication via regular mail.
  • You’re asked for bank information, Social Security numbers, passwords or password hints (such as mother’s maiden name). A real census worker will never as for this information
  • You’re threatened by a census worker or communication. Taking part in the census is required by law, and you can be fined, but not imprisoned, for refusing to do so.
If you experience any one of these, you may be looking at a scam.
Verify that a census taker who comes to your home is legitimate. They should have a Census Bureau photo ID badge (with a Department of Commerce watermark and an expiration date) and a copy of the letter the bureau sent you. You can also search for an agent’s name in the Census Bureau’s online staff directory. Don’t give your Social Security number, mother’s maiden name, or bank or credit card numbers to someone claiming to be from the Census Bureau. Genuine Census representatives will not ask for this information.
Do confirm that a questionnaire you’ve received is on the Census Bureau’s official list of household or business surveys. Don’t reply, click links or open attachments in a suspicious census e-mail. Forward the message to
Do contact the bureau’s National Processing Center or the regional office for your state to verify that an American Community Survey or other census communication is genuine. Don’t trust caller ID — scammers can use “spoofing” tools to make it appear they’re calling from a real Census Bureau number. Call the National Processing Center at 800-523-3205, 800-642-0469 or 800-877-8339 (TDD/TTY) to verify that a phone survey is legitimate.
Do check that a census mailing has a return address of Jeffersonville, Ind., the site of the National Processing Center. If it’s from somewhere else, it’s not from the Census Bureau.  
Do check the URL of any supposed Census website. Make sure it has a domain and is encrypted — look for https:// or a lock symbol in the browser window.  

You can report suspected scams to the regional Census Bureau office serving your state and to the Federal Trade Commission (online or at 877-382-4357).


Security Fraud

Puerto Rico. California. Florida. Australia.

What do all these places have in common? They’ve all experienced a disaster or event that prompted an outpouring of donations and an influx of charity involvement in the recovery efforts. And there’s no question as to the willingness of people to give. In 2017, Hurricane Harvey became the second-costliest storm on record in the United States, causing an estimated $125 billion in damages. In the three months following the storm, at least $1.07 billion is estimated to have been donated to U.S. nonprofit organizations in response, according to a study by the Indiana University Lilly Family School of Philanthropy and the Center for Disaster Philanthropy. More than 30 percent of U.S. households made a disaster-related donation in 2017 through a variety of sources.

Image from U.S. Household Disaster Giving Report, Indiana University Lilly Family School of Philanthropy and the Center for Disaster Philanthropy.

After a disaster, donations tend to explode. In fact, most donations are made in the first six weeks following a disaster and have all but tapered off six months later. The first few weeks after a disaster, especially one with high-profile news coverage, are prime season for fraudsters who capitalize on the disaster and peoples’ desire to make a difference by posing as a charity organization.

In August of 2019, as Hurricane Dorian approached the shores of Florida, the BBB Wise Giving Alliance and the Better Business Bureau offered advice on how to make the most of your donation in the face of a disaster and how to spot a fraudulent attempt to divert donations.

Hurricane Harvey relief workers hand out supplies. Photo courtesy of michelmond /

After a disaster, donations tend to explode. In fact, most donations are made in the first six weeks following a disaster and have all but tapered off six months later. The first few weeks after a disaster, especially one with high-profile news coverage, are prime season for fraudsters who capitalize on the disaster and peoples’ desire to make a difference by posing as a charity organization.

In August of 2019, as Hurricane Dorian approached the shores of Florida, the BBB Wise Giving Alliance and the Better Business Bureau offered advice on how to make the most of your donation in the face of a disaster and how to spot a fraudulent attempt to divert donations.

Give directly to reputable organizations
Well-established organizations are the most experienced in working with disaster relief and recovery. They often have strong local ties and will know how to work together with other agencies as well as governments.

Watch for look-alike charities
It’s not uncommon for organizations to pop up in an attempt to collect a portion of a massive volume of donations being made in the wake of a disaster. Many fraudulent organizations will create names that are similar to legitimate organizations. And even new, legitimate charities may be well-intentioned but not well-positioned to help immediately. Check with for a list of credible charities assisting with recovery efforts or with the IRS’ Tax-Exempt Organization Search to make sure you’re dealing with a legitimate organization.

