Security

Identity Theft

According to the Department of Justice website, "Identity theft refers to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain."

Identity theft is the unauthorized use of such personal information as your name, Social Security number, credit card or bank account numbers, or other identifying information by someone else.

Online Tips

Do not reply to an email or pop-up message asking for personal or financial information. Legitimate companies like TIAA-CREF will never ask for personal or financial information via an email or pop-up message.
Do not email personal or financial information. If you initiate a transaction, look for indicators that the message is secured, which can be validated by a lock icon at the bottom right-hand (or left-hand) side of most Internet browsers. Most email programs do not provide confidentiality via encryption, so be careful.
Use bookmarks or "favorites" to access known sites to avoid being lured to imposter sites.
Be sure to use updated anti-virus software. Some phishing emails contain viruses and software that can harm your computer. (See more on phishing below.)

General Tips

Shred unwanted documents that contain personal information before putting them in the trash. These include pre-approved credit card applications that you do not want.
Instruct your credit card company not to send you any blank checks in the mail. If you do receive checks, but do not use them, destroy them thoroughly.
Review credit card and bank statements immediately for unauthorized charges and contact the company if statements are more than a few days late.
Do not write down your passwords, and do not use dates of birth or names of family members as passwords.
Memorize your Social Security number instead of carrying your card with you.
Make sure you always take your ATM and credit card receipts after all transactions. You can always shred them later. (If a vendor still uses a "carbon" slip when processing your credit card, ask for it and destroy it thoroughly.)
Do not leave mail in your mailbox.
Always report lost or stolen credit and debit cards immediately.
Do not give your personal information over the phone, through the mail or online unless you are the one initiating the correspondence and you know the person or organization you are contacting.

Phishing

A phishing email looks like it comes from a reputable company, one with whom you may even do business. The email asks you to click a link to visit a seemingly legitimate website — such as TIAA-CREF's — where you are then asked to enter or confirm your personal financial information, such as your Social Security number, financial account numbers or passwords.

You must practice extreme caution because phishing websites seem authentic and often include a company logo. By simply clicking on the email link, you can enable thieves to secretly install a virus or software program that records and transmits everything you type, including your passwords. Those behind the phishing scam can then collect whatever data you enter and use it to access your personal accounts.

If you receive an email claiming to be from TIAA-CREF that seems fraudulent, please forward it to us immediately at abuse@tiaa-cref.org

The following warning signs can help you spot a phishing scam:

Requests for Personal Information

Scam emails typically ask for personal or account information such as:

Account numbers
Credit and check card numbers
Social Security numbers
Online banking user IDs and passwords
Mother's maiden name
Date of birth
Other confidential information

Bullying or Frightening Tone

Be suspicious of demanding messages that threaten to terminate or suspend your account if you do not quickly respond. They may say that if you fail to update, verify or confirm your personal or account information, access to your accounts will be suspended. Legitimate businesses do not request personal information from you over an unsecured website.

Poor Grammar, Spelling

The wording is often careless and contains misspellings.

Spoofing

Web spoofing involves a fake website that mimics the legitimate site you were trying to visit. You might land there by accidentally keying in an incorrect web address, or by linking to it from a phishing email.

To make spoof sites appear legitimate, criminals may use the logos, graphics, names and codes of the real company's site. They may also attempt to fake the web address in your browser window and the padlock that appears in the lower right corner — all with the intent of leading you to believe that it is safe for you to enter your personal information. If you take the bait, the spoof site may route the information you enter to criminals. This personal information can include your Social Security number or other personal identification numbers, credit card information or financial account numbers.

For additional information on phishing and identity theft, visit the Federal Trade Commission online and look for the following brochures:

How Not to Get Hooked by 'Phishing' Scam
ID Theft: When Bad Things Happen to Your Good Name

Credit Reports

The Fair and Accurate Credit Transactions Act of 2003 allows consumers a free credit report from each of the three credit bureaus every 12 months.

You should obtain and review a copy of your report at least once a year to better secure the integrity of your financial credit. You can get a copy of your report from:

Equifax 1 800 685-1111
Experian 1 888 397-3742
TransUnion 1 800 916-8800

For more information, and to order your free credit report, visit the Federal Trade Commission online.

If You Have Been a Victim of Identity Theft

Contact the following agencies if you have been the victim of identity theft:

U.S. Government Agencies

Federal Trade Commission
Identity Theft Clearing House
Hotline: 1 877 438-4338
IDD: 1 202 326-2502
Website: http://www.consumer.gov/idtheft/

Social Security Administration

Fraud Hotline: 1 800 269-0271

Related Information

C38971