Protect Your Online Identity!

Protecting Your Personally Identifiable Information (PII)

Your personally identifiable information, or PII, is any information that can be used to uniquely point to who you are. Some examples of PII are your Social Security Number, driver's license number, and credit card number. Keeping your PII safe is important for many reasons, one of which is keeping your identity secure. If your PII is compromised, scammers can use it to gain even more PII. If that happens, they can assume your identity to make purchases or exploit your bank account.

The first step in keeping your PII secure is to verify that people are who they say they are. If you get a call from someone claiming to be from your bank, for example, don't hand over your PII without asking any questions. Instead, ask the caller to verify your other information, and have them give you a phone number where they can be reached. If they are hesitant to do either of those things, there's a good chance you are dealing with a scammer.

Unfortunately, you can't always trust your caller ID, either: Scammers can "spoof" a company's phone number, meaning that when a scammer calls, the actual company name will show up. So, be sure to ask them verifying questions!

You can take additional measures to secure your PII, such as shredding documents with sensitive information, mailing important documents from the post office instead of putting them in the mailbox, doing your online banking from a privately used computer, and leaving your Social Security card in a secure spot in your home.

For more information, read the Department of Homeland Security's handbook on safeguarding your PII.

Stay Informed about the Latest Scams

According to Money Gram, over 4 billion phishing emails are sent each day in an attempt to trick unsuspecting victims into providing personally identifiable information (PII). These emails ask people for their financial account information in a malicious attempt to get their money. These phishing attempts include lottery scams, overpaid check scams, fake sweepstakes notifications, and scammers posing as oversees immigrants who are offering you money.

7 Red Flags That You're Getting Scammed

The first step in protecting your identity is to know what to look for. Below are 7 red flags to tip you off that you might be getting scammed.

1. The company or person does not provide you with an address or phone number where they can be reached.
2. They require you to act immediately for you to reap the benefits of their offer.
3. The pitch sounds too good to be true.
4. You're asked to wire money to a third party, usually in another country.
5. When you try to navigate away from the website, the site hijacks your browser's back button so that you cannot leave the website (or creates pop-up boxes that force you to stay on the website).
6. You receive an official-looking envelope in the mail, even though you've never heard of the company.
7. When you Google the company's name, your search yields the company's name along with words like "review," "complaint," "scam," and "fraud."

What to Do If You're Scammed

As soon as you think your information has been compromised, report the scamming incident to regulatory authorities such as:

• Federal Trade Commission: www.ftc.gov
• State and Local officials: www.consumeraction.gov/state.shtml
• Postal Inspector: www.postalinspectors.uspis.gov
• Internet Crime Complaint Center: www.ic3.gov
• Better Business Bureau: www.bbb.org

What Nelnet Does to Protect its Borrowers

To protect your information, Nelnet complies with all security regulations and enacts extra measures to ensure that your PII stays safe. Some of these safety measures include:

• Omitting or truncating PII on statements and correspondence
• Checking our safety controls to ensure regulatory compliance
• Encrypting and securing our digital information
• Making sure that all of our digital devices are secure

Terms to Know

• Social Engineering—the art of manipulating people into performing actions or divulging confidential information.
• Phishing—the attempt to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
• Vishing—the criminal practice of using social engineering over the telephone, usually using features facilitated by Voice over IP (VoIP), for the purpose of gaining private personal and financial information.
• Spear Phishing—phishing attempts directed at specific individuals or companies.
• Whaling—phishing attacks that are directed at senior executives and other high-profile targets within a business.
• Evil Twins—the creation of a fake wireless network that looks similar to legitimate public networks in places like airports, hotels, and coffee shops. Whenever someone logs on to the bogus network, fraudsters will try to capture their passwords and/or credit card information.