Are you vulnerable to privacy attacks and identity theft?

This doors format is that of a bingo card with different tasks and tips to consider which can increase your personal security. Below the board is a short explanation of that door, together with useful links to more information. Some of these points are probably well known to most of you, such as setting up a password manager, but maybe I can still give a few important pointers.

In 2019, I finished my Master Thesis on how to detect Identity theft in online banking. Working on this gave me insight into how people may commit identity theft, and how you can protect yourself against it. It is honestly quite shocking how some very simple steps can give a significant increase in your personal security.

1. This is one of those tips we always see, and with good reason—a password manager is essential to keep up with good password policies. Take a look at this blog post by H. K. Henriksen from 2018 to learn more about why you should have a password manager.
2. Many identity thefts happen between close relations. It might be a close family member or someone else that you have let into your home. Get control over where you have sensitive documents or code generators, and in so doing, limit who might have access to them.
3. Go through your old passwords and make them great (again). If you wonder about how to make the best possible passwords, we've got you covered.
4. The times we leave our mobile just laying about is honestly a bit scary when considering how much sensitive information we have on it. Adding password protection to your mobile should be a no-brainer. Make sure that you do not use the same pin on your lock screen and a banking service (e.g. Vipps or BankID on mobile). If you do that, you might accidentally let others log in to your bank. This is especially important for protecting yourself against familial identity theft.
5. What information can you find out about yourself online? Use this information to construct a social engineering attack that you might fall for. Knowing is half the battle; If you recognize possible attack vectors, then maybe you will think twice if you are ever the victim of such an attack.
6. What information did you manage to find about yourself? Take this opportunity to once and for all remove some of that information you know should not be there.
7. This brilliant service, created by security researcher Troy Hunt, can tell you if your email account is part of a known data breach. They also offer to notify you if your email is part of a future data breach.
8. Go through privacy settings on services that you use (e.g. Facebook, Google). Remove anything that you do not agree with. Maybe even get rid of the service altogether, if it’s too privacy-invasive.
9. Do you and your partner have a shared account for which only one person owns the account, and then simply share the login credentials? If so, you should stop reading this, and go create a proper shared account for which you can both log in using your respective user accounts. This is extremely important in case one of you ever were to misuse the shared account. At least in Norway, the registered owner of that account will be held accountable no matter who did the misdeed. Most banks should offer a simple way to create such a shared account.
10. This links back to nr 5. It can be bothersome to constantly having to re-enter a password on your phone. Adding a biometric access option can reduce this burden, as well as mitigate against shoulder surfing. Many people let their family members know their screen-lock password. Just remember that even if you do this, then you should at least never add their biometric information as a valid unlocking option. I’ve seen people add their partner’s biometric information on their phone, forgetting that that person now also might have access to other personal information on their phone, e.g. a password manager, or banking services.
11. Do you recognize all transactions in your bank statements? Even small, innocuous values can add up after time.
12. Look at app permissions on your phone. Remove what you can. Apps ask permission for the strangest thing. Sometimes, these permissions make sense to fulfill the app’s purpose, but in my experience, this is more the exception than the rule.
13. At least in Norway, it is possible to block others from making a credit check on you. Barring access to credit checks can prevent identity theft, such as someone taking up credit loans in your name. It is, of course, possible to remove this block later, in case you need to take up a mortgage. Datatilsynet describes how to do this.
14. Take some time to install software updates. Check both your PC, mobile, and other devices you may have.
15. Have a look at recent activity for your accounts. Do you recognize all listed units? Delete anything you do not recognize. If you become overeager, you can always renew the permission later. At least you are no longer logged into that loan mobile you used while your phone was in for reparations.
16. How do you feel about someone having access to anything on your phone or computer? If this makes you even the tiniest bit queasy, encrypt your devices. Luckily, many phones encrypt their data by default as long as you have added password protection. Take a few minutes to check how your devices handle encryption.