Understand crowdfunding
The explosion of online crowdfunding—the collecting of money for a project or venture by raising many small amounts of money from a large number of people—has made it very easy for fraudsters to cash in after a disaster. If you’re going to donate via a crowdfund, it’s best to makes sure you know the owner personally. The person running the crowdfunding campaign isn’t necessarily the person who you want your money ending up with, and you’re trusting that they’ll follow through on their promises.
Beware direct requests for money
If you’re contacted by someone you don’t know on social media or via e-mail in a direct request for donation funds, you should hear alarm bells in your mind. Legitimate organizations that you aren’t already affiliated with will likely not reach out to you directly to request help. Be even more concerned if that person is requesting gift cards or P2P payments (Apple Pay, Paypal, etc.) Likewise, do not click on links in unsolicited e-mails requesting donations. DO NOT give out personal financial information to anyone who solicits a contribution.

Do not send cash
A cash donation is a bad idea. Leave a paper trail for tax and security purposes by using a check or credit card to make a donation. If something goes wrong, you have avenues you can follow with your card company and documentation of the amount and where it was supposed to go. Checks have to be cashed somewhere. When you hand over cash or gift cards, the trail ends—and if you’ve given your donation to a fraudster, you have no path for recourse. 

Report suspected fraud
If you receive an e-mail requesting donations and suspect it may be fraudulent, report it to the IRS.

We know the desire to help is nearly overwhelming in the days and months following a disaster. But by being aware of the dos and don’ts of donation, you’ll be able to avoid fraudsters and make sure your donation provides the maximum amount of relief in the right hands.


Security Fraud

Financial wellness—the ability to have a healthy financial life—hinges on budgeting, managing debts and making smart decisions for the long-term. Financial wellness allows you to handle medical bills, afford housing and transportation, and have access to the credit you need. Education and good habits go a long way toward being financially well!

But, in this technological age, there are many obstacles that can derail your financial wellness. A big one on that list? Identity theft.

In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses. The time and money a victim will spend trying to recover from identity theft is significant and can impact financial wellness. And the emotional toll that an identity theft can take could affect a victim’s job, relationships, and physical health. The growing prevalence of identity theft and fraud means that identity theft protection has to a be a part of the whole financial wellness package.

What YOU Can Do

  1. Monitor your credit report regularly - Catching discrepancies early can limit losses. Your credit report is free to you. Download yours FREE at and check for accounts or activity you don’t recognize.
  2. Consider dark web monitoring - While dark-web monitoring doesn’t actually scan these sites for your information, it can help detect your information if it appears when stolen data is uploaded to sell. Learn more about the dark web now
  3. Practice good identity theft habits - Keeping your important information secret, setting strong, unique passwords, and staying aware of popular scams can help prevent you from falling victim to an identity thief. Learn more about how to keep your identity safe.

Extra Protection

Kirtland FCU partners with Identity Fraud, Inc. to offer a comprehensive suite of protection products that help minimize your risk of becoming a victim of identity theft. Services can include:
  • SSN Monitoring – to catch thieves using your social security number
  • Credit Monitoring – to identify unusual activity so you can take action
  • Credit Card Monitoring – scours chat rooms and online activity for your credit card information to identify potential fraud
  • DataSweep Monitoring – to identify your personal information online and alert you
  • Identity Insurance – should the worst happen, you’ll be covered
  • Lost Wallet Services - a 24/7 support team that helps you act quickly to limit your losses, maintain your good credit, and replace your lost or stolen cards
  • Keystroke Encryption Software - helps protect your identity by encrypting your keystrokes and hiding them from hackers, malware and key loggers intent on stealing your sensitive credentials while using the internet.
  • 24/7 Unlimited Resolution & Prevention Assistance - Staff ready to assist you with fraud resolution, no matter what type or how you experience identity theft.
Cover yourself with these protective services, and more, for less than $3 a month!

Explore and sign up for Identity Fraud, Inc. coverage!

Security Fraud

“It’s an older scam, sir, but it checks out.”

