In an increasingly online and interconnected world, identity thieves have a lot of tools they can use to ply someone out of their crucial information and rob them blind in minutes.
The old-school method of a thief digging through trash in search of records or snatching a purse or wallet still happens, but identity thieves increasingly turn to electronic methods to get what they want.
Often thought of as a crime that targets the elderly, who might be less wary of an unsolicited phone call, even children can be the victims of an identity theft and not know it until they’re old enough to buy a car or apply for a student loan.
“Identity theft is a crime that affects people across-the-board regardless of economic status, race, age, although we do consider seniors and children to have certain vulnerabilities to identity theft,” says Lisa Schifferle, attorney with the Bureau of Consumer Protection at the Federal Trade Commission.
The most common form of identity theft involves government documents or benefits fraud, which comprised of more than 46 percent of all identity theft complaints in 2012, according to the FTC.
Of these, more than 43 percent related to tax or wage fraud—such as someone using another’s identity to get a job. A victim might not realize their identity had been stolen until the Internal Revenue Service comes looking for unpaid taxes owed by the identity thief.
“It could be somebody using your dependant child’s information in order to get a child tax credit, it could be somebody who uses your Social Security number to earn wages and then you get a notice from the IRS saying you haven’t paid your taxes on all these wages you owe,” Schifferle says. “It could be somebody taking your personal information in order to try and get your tax refund.”
Victims might also discover their identity loss when filing for government benefits, such as Social Security disability, or they find out someone else filed a tax return in their name and already claimed the refund.
Credit and debit cards
Credit card fraud comprised of more than 13 percent of all complaints filed with the FTC in 2012, behind government documents and benefits fraud.
Credit and debit cards are governed under different laws, with credit cards offering more protection from identity theft.
Credit cards offer a limited liability of $50 per card, as long as the company is notified within 60 days. Schifferle says many credit cards have zero liability policies as well.
Debit cards provide a $50 maximum liability if a theft is reported within two business days, or $500 if reported in 60 days. A missing debit card could potentially offer an unlimited loss if not discovered or reported in time.
It’s important to read every bank and credit card statement carefully to look for anything out of order. Katherine Hutt, national spokesperson for the Better Business Bureau, says a thief who has a stolen card number, but not the card itself, may charge a small amount to the account to see if it works.
A victim might think a $5 charge as too insignificant to care about, or that it was a purchase they’ve forgotten. This gives a green light to the thief to add more substantial charges to the account.
“That may be the test that the scammer was doing, to make sure that the card was good and then when you don’t respond or cancel the card then they might go on and use it for bigger things,” Hutt says.
Of course, credit card companies do have their own fraud detection methods and have been known to flag suspicious-looking transactions. That’s why Hutt advises anyone who plans to travel overseas or do something out of the ordinary let their credit card company know in advance so they don’t get a hold placed on their account.
Email scams
No doubt most people have heard of the infamous Nigerian prince email scam, where someone sends an email from overseas and claims to need help getting funds out of their country.
These kinds of scams might be easy to spot but not all email scammers are so obvious. The more clever ones disguise their messages to look like they’re from legitimate companies.
Hutt says some scammers have sent out emails claiming to be from the BBB, asserted that a complaint had been filed against the recipient and asked for personal information. Scammers might also claim to be from a bank or the Internal Revenue Service, even though the IRS does not communicate with citizens via email.
“It’s very easy to make an email look authentic and when you click on it’ll say either there’s an attachment or go to this website and you click on and instead of opening an attachment or taking you to a website it downloads malware onto your computer and that malware can creep around and look for your passwords and your account information on your computer,” Hutt says.
Hutt recommends that people hover their computer mouse over an email link, without clicking on it, to see if the link actually fits with what’s being displayed. The links information should appear at the bottom of a web browser, although even this method is not guaranteed.
That’s why it’s important to be wary of any unsolicited emails and to keep a computer’s virus software up-to-date. Anyone receiving a suspicious looking email from their bank could save themselves a lot of time and hassle by calling the bank’s known business number to make sure the email is legit.
Phone scams
Scammers have been using the telephone for decades to try and dupe people into giving out their personal information.
Someone might call claiming to be from the government or from a bank and asked to verify someone’s Social Security number. The caller might target an older person and claim to need information regarding Medicare or Medicaid.
This is especially true any time there’s new laws or policies dealing with personal information. Schifferle says fraudsters have been trying to take advantage of people’s misunderstanding of the Affordable Care Act since it became law.
A scammer will typically call and claim they need to verify someone’s personal information because of the new law. Obviously no one should give out personal information from an unsolicited phone call. It’s worth noting that the government is not calling people to check their healthcare status.
“Some of them are pretty innocuous such as how do you spell your name, your middle initial, your address and then they get into things like your Social Security number, your bank number, that kind of thing,” Hutt says. “One rule of thumb that we always say is never give personal identifying information out to someone who has called you.”
