the fraudulent acquisition and use of a person’s private identifying information, usually for financial gain.
Identity theft can is invasive and can cause damage to one’s finances, medical records and reputation. Practicing safe computing habits can help you protect your information and the personal information of our students, faculty, staff, and patients. The university offers several services to help protect against identity theft, including two-factor authentication with WashU 2FA, encryption services, Workspace One (Airwatch) Airwatch, and VPN protection and access.
- Don’t click.
Instead of clicking on any link in a suspicious email, type in the URL or do search on wustl.edu for the relevant department or page. Even though a website and/or URL in an email looks real, criminals can mask its true destination.
- Use trusted wi-fi.
When at the café or the airport, you’ll often see many available networks in the area. Be cautious of public wi-fi. Even when accessing a coffeehouse network with a posted password, hackers who also have the password can access your information. Entering social security numbers or credit card information on these networks isn’t advised. Hackers can also create fake networks with deceiving names to mimic the location. Validating the network with staff or through the business’s website is important.
- Don’t Respond.
Do not respond to emails asking for passwords or personal information.
- Keep it close.
Do not leave laptops, tablets, or mobile devices unattended. Thieves can use this as an opportunity to access the information on your device or to steal your device.
What To Do If You’re A VictimIf you become a victim of identity theft, there are some things you can do to minimize the damage.
- Make sure you change your passwords for all online accounts. When changing your password, make it a sentence that is 12 or more characters long, and make it unique to that account. You may also need to contact your bank and other financial institutions to freeze your accounts so that the offender is not able to access your financial resources.
- Close any unauthorized or compromised credit or charge accounts. Cancel each credit and charge card. Get new cards with new account numbers. Inform the card companies that someone may be using your identity, and find out if there have been any unauthorized transactions. Close accounts so that future charges are denied. You may also want to write a letter to the company so there is a record of the problem.
- Think about what other personal information may be at risk. You may need to contact other agencies depending on the type of theft. For example, if a thief has access to your Social Security number, contact the Social Security Administration. You should also contact your state’s department of motor vehicles if your driver’s license or car registration is stolen.
- File a report with your local law enforcement agency. Even if your local police department or sheriff’s office doesn’t have jurisdiction over the crime (a common occurrence for online crime that may originate in another jurisdiction or even another country), you will need to provide a copy of the law enforcement report to your banks, creditors, other businesses, credit bureaus and debt collectors.
- If your personal information has been stolen through a corporate data breach (when a cyber thief hacks into a large database of accounts to steal information, such as Social Security numbers, home addresses and personal email addresses), you will likely be contacted by the business or agency whose data was compromised with additional instructions as appropriate. You may also contact the organization’s IT security officer for more information.
- If stolen money or identity is involved, contact one of the three credit bureaus to report the crime (Equifax at 1-800-525-6285, Experian at 1-888-397-3742 or TransUnion at 1-800-680-7289). Request that the credit bureau place a fraud alert on your credit report to prevent any further fraudulent activity (such as opening an account with your identification) from occurring. As soon as one of the bureaus issues a fraud alert, the other two bureaus are automatically notified.