If you’re holding a check, made out to you, you’re going to want to read this before cashing it. Fake check scams have been around for a long time. Technology has opened up new avenues of implementing the scam, but the scam itself remains relatively unaltered. If someone you don’t know wants to pay you by check, be aware—it could be a scam. It could start with someone offering to buy something you’ve advertised on Facebook or Craigslist. It could come in the form of a supposed job opportunity! Or, it could be an even more enticing story of a sweepstakes win! Whatever the method, this scam is still in play for one reason: it works.

According to the Better Business Bureau’s 2018 Scam Tracker Risk Report, check fraud exposure (the likelihood of being targeted by a given scam) nearly doubled from 2017 with a median loss of $1,500 per incident! Fake checks are also a tactic in other types of scams, including employments scams.

Three Common Check Fraud Scams
  1. The Craigslist Overpayment - This one doesn’t have to be on Craigslist, but it will begin with the victim listing an item for sale, in a newspaper or online on Facebook or Craigslist. A buyer will send the victim a check for the item in a greater amount than the buying price. They’ll make up a convincing excuse and ask the victim to deposit the check and then withdraw the overpaid amount and send it back, usually in the form of a gift card. The check will bounce, and the victim is on the hook for the whole amount.
  2. The Employment Advance - This tactic is a crossover with employment scams. Usually, the victim will receive a fantastic job offer and an advanced check to cover supplies or training. The rest of the story follows the same path as the overpayment scam above.
  3. Winners! - In this one, the victim will receive a check to cover “taxes” on a fictional prize. The victim then pays the “taxes”. A few days later, the check bounces, and the victim is left confused—and broke.

Source: BBB 2018 Scam Tracker Risk Report

If you do deposit a check that is not from a friend or family member, wait at least two weeks to be sure it clears before spending any of the money.

If the check is indeed fake and bounces, you will not be out any of your own money. If you’re receiving pressure to do so, it’s a big red flag that the check may be fake.

How To Avoid These Scams

You can save yourself a big headache by taking these simple steps.
  • Inspect the check
    • Is the amount what you expected? There is NO LEGITIMATE REASON TO WRITE A CHECK FOR MORE THAN A NEEDED AMOUNT. Make sure the check matches the transaction.
    • Also, check the personal details on the check. Look up the bank or business associated with the check and call to confirm its validity.
    • If certain items such as a signature, address, or bank logo that are usually on a check are missing, or words are misspelled, don’t cash it. 
  • Consider the reason for the check
    • Did you prompt the sending of the check, or did it suddenly appear in your mailbox? Take some time to do a little sleuthing. Research the person or company the see if the payment makes sense. Trust your instincts! If it seems too good to be true, well, it likely is.
  • Don’t use the money
    • If you have a check that doesn’t pass the sniff tests listed above, and you haven’t cashed it yet, DON’T. Contact your credit union to discuss your concerns. If you already cashed it or deposited it, don’t spend the money. Credit unions and banks are required to make your deposited checks available to you within a certain period—for example, a government or cashier’s check is required to be cleared one business day after deposit. If the check has not yet been identified as fake, that money would still be available to you, even though the check is bad. Once the bounce happens, banks and credit unions have the right to withdraw the check from your account, even if you already spent the funds. If your balance can’t cover that amount, you could be facing negative balances and many more headaches.
  • Alert the authorities

Security Fraud

Ah, technology.

Our high-tech world moves at lightning speed, with communication and tasks often happening in real-time. In many ways, security has lagged behind innovation. Now, new security measures such as two-factor authentication  have emerged to protect the vast amounts of information and money that is exchanged online. But criminals are beginning to exploit those extra security measures and options, and you need to be on the lookout for this latest ploy to access your accounts.

Financial partner CO-OP, which owns and operates credit union ATMs nationwide, recently warned Kirtland FCU of a tactic called ‘SMishing’—phishing (posing as a legitimate company) via SMS text messaging. And it’s effective because of the popularity of texting. According to the Pew Research Center, 97% of Americans send at least one text every day. 

What The SMish?
SMishing, according to CO-OP, is a text is designed to look like an automated text communication from a legitimate company. There are two different methods of SMishing that we’ll discuss: the SMished text alert and the SMished two-factor. 

