I generally advise people not to create accounts if they can avoid it and to close most accounts that they no longer use. However, there are a handful of odd accounts that you should absolutely claim if you haven’t done so already – before bad guys do it for you. Like the intrepid Duck Dodgers of the 24th and 1/2 century, you must boldly plant your flag.
So many websites today require you to set up an account, even if the site is free. They will often tout the benefits of creating an account, like allowing you to access special content or ‘personalize your site experience’. However, the real beneficiary is usually the site itself – tracking your usage, selling your data and allowing them to send you marketing crap. But at least you are aware that you have an account since you made a conscious choice to create it.
However, there’s a small but important set of accounts that almost all of us have but may not be aware of, either by virtue of being a citizen of a modern country or by being a consumer who doesn’t live off the grid. And if you don’t actively claim and secure these accounts, bad guys may claim them in your stead and cause you a lot of grief. You may have zero need or desire to access these accounts online, but you still should stake your claim to prevent criminals from abusing them in your name. In all cases below, you should also set up two-factor authentication (2FA) wherever possible.
As a citizen in a modern country, you have several governmental accounts, tied to your national ID. In the United States, this would include things like the Internal Revenue Service (IRS), Medicare and the Social Security Administration (SSA). Note that you will have accounts for the IRS and SSA even before you need them. You probably also have state and local accounts for taxes and voting. If a cybercriminal knows enough about you (name, address, social security number, birth date) they may be able to register and take control of these accounts. They may then file fraudulent tax returns, divert payments, or hijack benefits. The US Postal Service even has a free service that lets you see what mail you have coming called Informed Delivery, which has been abused by bad guys. Even if you have no intention of using these accounts online, you should claim them and set a strong password.
- Social Security Administration (at any age)
- Medicare (if you’re old enough to qualify)
- Internal Revenue Service
- United States Postal Service (USPS) Informed Delivery
- Local Dept/Bureau of Motor Vehicles (DMV/BMV)
- Local tax, property, and election agencies
While not technically governmental organizations, credit bureaus often feel like them. You didn’t ask for accounts with these agencies, but you have them, regardless, and you can’t close them. You should register with each service to claim your account. And while you’re there, you should freeze your credit and perhaps also enable a fraud alert. (Don’t be fooled by “credit locks” or other similar distractions – you want a credit freeze.)
If you haven’t set up your online account access for your financial institutions, be sure to register those, too. Online banking is plenty secure and extremely convenient. But even if you don’t plan to use it, you should claim the account and lock it down with a strong password and 2FA.
- Credit cards
- Investments (including 401k and 529)
- Mortgage company (and any other loans)
As a consumer, you almost surely have several accounts with local utilities and services. You may get monthly paper statements and have them set up for auto-pay. But what you may not realize is that you have an online version of these accounts, as well – even if you’ve never bothered to register and log in. Bad guys can use access to these sorts of accounts to steal your identity and commit other types of fraud.
- Utilities: gas, electric, water, sewage, garbage
- Services: cable, satellite, internet, cellular, landline phone
- Insurance: home, auto
- Medical: patient portals for your main doctor(s)
One last note… if you’ve been with the same internet service provider for many years, you probably have a free email account associated with that account. If bad guys figure out how to co-opt that account, they can use it for spam and scams. Check with customer support – if you have an email account there, ask them to help you connect to it and then see what (if any) activity there’s been there.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!