Site icon Easy Prey Podcast

Identity Theft with Dana Mantilia

Easy Prey

“Data breaches are happening so often we are almost becoming numb to them. These need to be looked at very seriously.” - Dana Mantilia Click To Tweet

Identity theft comes in many forms. Children and adults can be victims of identity theft.  Each year there are over 9 million identity victims.  1 million of these victims are minor children. The worst part is that we often don’t notice a problem until we need to buy a car, house, or get a college loan. The clean-up process can be costly and time-consuming.  

Dana Mantilia is the founder of Identity Protection Planning.  Dana grew up in the car business.  She was running and still oversees her family’s car dealership today.  In 2014 they wanted to open an insurance agency so they could offer insurance to their customers, and shortly after in 2017 she decided to get into the identity theft world and business. 

Identity Protection Planning helps Americans protect themselves, their family, and businesses from identity theft and cybercrime. Identity Protection Planning was established to help educate, organize, and protect folks against identity theft. Her team established a user-friendly B2B software platform that allows agents, advisors, employers, and association managers to offer Identron identity theft protection plans to their clients, employees, or members.

We talk about identity theft, data breaches, and best practices for protecting you, your family, and your business.  Dana shares several practical tips and best practices that you can put in place today to help protect against identity theft. 

“We need to start looking at our information and our data as the most valuable asset that we need to hold on to and not be divulging.” - Dana Mantilia Click To Tweet

Show Notes:

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

“Your identity is great until it is messed up. The challenges identity theft can bring are monumental.” - Chris Parker Click To Tweet

Links and Resources:

Can you give me a little background on how you got into the identity theft protection business?

Sure, thank you for having me. First of all, Chris, a little history on me is that I grew up in the car business. My family had a Ford dealership. I was running that for probably about 20 years—I’m still overseeing the operation. Back in about 2014, we wanted to open up an insurance agency so that we could offer our clients auto insurance, home insurance, that kind of thing. Then, in 2017, started to want to get into the identity theft world, so we developed a product that we could offer directly to the consumers. We created a platform that allows financial advisors, insurance agents, anybody who has a pool of clients that they want to offer identity theft to that they can offer to them, direct their clients to their co-branded website and then everything gets tracked through the backend.

I just recently recorded an episode with Troy Hunt who owns a website called Have I Been Pwned, which tracks data breaches. We talked a little bit about identity theft. One of the things that's kind of interesting to me is I have a family member who was a victim of identity theft probably about 20 years ago. It's really neat to see the way technology and laws are finally catching up with what's actually happening.

In his case, he found out when he was filing his taxes and the government said, “Hey, you've already filed your taxes.” “No, I haven’t.” He started digging and found out that there were people in multiple states using his name and his social security number to earn income. Unfortunately in many of those states, they didn't actually pay the taxes that were due. And so as governments do when you don't pay your taxes, they sue you or they sue who they think is you. They did that and of course those particular individuals never showed up in court. Therefore, there was a default judgment against this individual for those tax liabilities.

He was stuck for several years trying to figure out how to unravel a lot of these lawsuits that had been filed against him. In many cases, he actually had to pay the taxes that this other person was supposed to pay and then come back afterwards to say, “Okay, we've proved that it's fraudulent, can I get my money back now?”

Yeah, you're actually right. That's the problem. They have to pay first to start cleaning up the mess, and then they won't reveal any information of the person that filed those taxes because there's a confidentiality situation there, which is kind of disturbing to think that this person stole your information and they have a privacy right that you can't get your information. It turns into a big mess and it does get very expensive sometimes to start the process. Maybe eventually you'll get some of that money back and there's a lot of time involved in that, too.

Yeah, and for most people, you don't even know where to begin to start going through this. I suppose we should take a step back and talk about what identity theft is, because I get a lot of people approaching me saying, “Hey, my identity has been stolen, can you help me track down this fake Facebook account?” “Well, no.” Yes, someone has created that account that looks like you, or they've created a Twitter account or something like that, but in the terms that we're talking about today, that's not really identity theft. Can you tell me more about what identity theft is really in the context of this conversation?