SMished Text Alert
Criminals in possession your debit card details and other forms of personally identifiable information (PII) are spoofing credit union phone numbers in an effort to fool credit union members into thinking that the text messages are actually from the fraud department of a particular credit union. Fraudsters are sending text messages under the guise of trying to validate recent card activity and are including hyperlinks within some text messages.
Fraudsters are also using text messaging to deceive credit union members into providing card-related data and login credentials. A typical SMishing occurrence can begin with a member receiving a text message inquiring about a suspicious transaction on an account. In reality, the fraudster is looking to obtain other information from members such as debit card numbers, CV2 codes, expiration dates, PINs and other web login credentials.

Before we go into how to spot one of these texts, you should know that there ARE legitimate texts that can come in from your credit union (especially if you’ve registered for Text Alerts  Online Banking login, transaction alerts for your cards, or use Text Banking. But there are key differences between a SMishing text and a valid text transaction alert).
SMishing Text Contains Legitimate Text Contains
A vague reference to a bank or no reference at all An abbreviated version of  your credit union's name
No specific card information The last 4 digits of the card number
No specific transaction information The amount of the transaction detail
No merchant information Merchant details
Hyperlinked phone numbers and/or web addresses No hyperlinks
Requests for card numbers, CV2 codes, passwords, PINs, expiration dates Reply options of: YES, NO or STOP (to opt out)

The SMished Two-Factor

Have you opted in to two-factor authentication for your financial accounts? Many companies and financial institutions are now offering two-factor authentication  as a way to make logging in faster and safer by requiring not only a username and password but the entry of a one-time code, sent through a different channel (usually e-mail, text, or voice call). Which means that if a fraudster obtained your username and password to a specific account, they would also need to have access to your e-mail account or phone to obtain the one-time code—an unlikely situation. Thieves are now calling members, posing as credit union employees, to get you to turn over the code while you’re on the phone with them!

While on the phone with a member, the fraudster logs into a credit union Online Banking site. When the one-time code is sent to the member’s phone, the fraudster asks the member to provide the code as a means to validate the member. When the information is shared with the person the member believes is a credit union employee, the fraudster uses the code to finalize access to Online Banking, which is typically followed by changing the Online Banking password and transferring funds from member accounts.

How To Miss The SMish
  • Be aware! By simply knowing of the possibility of a SMishing attack, you can keep an eye out for the signs
  • Never provide information via text. A legitimate credit union employee or alert text will never ask for personal information to be sent over unsecured channels, and you will NEVER be asked for your Online Banking password or two-factor code outside of your login attempt.
  • Never click hyperlinks in texts. Legitimate requests to validate card activity will request a simple response of YES or NO. They will not include hyperlinks to other websites or ask for any personal info.
  • Don’t believe the caller ID. It’s amazingly easy to spoof a phone number—to make it look like a call is coming from a legitimate source.
  • When in doubt, check! You can always call the credit union (Kirtland FCU member, call 1-800-880-5328) to check on the validity of a transaction alert or to report a request for information that seems, well, phishy.

Security Fraud

As cybercrime and identity theft continues its relentless increase in both prevalence and sophistication, are you taking advantage of all the ways you can increase security for your own accounts?

Passphrases > Passwords

‘Password’ is a terrible password. So is 123456 (alarmingly, the most common password in the nation). Why? Because these passwords are simple and easily guessed. And while an overly simple password is easy to remember, choosing one is the equivalent of installing a lock made of cotton balls on your front door—not what you want protecting your identity and your money. The problem is that long and complex passwords are not only difficult to guess (which is good) but difficult to remember (bad for the user).

The National Institute of Standards and Technology has recently revised its recommendation of using complex passwords in favor of using a passphrase—a sequence of words and other text. Passphrases are naturally much longer than passwords, making them more secure (usually).  Longer passphrases result in more “randomness” generally, making it hard for computers to figure it out—shoot for 4-5 random words (not ones that form a sentence or borrow from quotes or sayings).

