This is the archive of CPA Now blogs posted on the PICPA website through April 30, 2025. Want more recent blogs?
Do you know someone who has been a victim of identity theft or a loss related to the improper use of their personally identifiable information? Most people understand they must protect their Social Security and bank account numbers. What is becoming problematic is that personal information which may not be protected, and is publicly available, is now being targeted.
By Paul Pocalyko, CPA, CFF, CFE
We likely all know someone who has been either a target or victim of identity theft or some other form of loss related to the improper use of their personally identifiable information (PII).1 This is a large data set that is related to your life, and this information can expose you to fraud and theft.
What many people do not realize is that your PII takes many forms that can be compromised by new techniques. Most people are familiar with the more common PII that we’ve been told to secure for decades: Social Security numbers, birth dates, addresses, credit card numbers, and bank account numbers. What is becoming more problematic are those areas of information that are typically not protected, are publicly available, and are often used in your daily work or personal activities. These include, but are not limited to, your drivers license number, your passport number, your personal and work email address, your cell phone number, your employee identification number, the places you lived or worked in the past, your high school, your frequent traveler numbers, your student loan information, or your doctor’s name.
I was recently at a cybersecurity event2 where FBI agents and other professionals who specialize in these crimes provided an overview of the significant increase and sophistication of the criminal activity in the United States. My biggest takeaways were the following:
Here is one crafty fraud event that came to my attention.
A consumer – we will call him John – was in the middle of a home purchase. John received a call allegedly from the title company that was working with the mortgage broker. They were confirming the transaction and requesting John’s email. They kindly noted that he would be receiving closing instructions via an email, with a hardcopy to follow by regular mail. The email arrived noting that money should to be wired to the title agent account prior to the closing. In a typical transaction, one brings a cashier check to the closing. John went to the bank to make the wire transfer two days prior to the closing. Fortunately, the banking officer suspected that this was improper and had John call the title company. The fraud was discovered, and the wire transfer did not occur.
How did the thief know about John, the home purchase, and the loan? It stated with the property records, which are public information. The thief had contacted the current homeowner, who confirmed who had purchased the property and who was handling the closing. The thief tracked home sale data, property records, and found John, the target.
There is no absolute method to secure all your PII, but there are several simple steps you can take to protect the misuse and deter fraud. Here are 10 suggestions:
Employing some of the 10 techniques below will help you with early detection should a breach of your PII occur:
1 Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.
2 https://cybersummitusa.com/philadelphia19/
3 “There are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options." Eric Griffith, "Two-Factor Authentication: Who Has It and How to Set It Up," PCMag.com (March 11, 2019).
Paul W. Pocalyko, CPA, CFF, CFE, is with HKA in Philadelphia. He can be reached at ppocalyko@comcast.net.
To get more personal finance and small-business tips, subscribe to PICPA's Money & Life.