Swiped Book Review: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves

Looking for a useful resource on minimizing your risk of identity theft? Check out the book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves by Adam Levin. I’d like to share my summary of the book with you. I also encourage you to read the book for yourself!

Swiped Book Review And Summary

The book is a useful resource for minimizing your risk of identity theft. It covers both theory and practice, teaching you how to have a security and privacy mindset, and also giving specific protective steps to take, online and offline. Unfortunately, it’s repetitive, giving the same advice multiple times.

Levin says, “Identity theft cannot be prevented, but it can be contained. Be paranoid. Be ready.” In other words, although you can’t prevent identity theft, you can reduce your risk, and minimize the damage if it occurs. He frequently cites the nonprofit Identity Theft Resource Center.

Levin walks through his “3 Ms” framework:

1. Minimize risk of exposure
2. Monitor accounts
3. Manage damage

Here are my notes from the book.

Part 1: An Overview of the Problem

What’s in a Name (and a Number)?

Anonymous data doesn’t provide as much privacy as you think. Science Magazine reported a study that connected specific people to specific purchases from this publicly available anonymized data: receipt, Instagram post, tweet, or Facebook post about their recent purchase or favorite restaurant.

Swiping Happens

• If you get a message asking you to call, independently confirm the phone number, to ensure the number belongs to the party you think it does.
• Don’t use the same usernames or passwords on multiple websites.
• Disable geotagging on camera and photos.
• Don’t use free Wi-Fi for sensitive data without confirming it’s the right network, and secure.

Part 2: The Basics of What You Can Do

Understanding the Problem Is the Solution

A minor whose identity is stolen can suffer from bad credit or other problems later in life.

Identity theft victims can be arrested for crimes they didn’t commit, be added to no-fly lists, be denied employment, suffer health problems due to corrupted health records.

Conclusion of Science Magazine report referenced earlier: the more time you spend on social media, the greater your vulnerability to hacking. Every piece of data you share increases your attack surface.

The Three Ms

1. Minimize risk of exposure
2. Monitor accounts
3. Manage damage

Minimize risk of exposure

• Don’t share too much info with people you don’t know, online or offline.
• Use long, strong passwords.
• Secure all devices (settings, anti-malware software)
• Use two-factor authentication whenever possible.
• Shred documents that contain personally identifiable info (PII) or sensitive data.
• Don’t carry anyone’s Social Security cards.
• Don’t carry your Medicare card if you can help it.
• Limit the number of credit and debit cards you carry.
• Don’t use simple or easily guessable PINs.
• Don’t send usernames, passwords, or PII by email or other insecure messages.
• Use a separate email account for online shopping.
• Be aware of risks (scams, malware, oversharing on social media, etc.).
• Turn off devices when not in use.
• Don’t authenticate yourself to anyone who contacts you unsolicited.
• Set privacy controls tightly and review them frequently.
• Don’t take quizzes that ask for PII.
• Any time you connect a device to your network, read manual and replace default passwords with long, strong passwords.
• Securely store all documents containing PII. Shred them when you no longer need them.
• Destroy any hard drives you no longer use [or securely wipe them — CW]

SHRED protocols, from Identity Theft Resource Center (ITRC)

• S: Strengthen passwords
• H: Handle PII with care
• R: Read credit reports annually
• E: Empty purse, wallet
• D: Discuss these tips with friends

No company can prevent identity theft. To learn more about choosing an identity theft service provider, see IDTheftInfo.org.

Monitor accounts

• Regularly check credit reports from all 3 credit bureaus via AnnualCreditReport.com. Space them out throughout the year. Consider paying for more frequent credit reports from 1 or all 3 credit bureaus.
• Enroll in transactional notification programs, which may be free through bank, credit union, credit card issuers.
• Enroll in programs that give access to credit score at least monthly.
• Consider subscribing to credit and fraud monitoring services, and set notifications as appropriate. Consider those that provide recovery services as well as monitoring.
• Check credit card and bank transactions daily, so you can catch fraud quickly.
• Consider setting fraud alerts through credit bureaus (Equifax, Experian, TransUnion).
• Monitor the credit of your children.
• Freeze your credit with each credit bureau.

Manage damage

Consider cyber liability, identity protection, and/or identity theft damage control, which may be offered by your insurance carrier, financial services provider, employer.

Hackers go after the weakest target. Keep increasing your security to distance yourself from weak targets.

Part 3: The Many Types of Identity Theft

Spies in Your Home: How the Internet of Things May Violate Your Privacy, Threaten Your Security, and Ruin Your Credit

Consider dumb appliances and devices to reduce the risk of smart ones.