The difference between passwords and passphrases is eloquently illustrated by science comic blogger Randall Munroe (XKCD):

If you have the option to use a passphrase (no requirements for special characters and no limit on length) do so! You will likely find that many of your apps and websites have yet to implement this change in recommendation with their own password requirements, so if you cannot choose a passphrase, make the password as random and as long as possible and avoid these common pitfalls:
  • Don’t use family names, birthdays, or other information that could be found elsewhere. (Make it hard to guess.)
  • Don’t use the same password for every application. (Make it unique.)
  • Don’t use short or common passwords like QWERTY or 123456. (Make it strong.)
If you have access to a password protected computer, you can use a password manager like Dashlane or LastPass to generate and remember tough passwords for your logins. Some browsers will also generate and remember your passwords if you ask it to, but be careful about using this functionality if anyone else has access to your computer. And DON’T use this option if you’re on a public computer or connected to unsecured Wi-Fi. In fact, don’t log into any program while connected to an unsecured Wi-Fi. It’s scary easy to steal information over an unsecured Wi-Fi connection.

The Two-Factor Option

Have you set up two-factor authentication yet? Many programs now offer this secure method of login, and you should be taking advantage of it. Google, for example, offers two-factor authentication: when you type in your Google password to log into Gmail or another of Google’s apps, you’ll also be asked for a second entry of a six-digit code that is texted to your phone (or sent to you via the Google app on your phone). Once an account’s two-factor authentication is set up, a thief would not only have to possess your password but your physical phone to access your account

Don’t want to enter a six-digit password every time? You can set Google to remember a personal computer but require two-factor authentication on new devices. Or, if you have a security key like this Yubico, you’ll be prompted to plug it into your computer’s USB port or touch it to your phone to complete the two-factor authentication—literally a physical key for your account! And a physical security key is about as safe an option as you can find.

Many sites and apps offer two-factor authentication—Facebook, YouTube, Google, various password managers, and many financial institutions, including Kirtland FCU Online Banking!

Online—you should be here!

If you’re thinking, “Geez, it’s too risky to be online! I’m just going to do banking the old-fashioned way, with checks and branch visits,” you might want to reconsider. Most financial institutions offer some version of online banking options, and if you don’t claim yours and set up your own passwords and security, you leave the path clear for a thief to do it for you. And you won’t have any way of knowing something has gone wrong until you get your next banking statement a month later! Setting up Online Banking and checking your accounts often allow you to:
  • Catch fraud and theft early
  • Limit losses
  • Secure your accounts with your own passwords and options
Technology is changing and improving every day. Make sure to take advantage of the latest options offered by each account and login you set up.

To register for your Online Banking account with Kirtland FCU, give us a call at 1-800-880-5328.


Security Fraud

It’s a buzz term that gets thrown around during discussions of data breaches and identity theft— the “dark web”.

You may have even seen advertisements for services that are supposed to alert you—or even claim to be able to remove your information—when your information is discovered there. But what is the dark web, and how can you keep yourself safe if your information ends up on one of these sites?

The dark web is a network of websites that can only be accessed with a special browser that renders the user anonymous and untraceable. Sites on the dark web make up about 3% of all websites and while not every site accessible on the dark web deals in illicit activity, it’s easy to see the appeal for an identity thief. After a data breach, information often floods the dark web, offered up for sale as a bundle of information for as little as $10 per bundle.

Many services will offer to scan the dark web for your information. Finding it is one thing; eliminating it is another. The former will allow you to take action to protect yourself. The latter is all but impossible.

Beware any service offering to scan the entire dark web

Because that’s impossible. The ever-shifting landscape of the dark web makes it impossible to crawl every site. One of the major differences between the normal web and the dark web, besides the multiple re-routes built between a user and a site, is the suffix of the sites themselves: sites on the dark web often end in .onion and have an incomprehensible string of numbers and letters before it. The last count of onion sites according to a 2017 Vice article was 1,208,925,819,614,629,174,706,176. And it’s not unusual for a site to appear for 12 hours and then vanish. We can’t even count these sites accurately, never mind crawl them in any kind of reliable fashion.

What a site will do to “scan” for your information is likely to look at the latest data dumps: files of information that do often end up on the dark web.