Yes, we're more specifically talking about someone using someone's social security number to get a loan, to get a job, get credit, file taxes, that kind of thing. Especially, too, with the children, because the synthetic identity with children is a big thing. What they do is they'll take that child’s social security number and then with a fake name and a fake date of birth, they apply for a credit card. They often go to the bank and the credit bureau says, “We don't have any record of this name and social security going together, but do what you want.” The bank’s like, “We’re going to decline this,” so they decline it. Then the identity theft does it again and there you go. Same thing: goes to the bank, goes to the credit bureau and credit bureau says they don't see any credit history there, but what they do see is that a credit file was started back whenever the first submission was put in.

The bank will say, “Well, you don't have any credit history, but we’ll give you a small maximum each month.” Start there and then boom—that social security number is off to the races. Someone could get a job, they can build upon that credit for years and years and years without a parent really having a clue that anything's even going on. And then maybe when the poor child is 18 and applying, maybe for a college loan, that's when the mess starts to get unraveled and that's a terrible situation to be in.

That's got to be pretty difficult, because now you're not trying to unravel something that happened last week or last month—this could be something that has been…

Going on for years.

Ten-plus years, that's been going on uncontested, unchallenged…could be particularly difficult. In those sorts of things, what are the other best practices that you should be doing with your kids to help them protect their social security number and their credit?

Yes, the best thing to do is just freeze their credit. There's two different ways to freeze credit. Adults you can do online, children you can't. But if you go online, they’ll give you the directions. I also have directions on our website. You can go there and check that out. It's a paper document that you fill out and you send it off. That way, the credit bureaus know that there should not be any activity going on at all with that social security number. That's probably the best bet.

The other thing is that some camps, schools and all that are using outdated forms where they're still asking for social security numbers, even though they don't know it. We have a little thing that we made up. It’s called a social security number deterrent card. If someone does ask for someone's social security number, you just clip the little card to the paperwork and you say, “Hey, I know you're looking for this but I’d really rather not give it to you unless you really need it.” If they do really need it, and sometimes they may say, “No, we don't really need it, but maybe you can use your parents driver's license number or something like that.” So that's a little bit of security there. Not giving it out as much as we possibly can. Not giving out a lot of personal information online, especially the kids. They're telling everybody everything and anything about them. They could be friends of the world and that's a big problem—over-sharing information.

I know in the dark ages, when I was going to college, I remember at one point looking at my student ID, and printed on my student ID—and if you're in college, you do lose paperwork and things like there's no tomorrow—my student ID number was my social security number. Every time I checked out a book or whatever, that number got written down and tracked. Looking back at it now, I'm like, oh my goodness.

Yeah, it's crazy, I know. Even the Medicare cards were social security numbers up until just a few years ago. We’re using that number for everything.

Yeah, it was a single identifier that, unfortunately, is very easily used. Are there some general things that people should be doing to protect their identity, some best practices?

Yes, I think there's a couple things. Like I mentioned, freezing your credit. Also, there's informed delivery, which is a part of the Postal Service, offered for free. They will take a picture of your mail each morning and then all that mail should be in your mailbox when you get home. It's a good way to cross-check that there was a credit card offer that was in the mail this morning and I don't see it here, maybe somebody took it out. It's also a good thing for you to claim it before someone else claims it so that they're looking at your mail and seeing what it is that's going to be showing up in the mailbox. That's definitely a good thing to do.

Going and claiming your Social Security Administration accounts through ssa.gov is a very important thing to do. You can do that at any age. Make sure you claim it and nobody else can be in there, and that's a good thing to do. Different passwords for different accounts, everybody has the same password that they use for the last 20 years for every single thing and the same email address.

Just to give a little example on that, let's say, for example, GrubHub, a little food delivery service, had a data breach. You take that email on that username, which is probably the same, and the password that someone's using for every single thing. Now, they have the email and the password. Let's just say that they happen to say, “Let's go try Bank of America and see if this person has that,” and that's what they do. They'll keep looking around, looking around, and looking around. That would be sad if they can get into one of your bank accounts or your credit card accounts or something like that.

I know everyone says it's a really, really big pain in the butt to do that, so my new suggestion is to say maybe we can get a new email address just for the financial accounts. That way, all the other stuff—Facebook and all your other social media accounts—you can use the one that you've given every sales clerk since you were 18 years old that asked for your email address. But for your banks and your credit cards, it’ll be a little bit more secure with a different one.

