Simple precautions can help you avoid unauthorized use of your identity and financial information. Keeping your personal information secure is a top priority at TIAA-CREF. We have significant safeguards in place, and continuously monitor and implement technological and procedural improvements to increase data security.
According to the Department of Justice website, "Identity theft refers to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain."
Identity theft is the unauthorized use of such personal information as your name, Social Security number, credit card or bank account numbers, or other identifying information by someone else.
A phishing email looks like it comes from a reputable company, one with whom you may even do business. The email asks you to click a link to visit a seemingly legitimate website — such as TIAA-CREF's — where you are then asked to enter or confirm your personal financial information, such as your Social Security number, financial account numbers or passwords.
You must practice extreme caution because phishing websites seem authentic and often include a company logo. By simply clicking on the email link, you can enable thieves to secretly install a virus or software program that records and transmits everything you type, including your passwords. Those behind the phishing scam can then collect whatever data you enter and use it to access your personal accounts.
If you receive an email claiming to be from TIAA-CREF that seems fraudulent, please forward it to us immediately at firstname.lastname@example.org
The following warning signs can help you spot a phishing scam:
Scam emails typically ask for personal or account information such as:
Be suspicious of demanding messages that threaten to terminate or suspend your account if you do not quickly respond. They may say that if you fail to update, verify or confirm your personal or account information, access to your accounts will be suspended. Legitimate businesses do not request personal information from you over an unsecured website.
The wording is often careless and contains misspellings.
Web spoofing involves a fake website that mimics the legitimate site you were trying to visit. You might land there by accidentally keying in an incorrect web address, or by linking to it from a phishing email.
To make spoof sites appear legitimate, criminals may use the logos, graphics, names and codes of the real company's site. They may also attempt to fake the web address in your browser window and the padlock that appears in the lower right corner — all with the intent of leading you to believe that it is safe for you to enter your personal information. If you take the bait, the spoof site may route the information you enter to criminals. This personal information can include your Social Security number or other personal identification numbers, credit card information or financial account numbers.
The Fair and Accurate Credit Transactions Act of 2003 allows consumers a free credit report from each of the three credit bureaus every 12 months.
You should obtain and review a copy of your report at least once a year to better secure the integrity of your financial credit. You can get a copy of your report from:
For more information, and to order your free credit report, visit the Federal Trade Commission online.
Contact the following agencies if you have been the victim of identity theft:
Federal Trade Commission
Identity Theft Clearing House
Hotline: 877 438-4338
IDD: 202 326-2502
Fraud Hotline: 800 269-0271