Edition 5: Freezing your Credit

TLDR: Freezing your credit on the 3 major bureaus - Equifax, Experian and TransUnion - prevents identity theft and other financial crimes. Freezing is free and does not impact your score or existing lines of credit. Unfreezing can be done in < 5 minutes online. Frozen is the proper default state.

Attack vectors: Identity theft, credit card fraud, other financial crimes

Threat: A threat actor visits an online lender or approaches a loan officer at a bank branch. They use your personal information lifted from a combination of data breaches, data brokers, poor online privacy to fool the loan officer or the online lender. Fake ID are sometimes even used. You, a creditworthy borrower with high credit scores, are a a safe bet. The lender issues the loan, credit facility or home equity line. The threat actor accesses the stolen funds. Months later you get an notice of an unpaid debt or an alert that your credit score has dropped due to a missed payment.

If you unfortunately experience identify theft, restoration of your credit can add to the nightmare. Even whencases are obvious, the lender is incentivized to fight back and drag their feet to avoid admitting fault. They employ teams of people to delay the process, silently encouraging you to give up. Currently, the IRS’s processing of Identity Theft Victim Assistance (IDTVA) cases average 506 days.

Identity theft and credit fraud are among the most common cybercrimes. The FTC, which conservatively only counts official complaints filed to their office, pegged fraud losses at $12.7bn for 2024. Their victim count was 1.1 million Americans for identity theft alone. According to a 2024 Javelin Strategy report, which attempted to also include unreported cases, losses were estimated at $23bn in the previous year. This is a 13% increase from their study a year prior. Criminals run businesses and this is one of their most profitable strategies, by any measure.

Source: Federal Trade Commission

Our recommendation: Freeze your credit on the major bureaus. Frozen is your default state. Unfreeze only when explicitly borrowing or making a purchase that requires a credit check.

Default state should be 'Frozen'

How it mitigates likelihood: When a threat actor approaches an online lender or a loan officer at a bank branch with your personal information, the lender needs to determine an interest rate to charge. They do by “checking your credit” or pinging the major credit bureaus - Equifax, Experian or TransUnion - for your score. With your credit frozen, the bureaus deny the request because a freeze means “no new credit for this person." Unable to assess your credit worthiness, the lender can’t price the loan. The discouraged attacker is rational and looks for another target with a more vulnerable default state.

Counterpoint: This is a rare Cyber Health case where there is no strong counterpoint. Freezing is free (as of 2018, the FTC mandated this). Unfreezing your credit on all 3 bureaus takes less than 5 minutes. Unfreezing can be done online, 24/7.

The only person who may not want their credit frozen by default is someone who borrows money very frequently. I mean weekly. They might view unfreezing as an annoyance. With this level of borrowing activity, we think a premium would actually be placed on security and think the default state should be frozen.

How Members of The Cyber Health Company are protected: If you already have accounts on the 3 major credit bureaus, you can take advantage of the automations in Castle Black, our account hardening co-pilot. Run the automations to freeze your crdit. (Note: if your credit is already frozen, this will NOT unfreeze). Here are the deeplinks to Experian, TransUnion and Equifax in Castle Black.

Use our automations in Castle Black to freeze your credit fast

We also offer a Financial Hardening Appointment, a white glove experience to reduce risk to your capital and credit. We start by verifying if you have online accounts at the major credit bureaus - Equifax, Experian or TransUnion. If not, we guide you through creating free accounts. You might think this is trivial, but these are for profit companies that conceal the free offerings and steer you to paid programs you don’t need. By law, the credit bureaus must offer a free version and we get you the proper account. With the online accounts created, we navigate to the free option when you freeze your credit. We also show you how to unfreeze your credit, should you need to lease a car or buy a piece of real estate.

During this appointment we also review account security of your most critical financial accounts - banks, brokerage, credit and more. We ensure you have complex and unique passwords, proper MFA, sensitive alerting to an email or phone number you check regularly, and opt you out of data sharing to increase privacy of your intimate financial data.

Jeremy Banon
Founder/CEO
The Cyber Health Company

About The Cyber Health Journal: This journal analyzes a product, feature or recent development in technology and how it impacts personal cybersecurity, online privacy and digital immunity.

About the Author: Jeremy Banon was hacked in 2016 and founded The Cyber Health Company in 2021 to help others avoid the same fate. The company provides the toolkit and team to support the personal cybersecurity, online privacy and digital immunity of high-risk individuals and corporate executives.