Identity theft knowledge

What is identity theft?

Identity theft is when someone uses your personal information, like your name, Social Security number, or birthday, to impersonate you or steal from you. Thieves may steal from your bank and investment accounts, open new credit lines, get utility service, steal your tax refund, use your insurance information to get medical treatments, or even give police your name and address when they’re arrested.

It’s a growing problem in the US, with the Federal Trade Commission receiving 1.4 million complaints of identity theft in 2020, up 113% from the year before.Since a lot of daily life relies on computers and the Internet, it’s important to learn how to protect yourself online.

Types and warning signs

Credit identity theft

This happens when a criminal applies for a new credit line using your sensitive information. You might see an unexpected change in your credit score or an account you don’t recognize on your credit reports. The best way to prevent it is to freeze your credit.

Child identity theft

A criminal may steal a child’s identity and apply for credit in that child’s name. This often goes undiscovered until the victim applies for college loans or other credit. If your child is getting offers of credit cards or phone calls about late payments, investigate.

Synthetic identity theft

This happens when criminals use a patchwork of identity details to construct a fictitious person, using a Social Security number — often one of a minor child or one that is simply made up — that is not yet in the credit bureaus’ database and combining it with a name and address. They then apply for loans and credit cards, max them out, and disappear.

Taxpayer identity theft

Sometimes fraudsters use a Social Security number to file a tax return and steal your tax refund or tax credit. Filing early can help you beat criminals to filing in your name, and some states offer six-digit identity protection PINs (after a rigorous verification) with additional security.

Medical identity theft

Using someone else’s identity to get health care services is medical identity theft. It’s particularly dangerous because it can result in medical histories being mixed, giving doctors and hospitals wrong information as they are making health care decisions. If you’ve fallen victim, you’ll need to report it to your insurance company and inform your health care team..

Account takeover

Criminals can use personal data to access your financial accounts, then change passwords or addresses so that you no longer have access. Watch out for emails, letters or texts from your financial institution that refer to an action (like a password or email change) or transaction you don’t recognize.

Criminal identity theft

This happens when someone gives law authorities someone else’s name and address during an arrest or investigation. They’ll often have false identification, such as a fake driver’s license. If you’re detained by a police officer for unclear reasons, or if you’re denied employment or a promotion because of something found in a background check, you may have fallen victim.

How it happens

Lost wallet

When your wallet is lost or stolen, someone else may gain access to all the information in it. Don’t carry your Social Security card or more credit cards than you use regularly, and don’t keep a list of passwords and access codes in your wallet.

Mailbox theft

Someone simply takes your mail or forwards your mail to a different address, so that you suddenly stop getting most mail. Sign up for USPS Informed Delivery. You’ll get an email with images of the items that should be delivered to you so you’ll know if things are missing.

Using public Wi-Fi

Hackers may be able to see what you are doing when you use free public Wi-Fi. Don’t use public Wi-Fi for shopping, banking or other sensitive transactions. If you choose to use public Wi-Fi, use a virtual private network service to create a secure connection.

Data breaches

Hackers invade databases holding sensitive information, such as in the Equifax credit bureau hack of 2017. Almost everyone has been affected by a data breach. Assume that your data is already out there and take precautions accordingly. Monitor your credit reports, especially for new accounts or inquiries resulting from credit applications.

SIM card swap

This is when someone takes over your phone number. You may stop getting calls and texts, or you may get a notice that your phone has been activated. Set up a PIN or password on your cellular account to prevent this.

Phishing or spoofing

Some fraudsters try to get you to disclose personal data by sending an official-looking email or spoofing the caller ID so that the number appears to be that of a trusted company or government agency. Do not give out personal data in response to an email or call. Find contact information from a trusted source and use it to verify whether the call or email is legitimate.

Skimming

Skimming is getting credit card information, often from a small device, when a credit card is swiped somewhere. Skimming devices are more likely to be placed at un-monitored payment sites, like a gas pump or an ATM. Use cards with chips, which have added protections, and set up email or text alerts that let you know when your cards are used to detect fraud early.

Phone scams

Be aware of common phone scams. The IRS, for example, does not initiate contact with taxpayers by phone (or email or social media) to request personal or financial information, nor does it call with threats of arrest or lawsuits. Don’t give personal information out over the phone.

Looking over your shoulder

Be aware of your surroundings, as fraudsters can learn a password just by watching your fingers as you key it in or even snap a photograph of your credit card while you have it out in public.

Malware

Opening an email attachment or visiting an infected website can install malicious software on your computer, such as a keylogger. That does what it sounds like — logs every keystroke, giving criminals access to everything. Be cautious about clicking on attachments or links, and use a password manager, which lets you avoid keying in login credentials.

Ways to prevent identity theft

Freeze your credit

Freezing your credit with all three major credit bureaus — Equifax, Experian and TransUnion — restricts access to your records so new credit files cannot be opened. It’s free to freeze your credit and unfreeze when you want to open an account, and it provides the best protection against an identity thief using your data to open a new account.

Safeguard your Social Security number

Your Social Security number is the master key to your personal data. Guard it as best you can. When you are asked for your number, ask why it is needed and how it will be protected. Don’t carry your card with you. Securely store or shred paperwork containing your Social Security number.

Be alert to phishing and spoofing

Scammers can make phone calls appear to come from government entities or businesses, and emails that appear to be legitimate may be attempts to steal your information. If you call back or respond to the email, get your information from the entity’s official website rather than responding directly. And be wary of attachments — many contain malware.

Use strong passwords

Use a password manager to create and store complex, unique passwords for your accounts. Adding an authenticator app can reduce your risk. Your mother’s maiden name and your pet’s name aren’t hard to find. Think carefully about what you post on social media so you don’t give away key data or clues about how you answer security questions.

Use alerts

Many financial institutions will text or email when transactions are made on your accounts. Sign up so that you know when and where your credit cards are used, when there are withdrawals or deposits to financial accounts and more.

Watch your mailbox

Stolen mail is one of the easiest paths to a stolen identity. Have your mail held if you’re out of town. Consider a U.S. Postal Service-approved lockable mailbox. You can also sign up for Informed Delivery through the USPS, which gives you a preview of your mail so you can tell if anything is missing.

Shred, shred, shred

Any credit card, bank or investment statements that someone could fish out of your garbage shouldn’t be there in the first place. Shred junk mail, too, especially preapproved offers of credit.

Use a digital wallet

If you’re paying online or in a store, use a digital wallet, an app containing secure, digital versions of credit and debit cards. Transactions are tokenized and encrypted, which makes them safer.

Protect your mobile devices

Mobile devices can be a real risk. According to Javelin’s report, only 48% of us routinely lock our mobile devices. Use passwords on your electronic devices. Use a banking app rather than a mobile browser for banking.

Check your credit reports regularly

Check with any of the three major credit reporting bureaus to be sure that any accounts in forbearance or deferment are being reported properly, and to watch for signs of fraud. 

Monitor financial and medical statements

Read financial statements. Make sure you recognize every transaction. Know due dates and call to investigate if you do not receive an expected bill. Review “explanation of benefits” statements to make sure you recognize the services provided to guard against health care fraud.