Yeah, I always definitely recommend people to use a password manager that creates a password for you that's really complex. There’s disadvantages, like if you don't have the password manager app with you, you're not going to remember that it's aT45!Z. But definitely using a password manager these days, I would say, is almost a requirement for people. People want to maybe alarm themselves. I have recently recorded an episode with Troy Hunt from Have I Been Pwned, which is an email data breach service. You type in your email address and that service will tell you everywhere that that email address has been involved in a data breach.

It's a little bit alarming because if you can see, “Oh gosh, my email address was on that LinkedIn breach, it was in that Yahoo breach, it was in these 15 other breaches and, oh my gosh, I've used the same password.” That means basically anywhere you use that password, somebody knows it and it's effectively no security whatsoever.

Yeah, that's for sure. We have a new application that's coming out on our website that is going to do that same thing. Underneath it, it will show you exactly which breach it is, what year it was, what was actually given out in addition to that email address. It's really, really cool. I saw the prototype, so hopefully that will be done—I don’t want to say next week—maybe in a couple weeks.

It's a great addition to have the awareness of data breaches. It will help people to realize, “Okay, I do need to take this sensitive information and be a lot more concerned about how I use it and where I use it.”

Yeah and they're happening so much, we’re almost becoming numb to them—another data breach, another data breach. No, this is a serious thing, every single time there is a data breach, it needs to be looked at seriously. Not just another one.

Yeah. So speaking of sensitive information, what about those Facebook quizzes?

Facebook quizzes. Stop doing Facebook quizzes, everybody. Some of those Facebook quizzes are actually created by identity thieves. If you ever noticed that some of the personal information that they're asking for are some of the security questions to your logins for your credit card, your bank accounts and all that is not a coincidence. It's more personal information that you're giving out. We need to start looking at our information and our data as our most valuable asset that we need to hold onto and not be divulging everything and anything about us that someone can collectively put little pieces together. Then, they really have all the pieces of a puzzle.

Yeah. What are some of the questions that quizzes asked that if you hear this question being asked, it should be a red flag for you?

Well, I think there are a bunch of them. Anything that's familiar to you: what’s your favorite baseball team, what's your high school mascot, what year were you in fourth grade, something like that. They are little things that you're just giving out. What was the name of the elementary school that you went to? Little things like that, and they start to be able to say, “Okay, well then they grew up here, and then they were here.” That kind of thing. Facebook is bad enough that we all celebrate our birthday on there. Everybody loves their birthday on Facebook—your third grade friend, your college roommate, everybody's wishing you a happy birthday. That's the good thing about it. The bad thing about it is that it really helps dissect your social security number when people find out what your date of birth is.

Yeah, I bet. One of the other things I've seen is these quizzes or little games like, “Hey, we’ll tell you where you're going on vacation if you tell us the street name that you lived on growing up, your favorite elementary school teacher, and the name of your first pet.” You're gleefully like, “I want to see where I'm going to go out for dinner tonight.” Little do you know, you've effectively given the security questions to your bank account.

I see those happen now and I'm like, no, no, please stop entering these things.

I know, but people don’t believe me when I tell them they should stop doing this. They're like, “Oh, they're not really doing that.” Yes, they are. They really, really are. I call myself the grim reaper now whenever I'm walking around talking to people. Like, “Okay. Oh, here she comes again. She can tell us something bad.” I think, first of all, really start learning about this stuff.

Yeah. I'd rather be the grim reaper with no identity theft than a happy-go-lucky person, but all my money is gone.

What are some of the things that an identity theft prevention service helps you with if, heaven forbid, you’ve had your identity compromised?

If you call the restoration center, they're going to help you. If there are any forms that need to be filled out, they'll get a power of attorney involved so they can help you out with some of those forms. If there are certain government agencies that you need to contact, they'll let you know which ones they are, and how to contact them. They'll just stay with you the whole entire time until your identity gets restored back to pre-incident status.

I think personally, it’s a good peace-of-mind thing because when something like this does happen, you'll wonder, “Who am I going to call? Where do I start with this whole thing?” Now you know you're going to call the restoration center and then they're going to be with you the whole time. If you have any questions, you can call them back and ask them. It's a little bit of a good feeling knowing that one person is going to be on your team all the way until the end. Until it gets cleaned up.