Protecting passwords
Facebook and other platforms might be a way for people to stay in touch, but they can also be popular among identity thieves who can use them to get information.
“We advise people on social media not to share too much personal information and especially not to share information that can be used to guess their password security questions,” Schifferle says.
For example, if someone used their high school mascot as a password or security question for one of their accounts it would be easy for a scammer to use social media to figure out where that person went to high school—and a quick Google search would yield the name of the mascot.
“It doesn’t take much between what’s available publicly, what we tend to share on things like social media and then one or two pieces of information and they have everything they need steal your identity, hack into your bank accounts, open credit cards in your name, that kind of thing,” Hutt says.
It’s tempting for many people to use the same password for multiple accounts, but unfortunately one slip up could give scammers broad access to someone’s information.
Hutt says it’s also tempting for people to store their passwords on a smart phone, which of course opens a can of worms if it’s lost or stolen. Even a smart phone with a password isn’t very secure as it’s likely to contain just four digits.
She says people could keep their accounts more secure by only storing half of each password on their phone. If the first half of each password were the same for every account, then owner would only have to commit that part to memory. The second half of each password would be different and stored on the phone.
Anyone using passwords such as “password” or “12345” is just begging to get scammed, yet many people do.
Even kids get scammed
Kids can be particularly vulnerable to identity theft and fraud because they’re not going to be applying for work or loans. They can also be targeted by scammers who want someone with a clean record so they can get a job under their name.
“You may list your child as a dependent on your tax returns but usually until a child is applying for credit for student loans or a car loan or something, usually people don’t check their kids credit before then and then they find out at that stage that there’s an identity theft problem,” Schifferle says.
The FTC advises parents to check their children’s credit reports around the age 16, which gives them time to clean up any problems before the child would typically need to apply for a credit, like for a car or student loan.
Kids can also become victims for being careless with their credit cards or personal information, so Hutt recommends parents educate their kids early on about not leaving their possessions lying around and how to keep their information secure.
Checking credit scores
Adults need to be more vigilant in protecting themselves from identity theft and fortunately they have many tools at their disposal.
In addition to all of the above, everyone can get a free credit report each year from each of the three credit reporting bureaus at annualcreditreport.com or by calling 877-322-8228. It’s not necessary to check all three.
Anyone who has been the victim of identity theft or thinks their information could be vulnerable would probably want to be extra vigilant. They could stagger these requests and get a report from a different credit bureau every four months, although it’s recommended that most people do this once a year.
“If you check it regularly it helps spot whether there is a problem or if someone is stealing your identity,” Schifferle says
For anyone who discovers something out of the ordinary on their report, Hutt says they need to contact the credit-reporting agency and let them know. The credit agency should also be informed if there’s been any fraudulent activity on someone’s credit cards.
As far as credit monitoring services go, Schifferle says these might be a good idea for someone who has been a victim of identity theft but people should be wary of these.
“A lot of companies charge money for services that a consumer can get for free, so people should look carefully about what’s being offered and what are the costs and whether they could get it for free on their own through the credit reporting agencies,” Schifferle says.
Not only should people research was provided by such a service, and compare it to what they can do themselves, Hutt says people should fully investigate a company offering a credit monitoring service as they will wind up giving that company all of their personal information.
Tips on guarding against identity theft:
• Check credit reports at least once a year at annualcreditreport.com or by calling 877-322-8228.
• Check all banking, credit card and medical benefits statements on a regular basis to watch for signs that someone else is using them.
• Shred any documents with personal information on them, instead of just tossing them into the garbage.
• Keep track of what cards are in a wallet or purse. File a police report if they’re lost or stolen.
• Don’t carry a Social Security card—keep it somewhere safe and secure.
• If information is lost, such as a wallet or purse, contact all credit cards and banks immediately.
• When engaging in online transactions, make sure the connection is secure. Look for “HTTPS” in the web address or a lock symbol.
• Don’t use a public WiFi network to send personal information.
• Keep anti-virus and anti-spyware programs on all computers and keep them updated.
• Don’t give out personal information unless without being certain whom the other person is.
• Be careful when disclosing personal information on social networking sites.
• An email claiming to be from the IRS is bogus—the IRS does not send information via email.
• If anyone calls claiming to be from a bank, credit card or some other entity, and asks for personal information, call the company back using a known and legitimate number.
• Cell phones are not as vulnerable as public WiFi but it’s safer to bank or shot at home with a secure connection.
• If banking online, go over the account more than once a month.
• Don’t give out a Social Security number unless it’s absolutely necessary. Some places will ask for it when they really don’t need it so always ask if it’s absolutely necessary.
• Don’t put personal information on personal checks other than a home address and phone number. Avoid putting things like a driver’s license number on a check.
• Keep passwords complicated enough so someone can’t easily guess them. Don’t use 12345 or a birthday.
• Completely eliminate all personal information from a computer or hard drive before getting rid of it—use a wipe utility program to overwrite the entire drive.
Also see our story “How to respond to an identity theft: a step-by-step approach.”