It’s every person's nightmare: someone is using your personal and financial information without your permission, and it's clear your identity has been stolen. Criminals are using your information to open accounts in your name, drain your accounts, transfer funds, and even file taxes with your personal information to receive a refund.
What are the signs of Identity theft, and how can you tell if your identity has been stolen?
In the article below, we’ll discover how identity theft is detected, what key indicators of identity theft are, and how to monitor and notify correctly to avoid and manage future theft.
Since small business owners and IT managers can be held accountable for breaches, it's also important to review the signs of identity theft with employees and customers and to have strategies in place to defend against this type of attack.
Common Warning Signs
How can you tell if your identity has been stolen? Let’s unpack some key warning signs.
These may include unrecognized transactions, unfamiliar inquiries, unexpected bills or statements, or mail that suddenly goes missing. Signs of identity theft also include mysterious credit score drops or unexpected credit denials, unprompted login verification requests, and rejected tax returns.
Below, we’ll review each one and learn what to look for.
Unrecognized transactions in bank or credit card statements
We’ve all opened a bank or credit card statement and questioned a transaction. When one shows up that remains unrecognized, it can be a sign of identity theft and should be looked at more closely.
Set aside time each week or month to go over transactions and ensure they are all recognized. Flag and investigate any that are not.
Unfamiliar inquiries on credit reports
Regularly review your credit report and ensure that you are aware of how and when each inquiry came to be. Unfamiliar inquiries are a common warning sign of identity theft.
Unexpected bills or statements
Receiving an unexpected bill or statement in the mail can also be an indicator of identity theft. If you receive a notification that you owe for an item or service you are sure you did not purchase, do not ignore the notice. Instead, take the time to uncover the source of the bill or statement and to fully understand how you have been impacted.
Missing mail
Has your mail gone missing? In cases of identity theft, thieves can re-route statements you ordinarily receive if they have accessed your login and changed your contact information.
Once re-routed, they can continue to operate in secret without detection by their victims.
Sudden drop in credit score
A sudden drop in your credit score could indicate that a malicious actor is opening accounts in your name. Always monitor your credit score and stay observant of any unexpected changes.
Denied credit applications
Similarly, if you are denied credit for any reason, make sure to read the follow-up explanation that is sent shortly afterward, explaining the reasons your credit was denied. A common indicator of identity theft is a denied credit application when one was expected to be approved.
Rejected tax return
When a tax return is rejected, it could be a sign of identity theft. A threat actor could have filed a fraudulent tax return using a stolen social security number, often to initiate the process of receiving a refund.
Unprompted login verification emails or texts
Are you receiving a number of login verification request emails or texts that you don’t recall requesting? This is a common indicator of identity theft, as criminals can use stolen data to change or alter your contact information and login information for services you use.
Any of these are signs of identity theft that should be closely observed.
How Identity Thieves Gain Access to Your Information
Now that we know how you can tell if your identity has been stolen, let’s look at the way criminals most often gain access to your information.
Phishing
Phishing is a cybercrime that involves an element of social engineering and an element of a scam. Phishing fools users into downloading malicious software by masquerading as a different link, or tricks users into revealing sensitive information like a password or PIN code.
The FBI’s Internet Crime Complaint Center ranks phishing attacks as the most frequent type of cybercrime and these are only predicted to rise in number in the next few years.
A good practice is to do regular training on phishing and to remember the way phishing works in every exchange or transaction, be it via email, phone, or text.
Social media
A social media account can reveal information that leads to identity theft, and younger users of social media can even be fooled into illegally transferring funds or moving money.
What are the dangers?
Public posts can lead hackers to words you frequently use in order to crack passwords, find bait for phishing scams, and location information. Photo metadata also can lead thieves right to your door. Another common method used with social media is the all-too-common “romantic stranger” or “person who needs help” in your messaging inbox, waiting to pull personal information from you.
Nearly every aspect of social media is a vulnerability, so it’s important to enroll in a safe social media use course, to follow the platform’s security recommendations, and to practice secure social media messaging and posting. Also ensure monitoring of younger users.
Shoulder surfing
Ever gotten the impression that someone may be looking over your shoulder at your phone or laptop screen?
Shoulder surfing is a type of social engineering that demonstrates this concern is a reality. Observing methods like these can be considered signs of identity theft becoming imminent.
Malicious actors frequently observe screens from over a user’s shoulder, thus gaining important information about user behavior and possibly even login or password information.
It’s best to protect against this type of malicious behavior by establishing security controls that prevent people from seeing other people’s screens.
Data breach
A common security incident, a data breach occurs when criminals obtain access to information that is confidential in nature. Within a data breach, information such as usernames, passwords, contact information, social security numbers, and other types of private information is released and shared among threat actors, making this a frequent cause of identity theft.
As before, data breaches can be avoided with regular monitoring and working security controls. Following cybersecurity best-practices, including good password hygiene, can prevent a data breach.
Physical theft
Physical theft is a common means of identity theft.
Thieves can find personal information in dumpsters, trashcans and old file folders, in cars and other types of vehicles, and even in old mail that gets lost, left, or taken in a public place.
Some criminals even use specialized devices to scan for parked cars containing electronics.
Smartphones, tablets, and laptops are commonly stolen from vehicles or places they are accidentally left, giving hackers easy access to data they can use to steal your identity.
Keep your electronics locked up tight, keep an eye on them in public and private places, and always use a shredder before throwing files or mail away.
Recovering From Identity Theft
Now that we’ve gone over common signs of identity theft and the ways thieves can access your personal data, we’ll cover what steps to take if your identity has been stolen.
Notifying credit bureaus and placing fraud alerts
First, notify the credit bureaus and place a fraud alert to ensure others have eyes on your accounts.
Monitoring credit reports and disputing fraudulent activities
Continue to monitor your credit reports and dispute any fraudulent activities, which can help to identify a threat actor’s identity and location.
Updating passwords and security settings
Update your passwords and security settings and monitor your devices and network. It’s important to run regular scans, use anti-virus software on your devices, improve your security posture, and utilize excellent security practices including good password hygiene.
Repairing any damage to credit history
If you have been the victim of identity theft, it’s likely your credit history was damaged. Repair the damage by consulting with a credit specialist or loan officer to determine proven action steps to build back stronger. Regularly review your credit history and report to ensure you can account for every item on the report.
Seeking legal assistance if necessary
If necessary, seek legal action. In some cases of identity theft, there is only one course of action to take, and that step is legal action to assist with the financial loss, to obtain reparations, and prevent further activity.
There are attorneys who specialize in this type of loss.
Taking preventive measures for future protection
For future protection, consider implementing security software or services that assist with password hygiene and are designed to monitor and act on the signs of identity theft.