That's going to be a certain amount of peace of mind to me. I think I would know, “Okay, I know who the three main credit bureaus are. I think I can figure out how to get ahold of them,” but it's all the nitty-gritty of the, “Okay, if something happened to my Social Security Administration account, or someone who is reporting taxes, I won’t even know. Let's go to the State of California’s website and try to find the right contact.”

Right. If someone does file taxes under your name and then you're trying to clean up the mess, and you're getting a text that you owe more money, they won’t even give you the information of the person that fraudulently did file taxes because there's a privacy situation that goes on there, which is a little crazy.

It's where the privacy laws work against us instead of helping us, which is a really crazy nightmare. We were talking a little bit earlier about data breaches. We talked about specifically your social security number, but are there other pieces of information that you should really be, kind of, not necessarily red flags about giving out, but are really starting the question, “Why does this entity need this bit of information about me?”

Well, I think anytime anybody is asking for any kind of personal information, you really need to stop, and pause, and say, “Why is it that they really needed to know this?” I think any identifier—your driver's license—that would be something that maybe you’d ask, “Why do you really need to have that?” That kind of thing. Medical insurance fraud is a big, big thing now. Keeping really close tabs on your insurance card. If that falls in the wrong hands, the next time you need a surgery under your name, that's not going to help.

It’s everything. We just need to reel everything in a little bit. I think we used to be a lot more private and then online came into our world. It's just like, “Hello, everybody. Look what I'm eating for lunch. Here’s my favorite pet’s name.

It's funny because there's a place that I go every now and then to grab a sandwich, and they've got this little clipboard to sign up for their email list sitting out there in public. It asks, what's your name, what's your email address, what's your birthday, and what's your anniversary, because we're going to send you discounts. I understand what they're doing, but why are you leaving this out in public? This is like, give me an email address, a name, and a phone number, and a date of birth, and I can probably find out their social security number. I can probably find out all sorts of other crazy stuff about you just with that small amount of information being left out on a restaurant counter.

Another thing I want to just discretely mention, too, was our phones. Everybody should have either a fingerprint lock, or some kind of a gesture that they do, or a password, or a passcode, or something on that phone. Most of our apps just stay logged in, they're just tracking everything we do all the time anyway. But also, they can get into your Amazon account, or they could just click on your Facebook account, your LinkedIn account. If you lose that phone, that's not good, because that's going to be a way that they can just continue on, and go in, and change your password. Now they can log in somewhere else, that’s one little step you can do. It's kind of a pain sometimes. You’ve got to take that extra step to do that, but once you get used to doing it, it's a very, very good security measure to put in place on your phone.

Yeah, absolutely. I'd even avoid doing the four-digit passwords. Do something a little bit longer, whether it's six, or eight, or different symbols, or things like that that you can do on different phones. We also recommend people turning on two-factor authentication on bank accounts and wherever it’s possible.

Yes, absolutely. A two-factor authentication is a big deal. Again, it's another little step that we have to take, but once you get used to doing that little step, it goes much quicker, and it's not really even an issue. It's a great security measure and it's definitely worth it anywhere you can. Especially on the important accounts like you were saying—banking, credit cards, that kind of thing. You should have that.

One of the things I was remembering that's good to do that works on most Google and Android phones is you can enable a service through Google and through Apple that allows you to remotely wipe your phone. If you lose your phone, you have the ability to go on to the Apple website, or go on one of Google's websites, and basically type your username and password, and just wipe the phone entirely.

That's great. I don't know how to do that, but I'm going to figure that out so I can make a video on it because that will help a lot of people. Especially if there's something that you need to do before. That way, you can get to the phone from wherever you're logging in.

Yeah. Some of those actually have a phone locator service built in with it so you can try to track down your phone.

I remember one time I was traveling internationally and I put my phone down, luckily with a password. I turned around and was doing something, turned back around and my phone was gone. I'm like, this is horrible. Traveling internationally without a phone is not fun to do. The first thing I did was get on the laptop. To me, it wasn't even about seeing if I can find the person in the airport that has my phone, but I was like I just need to wipe this thing before they turn it off, before they power it down, before they have a chance to muck with it. I need to wipe this thing. That way, no one has access to it.