If you do a scan, and your information is found on the dark web, here are a few things to remember.
  • No service can erase your information. There’s no putting the genie back in the bottle. You should be leery of any service offering to erase your information.
  • Consider account alerts. Early detection of fraudulent activity can help you limit losses.
  • Mitigation is the name of the game. If you are alerted that your information is on the dark web, the best idea is to freeze your credit to limit fraudulent activity with your social security number. You should also order new credit and debit cards.
  • Monitor your credit frequently. Look for any unusual activity so you can take swift action.
  • Practice good security hygiene. Keep your data and passwords as private as possible.  Read here to find out more

Security Fraud
2019 is sliding into fall, but the Social Security scam calls are still hot. And people are still losing scary amounts of money because of them.


Consumer protection agencies call it the "Social Security impostor scam."

You get a call with a warning that your Social Security number has been suspended because of suspicious activity or because it’s been used in a crime. You are asked to confirm your number or told you need to withdraw money from the bank and buy gift cards in order to resolve the situation.

The phone call may be a robocaller with a message to "press 1" or dial a particular number to speak with a "support representative" from the government to reactivate your Social Security number. Or it could be a live person making threats against you for crimes committed with your Social Security Number unless you confirm certain information or send money to clear up the charges.


The scammers may even use technology to spoof your caller ID to make it look like the Social Security Administration is really calling.

In the last 12 months, people filed more than 76,000 complaints about Social Security impostors, reporting $19 million in losses. The median reported loss last year was $1,500, the FTC said.

People are asked to give up the personal identification numbers (PINs) on the back of gift cards or use virtual currencies like Bitcoin to pay. (According to the FTC's consumer alert, people withdrew money and fed cash into Bitcoin automatic teller machines.)

After handing over the gift card numbers to the "Social Security office," one consumer interviewed by was told he would receive a refund equal to the amount he paid to unfreeze his account from the Federal Reserve. Of course, the refund never came, and the man lost nearly $20,000.

The scammers can be clever, and they will try new stories and new methods in order to keep their scam effective and claim the most amount of money they can. With numerous data breaches that have hit corporate America, fraudsters may already have accurate personal information about you, including your real Social Security number. The information is used to build trust and make the call seem more legitimate, he added.

How you can stay safe:

According to and the FTC, here are some important things to remember:
  • Social Security will never suspend your number, according to If anyone tells you something different, you're being scammed.
  • Social Security will never call you and demand money. No government agency will demand you pay something using gift cards or Bitcoin either.
  • Don't trust your phone's caller ID. Scammers can make it look as if the Social Security Administration is calling and even use the agency's real number.
  • Don't give your Social Security number, birth date, home address, or any other personal information, to a caller on the phone.

If you have a question, check with the real Social Security Administration. The administration will never contact you out of the blue. The agency's number is 1-800-772-1213.

Talk about the scam with friends, family and neighbors. Report government impostor scams to the FTC at

No legitimate business will call you to request your Social Security number, including Kirtland Federal Credit Union. Feel free to hang up on these calls. If you would like to check the legitimacy of a call, you can always initiate a call to the business yourself to check.

Security Fraud

It’s errand day! Get some Social Security numbers, pick up the birth dates, and open the fraudulent accounts—it’s a busy day for a thief.

