In 2023, people lost over $10 billion to scams. Cybercriminals continuously devise ways to target users where it hurts the most: by stealing their identity. Identity theft is when someone uses your personal information, like your name, Social Security, or birthdate, to impersonate and steal from you.
This article covers:
- Warning signs for identity theft
- Prevention tips
- What to do in case of an identity theft
Understanding Identity Theft
Common warning signs of identity theft
1. Account takeover. You may suddenly get notifications that someone's trying to log into your account or change your password. Cybercriminals will steal your username and password from a data breach.
This could occur in a couple of ways: brute force or credential stuffing. With brute force methods, the hacker uses an algorithm to guess the login credentials until they get it right. Users who have used the same password for multiple accounts are especially vulnerable to danger.
With credential stuffing, the hacker uses stolen yet verifiable information from a data pool. This approach is more targeted and, therefore, more likely to be accurate. Either way, an unauthorized user has taken over your account.
2. Credit identity theft. You could be a theft victim if you see unanticipated changes in your credit scores or unfamiliar accounts on your credit report. A criminal may use personal information like your birthdate or social security number to apply for a new credit line.
If this happens, take action immediately and freeze your credit. If not, as NerdWallet points out, the consequences could be debt collection notices or court judgments against you.
3. Medical identity theft. Some danger signs are unrecognizable claims or payments on your insurance or benefits paperwork. Someone could be using your healthcare benefits. Medical identity theft is an especially alarming crime because it could cause the mixing of medical histories or provide healthcare providers with the wrong information for critical moments.
If you suspect you're experiencing medical identity theft, contact your insurance company and healthcare providers immediately. You may need to re-establish that your healthcare records are actually yours.
4. Taxpayer identity theft. Every so often, an unlucky taxpayer discovers that they can't e-file because someone else has already filed under their Social Security number. Other warning signs are that you get an IRS notice about unfamiliar account activity or records suggesting that you worked for an employer that you didn't.
One way to combat this is to file early to mitigate identity theft risk. Some states also offer six-digit identity protection PINs with thorough verification for additional protection.
Preventing Identity Theft
Securely managing personal information
Avoid writing your password on sticky notes or in text messages. Store your username and password securely, such as a password management tool. Hopefully, your vault can also securely store other critical information, such as your Social Security number, payment information, driver's license, or social media accounts.
Exercise caution with social media. Try not to give too much personal identification, as hackers can mine your messages for personal data and exploit them for unauthorized use.
Creating strong and unique passwords
It's time to stop using your pet's name or password you've had for years. Cybercrimes like credential stuffing target and exploit people who use the same password for multiple accounts. Once they penetrate one account, they can easily access others.
Choose a password that's at least 12 characters. Use a combination of letters, numbers, and characters. Make the letters a mixture of upper and lowercase letters. A password manager can help you generate, store, and autofill the password so you don't have to remember or manually enter it each time.
Using two-factor authentication
While passwords might be easier for a cybercriminal to guess, multiple authentication steps are harder to penetrate. While it adds slightly more time to signing in, two-factor authentication can make all the difference in stopping hackers in their tracks. 2FA may send an alert to your phone for approval or ask for a biometric sign-in, such as facial or fingerprint recognition.
Protecting Your Digital Presence Against Identity Theft
Securing your devices and networks
Ensure your current technology is up to date because older systems are more vulnerable to cybercriminals. Check to see if you have up-to-date firewalls and network security.
Using a reliable password manager
You'll want a tool that provides optimal security and user-friendliness. Look for ones with customizable controls so you can manage which group or user has access. Ideally, you should be able to monitor different access policies for different types of devices.
Avoiding phishing and social engineering attacks
The majority of cybercrimes are social engineering attacks. They are particularly duplicitous because they gather personal information to target or act on your behalf. Phishing is a social engineering attack where the attacker pretends to be a trustworthy person or organization to access your accounts.
Safeguarding Personal Documents
Properly disposing of sensitive documents
Improper disposal of sensitive information leaves you vulnerable to theft. When appropriate, shred documents with confidential information like bank statements, credit cards, old bills, legal documents, and medical records. These documents could have personal information like your name, address, or social security information.
Using a shredder for confidential information
Shredding is imperative for data protection. Designate a shredder that people can use only for important documents at your organization. Establish security controls to manage access and use.
Monitoring and Detecting Identity Theft
Regularly checking credit reports
Check your credit reports at least bimonthly. You can go to the specific bureau's website or check the reports for free at AnnualCreditReport.com.
Setting up fraud alerts
Enable fraud alerts so that you know right away when a theft occurs. Setting up a fraud alert is typically free. For example, with Equifax, an initial fraud alert is free and lasts for one year. It is for those who are or believe they may become the victims of fraud.
Place an extended fraud alert when you've completed an FTC Identity or police report. An Extended Fraud alert is free and lasts up to seven years. It also removes you from credit card and insurance offers for five years.
Monitoring financial accounts
Double-check with your credit card company to ensure that they immediately notify you of fraud and block the perpetrator's access to your account.
Set up bank alerts that will flag anything that needs your attention. Look over your statements for false or unauthorized charges. Track your organization's check activity to clarify who you paid and when. Also, keep all your banking logins, such as your checking account, 401(k), and investment account, in a password vault. Employ two-factor recognition for an added safety layer.
Reporting and Recovering From Identity Theft
Steps to take when identity theft occurs
Report it right away. The longer you wait, the more likely the hacker can penetrate multiple accounts. Gather and secure your other personal documents, like your social security card or birth certificate, since you may need them in the restoration process.
Contacting relevant authorities
The US government recommends contacting the Federal Trade Commission online at IdentityTheft.gov or calling 1-877-438-4338. Include as much detail as possible in your report. IdentityTheft.gov will help you create a report and recovery plan based on your information. The report is critical because it shows businesses proof that someone stole your identity and guarantees you certain rights.
You can also contact the three major credit unions (Experian, Equifax, and TransUnion) and ask them to freeze your credit account or place a fraud alert.
Immediately contact the fraud department at your credit card issuer, bank, and your other valuable services. You can also file a report with your local police department. Visit them in person and take:
- A copy of your FTC Identity Theft Report
- A government-issued ID with a photo
- Proof of address through forms like your utility bill or rental agreement
- Other evidence of theft like IRS notices, etc.
Restoring your compromised identity
Restoring your identity can be a process. You may need to replace your government-issued IDs, like your driver's license and passport. After contacting your credit card and bank, you may also need to report a misused Social Security number.
At the business level, notify internal employees of identity theft so that they can redouble their security assets. You'll likely have to diplomatically tell your customers and show them the FTC's Identity Theft Report to authorized parties. Be prepared for some pushback from customers; it may affect business. Of course, you can avoid this situation entirely by keeping your critical information secure in a password vault.
The slightest bit of unprotected private information can cause significant delays and damage. As the number of opportunities to add confidential data increases, so do the chances that someone can wrest your identifying information. Don't take for granted that your user information will remain secure. Store it in a platform or manager like LastPass for optimal safety and authorized access.