Another thing I think people should do—I just learned this the other day—on your phone, you can go and you can see where we signed up for these apps and the terms of agreement. It’s this 45-page long thing. No one's reading it—they just click okay. There's a thing you can go on and you can see which apps have access to your microphone, your photos, your contacts, and your location. I saw it right there. All these apps have this access to this, this, this.

My husband and I always joke that whenever we’re talking about things, the next thing we know, the next day, there's an app for that, and we didn’t even type anything in. We were just talking about it. You weren’t listening.

It can be a little disconcerting at times and a little scary. Identity theft is really one of those things where your identity is great until it's messed up. Then suddenly, you can't get a loan, you potentially don't have access to your social security funds if you're in that age bracket. The challenges that it can bring have to be just monumental.

The issue is also you may not find out that this is even going on until maybe you are sitting at that car dealership trying to buy a car and they say, there's an issue with your credit. And you say, “What do you mean?” That's not what you want to find out, that something's going on, but that's usually when people do. They're getting a mortgage, or they're getting some kind of a loan, or a car payment, or car loan, or something like that. That's when it shows up, because people aren't in the habit of saying, “Let me check my credit today.” That is another good thing I would suggest to people is that one time per year on each of the three different credit bureaus, you can run your credit for free.

If you spaced it out around the year, you could utilize all three of them throughout the year. So if anything new jumps onto the radar there, you can at least take a look at it. But again, that's one of those things everybody says they're going to do, but they don’t do it.

That's the challenging thing. Similar to the fact that everybody should back up your computer. Everybody is great about it for the first couple of days, but if it’s not an automated process, if it's not something that's done behind the scenes, our human nature is we're just not going to do it. Which is why identity theft protection services, and identity theft insurance, is such a valuable service. Because it's something that we're not good at and we don't want to spend the time doing, if we can even remember to do them.

That's the thing—we’re busy. We can't beat ourselves up for this stuff, but we just have to realize that there's a different thought process we have to go through to get in the habit of changing passwords. Get in the habit of doing these different things, that's just the new way of life that we have to keep in mind.

Yeah. Identity is one of the things you want to be able to go to bed at night not worrying about and having that peace of mind, having that comfort that, “Okay, someone's got my back. I don't have to worry about this.” It's not a service that's going to cost you $10,000 a year to get. Those services were relatively less than a phone bill every month I'm sure.

Yes, by far less than a phone bill.

If people want to learn more about the products and services that you guys offer, how can they get ahold of you?

To check out our identity protection plan, you can go to identron.com and the plans are right there. There's some comparisons to some of the other plans that are out there that you can take a look at. There's two for individuals and there's one that’s for family. That's a good plan too to have. A little peace of mind.

You were talking before about children. I don't have kids, so I don't know when kids get social security numbers. At what point should you look at getting a plan for your children?

This is interesting. In this country now, most kids are getting social security numbers right when they're born. Part of it is because the tax offset that the parents are getting. It's funny because I have a couple of friends up in Canada that are into the cyber security world and they said Canadians don't get theirs until I think it's either their senior year in high school or when they get a job. Because again, it's for their tax purposes, not the parents’ tax purposes. At least they have a few years better than we do. I mean, we've got these little babies with these social security numbers, and they're not being used really for anything until they turn 18. I would say as soon as you can. As soon as you get your hands on that social security number, they should be freezing it.

Are there any other products and services that you're coming out with in the near future that you can give us a heads up on?

Yes. We have a cyber security plan for businesses that's coming out—small businesses. It's very non-techie, and it's very affordable. Basically what it does is it puts a plan together so that if you do have a data breach and the FBI shows up and they say, “What did you do beforehand to help protect your client’s information?” Everybody will have the same answer. You'll be able to show them all of the training that you guys have done—incident plan, all that stuff. But it's very, very, very simple.

We don't talk about malware or any of the technical side of things. We talk about a kid in the backroom on Twitter telling everybody that he thinks we had a data breach at work today. Nobody wants to have that kind of communication going on. There may be or maybe it's not even a data breach actually happening. That's going to be a fun little project that's coming out, I think in about a couple of weeks. And it's all about being able to answer these questions. Because again, when the FBI comes in and says, “Can you answer these questions? Can you answer these questions?” So that’s what we named it. We named it CYA.

I like that one.

Because it’s a CYA too, and it can help you answer.

It works both ways.

Yes, it does.

Exit mobile version