You’ve seen warnings to “protect your identity”. But what information is most dangerous in the hands of a thief. What are they looking for that you may not be thinking of?
  1. Your Social Security Number When the Social Security Administration began assigning to employees via post office “typing centers” in November of 1936, it would have been hard to visualize how integral that identifier would become in everyday life the following century. More than just a way to claim Social Security benefits, our Social Security number has been adopted as the primary piece of identifying information used to transact business with the government, with your employer, with your financial institutions, and more. And it’s GOLD for a thief, opening doors to other pieces of information that would make it easy for a thief to impersonate you while opening accounts and incurring debt under your number and your name.
  2. Your Birthplace and Birth Date Do you post your birth date on your social media pages? While it’s an easy way to keep friends in the loop, your birth date is often used as another personal identifier on government documents and with financial institutions. And coupled with other activity on social media such as joining a group for your high school class, a thief wouldn't have a hard time figuring out the month, day, and year of your birth. And having your birthday float around the internet, especially attached to your real name, can be dangerous should a thief come across the information. The same is true for your place of birth, a piece of information that’s often used as a secret question for online account access.
  3. Your Financial Account Numbers Your bank account numbers, your credit and debit card numbers, even account numbers for your healthcare are prime items for identity thieves. Your financial account numbers provide direct-line access to your money and your credit. Combined with other info like your PIN, full name, birth date, and Social Security number, an identity thief hits the jackpot with this information.
  4. Your Banking PINs Coupled with the account numbers we just talked about, your PIN is the key that unlocks the treasure for an identity thief. PINs can be swiped with equipment like cameras at an entry pad (like a gas station) or even just guessed. Despite warnings, many people continue to choose 1234 and other easy-to-guess combinations as PINs. And if a longer PIN is available, use the longer form. Longer is more secure.
  5. Your Card Expiration Dates and Security Codes If you’ve ever used your card online or over the phone, these are the two pieces of information that are required to process transactions in addition to the card number. You can prevent a thief from using your card online, even with the account number, by keeping this information out of a thief’s hands. Beware any phone call or e-mail that is asking you for this information—it isn’t harmless!
  6. Your Address (Home and E-mail) Phishing attacks  work because the thief dangles easy-to-look-up information about you, making their request for more information or money seem to legitimate. And your e-mail address is 50% of MANY online logins if you’re like many others. It may be impossible to keep this information entirely secret but avoid inserting it social media posts. No sense making it EASY for the thief, right?
  7. Your Driver’s License Number Frequently asked for on government documents, your driver’s license number can make it much easier for a thief to go to the motor vehicles department and get a copy of your ID printed (in combination with other pieces of information or forged documents). With a printed form of government-issued ID, a thief can wreak havoc on your credit and your life. It’s easier to mine other pieces of information and open fraudulent accounts in your name. This number should be treated with almost as much care as your Social Security Number. This also goes for passports, taking the theft international.
  8. Your Phone Number Another piece of information that can be almost impossible to keep private. But be aware that in a thief’s hands, your phone number is a line to you. In combination with a name, a simple phone call to you to gather more information or coerce you into sending money is all it would take for a big payday. Some phishing calls are sent to random number: the thief doesn’t know anything about you. But with a name and a number? The attack can be a lot more personalized and harder to detect.
  9. Your Full Name You may not think this is valuable information, but it sure makes opening fraudulent accounts easier! And since many online merchants ask for your name as it appears on your card to complete credit card transactions, it’s easier to guess how it appears with a full name.
  10. Your Affiliations, Members, and Employer Remember how little pieces of valid information can be used by a thief to turn a phishing call into a target spear phishing attack? These pieces of information are perfect for that use. For example, if a thief knows you work for ABC Corporation, he can do a little research to come up with a logo. Spoof an e-mail address from that company that looks legitimate with the ill-begotten logo, and he can send e-mails to you or that appear to be FROM you to others.


Some of this information is really hard to keep secret; some is completely in your control. Here are a few tips to stay aware and safe.
  • Do not carry your Social Security card with you. This is not wallet material. Leave it at home in a secure place with other important documents.
  • Don’t write this information down. Leaving your Social Security number or other important information laying around, even without other identifying info, isn’t a great idea.
  • Be aware of your surroundings. If you’re asked for your Social Security number or other information to complete a transaction that you initiated, make sure there isn’t anyone around to eavesdrop. And if you are asked for that information during a phone call that you did not initiate, do not reveal it.
  • Don’t have your place of birth as a secret question if that information is available publicly.
  • Don't write any of this information down.
  • Keep track of scams. Many types of scams try to trick you into sending your financial information to a scammer, including dating site scams and IRS scams. Read about the most common types of scams to watch out for. 
  • Don’t write it down. It can be tempting to write down your bank card numbers to use online or lend your card to a family member to run an errand. But once your number is out of your hands, you have no control over who sees it.
  • Don’t post seemingly innocuous information online. Social media is a well-stocked pond of information for a thief. Using your full name, real birth date, posting photos with your address in them, or posting an e-mail address in a public area of the web are bad ideas.
  • Set hard-to-guess PINs and passwords. 1234 and 2580 and 4444 are all equally bad PINs. Make your PIN harder to guess with non-repeating and non-sequential digits. And ‘password’ is a bad password.

The key to staying safe is keeping as much information private as possible. And, if it’s not possible, be aware that others can gain that information and use it against you. Double check suspicious e-mails and unsolicited phone calls before revealing additional information or responding to requests.