Voice assistants (e.g., Siri), smart speakers (e.g., Amazon Echo), and audio messaging apps (e.g., Facebook Messenger) can theoretically allow hackers to listen to you.

A Taxing Situation

Ignore calls and emails from “the IRS”; IRS never initiates contact by phone or email; they only initiate via US mail. If in doubt, call IRS at 800-829-1040.

If you’re a victim of tax identity theft

• File report with local police.
• File a complaint at IdentityTheft.gov or call FTC at 877-438-4338.
• Place a fraud alert with 1 of 3 credit bureaus.
• Consider credit monitoring service.
• Close fraudulent accounts.
• Contact the IRS and complete Form 14039. If the IRS doesn’t reply, call IRS at 800-908-4490.

It’s a Hard-Knock Life: Child Identity Theft

More than 10% of all foster children are victims of identity theft.

May the Farce Be with You: Social Media Dos and Don’ts

Set social media settings to not tag you in posts by others until you approve them.

How to minimize the damage of Facebook hack

• Change your name or use a nickname.
• Don’t geotag photos. Don’t add location to photos.
• Put a false birth date (at least the wrong year).
• Lockdown privacy settings to limit what people can see.
• Delete past posts that provide PII.

From Dangerous to Deadly: On Healthcare Scams and Medical Identity Theft

Don’t give the medical offices the info they don’t truly need, such as SSN, PII of family members (names, birth dates, etc.).

Carefully check every Explanation of Benefits (EOB) for anything out of place.

Ask to check your medical records whenever you see a doctor or specialist. Look for anything out of place.

Wanted Dead or Alive: (But It’s Easier If You’re Dead)

Include post-mortem identity theft precautions in your estate planning, including granting Power of Attorney to a trusted family member. Have all post-mortem communications ready, so all your family needs to do is send the death certificate to appropriate parties. Signing up for identity theft protection that includes identity management and credit monitoring would be very helpful.

Immediately after death is a time of great vulnerability because no one is paying attention to the credit and identity of the deceased.

Part 4: Resources and Terms

Appendix 1: Fraud Stories

If you get a call from any institution about a financial matter or information security, ask for a phone number and hang up. Confirm the phone number is correct by checking the organization’s website.

Be wary of forming a relationship with someone who says they can’t meet in person, talk on the phone, or have a video call. Be suspicious of someone who always has emergencies. Those are signs of a scam.

What military personnel should do

• Put active duty alert on credit files.
• Grant Power of Attorney to a trusted spouse or loved one before you depart.
• Consider using an identity management service. Check with an insurance agent, bank, credit union, the HR department at work, your service branch to see what they offer. Look for credit monitoring and resolution services.

What elderly (and their children) should do

• Ensure anyone who works in an elderly person’s home has had a thorough background check.
• Freeze credit.

Appendix 2: A Glossary of Scams

If you ever win anything that requires you to pay, it’s a scam. Winners don’t pay before receiving prizes.

Report online fraud to Internet Crime Complaint Center at IC3.gov.

Appendix 3: Identity Theft and the Deceased: Prevention and Victim Tips

See Identity Theft and the Deceased – Prevention and Victim Tips (ITRC Fact Sheet 117)

Swiped Book Review – Final Thoughts

I recommend that you read the book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves by Adam Levin. The Resources page has additional cybersecurity and privacy books.

What You Should Do

Read the book. Yes, I’ve summarized it here, but that’s not a substitute for reading the book. In addition to giving specific protective steps to take, the book teaches how to have a security and privacy mindset. Here are a few tips I’ve hand-picked from the book:

1. If you get a message asking you to call, independently confirm the phone number, to ensure the number belongs to the party you think it does.
2. Don’t use the same usernames or passwords on multiple websites.
3. Disable geotagging on camera and photos.
4. Don’t use free Wi-Fi for sensitive data without confirming it’s the right network, and secure.
5. Use two-factor authentication whenever possible.
6. Don’t send usernames, passwords, or PII by email or other insecure messages.
7. Set privacy controls tightly and review them frequently.
8. Don’t take quizzes that ask for PII.
9. Any time you connect a device to your network, read manual and replace default passwords with long, strong passwords.
10. Destroy any hard drives you no longer use, or securely wipe them.
11. Freeze your credit with each credit bureau (Equifax, Experian, TransUnion).
12. Consider dumb appliances and devices to reduce the risk of smart ones.
13. On social media, put a false birth date (at least the wrong year).
14. If you get a call from any institution about a financial matter or information security, ask for a phone number and hang up. Confirm the phone number is correct by checking the organization’s website.