Identity theft is when someone illegally accesses your personal information including your full name, date of birth and credit card details etc and uses it for financial fraud, such as applying for loans or charging up your existing credit cards etc.
How Online Identity Theft Happens?
Without your knowledge, the cyber-criminals may have already stolen your identity and lead to financial fraud. Here is a list of digital identity theft tactics to watch out for:
1.Unsafe social media use:
Social media encourages the sharing of personal information, but sharing too much casually can jeopardize your personal safety and financial records. For example, it’s easy to disclose your date of birth, location, school, pet name, phone number, and other personal details on social networks. If cybercriminals are watching, they can use this data to piece together information about you for identity fraud.
If you don’t change your email password frequently, you increase the risk of being hacked. If you use the same password on multiple websites, such as banking or shopping sites, hackers can gain access to all of your accounts, lock you out, and spend a lot.
Even though a lot of our communication has moved online, people can still find a lot about you through your trash. Long before the internet booming, identity thieves have been combing through mails looking for documents that contain personal information. Bank and credit card statements, pre-approved credit card offers, tax information and other personal documents sent through the postal system may be intercepted and used to access your data. Financial and other personal documents are retained for a minimum of seven years, and all materials containing personally identifiable information must be shredded before discarding.
By sticking to reputable websites and websites with up-to-date security certificates, you can browse the Internet safely. However, if you share any information on an unsecured or hacked website, you may be putting sensitive information directly into the hands of thieves. Some browsers may alert you if you try to visit a risky website.
Once your personally identifiable information is stolen, it often ends up on the dark web. Hackers don’t necessarily steal your information for their own use, often they choose to sell it to others with potentially malicious intent.
The dark web is a network of hidden websites that ordinary browsers cannot access. People visiting the dark web use special software to mask their identities and activities, making it a haven for fraudsters. If your information ends up on a darknet market, anyone can buy it, putting your identity at even greater risk.
6.Phishing and Spam Attacks:
Phishing is a form of social engineering. Phishing occurs when an attacker masquerades as a trusted entity to trick a victim into opening an email, text message, or instant message. User phishing attacks are a common cause of data theft.
If you’re using a computer or phone on a public Wi-Fi network (perhaps at an airport or coffee shop), hackers may be able to snoop on your connection. This means that if you enter a password, bank account or credit card number, Social Security number or anything else, criminals can intercept it and use it for their own purposes.
Identity Theft Statistics
According to Javelin Strategy & Research’s 2021 Identity Fraud Study:
In total, identity fraud cost Americans about $56 billion in 2020, and about 49 million consumers were victims.
The roughly $13 billion losses were due to what Javelin calls “traditional identity fraud,” in which cybercriminals steal personally identifiable information and then use it for their own benefit, such as through a data breach.
But the bulk of the losses ($43 billion) stemmed from identity theft scams, in which criminals interact directly with consumers to steal their information through methods such as robocalls and phishing emails. According to Javelin, victims of these scams lost an average of $1,100.
As the Covid-19 pandemic has changed the way people shop and transfer money, criminals are increasingly targeting digital wallets and peer-to-peer payment methods such as Apple Pay and Zelle. In 2020, approximately 18 million victims in the United States fell prey to scams through these digital payment methods.
Who is stealing your identity?
Identity thieves are a diverse group, many with very unexpected backgrounds. Many victims know their attackers—maybe colleagues, friends, employees, neighbors, or even family members. Some tech-savvy kids can get a kick out of stealing their parents’ credit card and Amazon login to buy a few things, but only if there’s no real “victim” and they end up confessing and apologizing to their parents. If you leave without locking your computer, or leave your wallet behind, work acquaintances may find this an opportunity not to be missed.
Petty criminals are now on the move, as packaged malware programs can be downloaded for little or no money. Organised criminal gangs that exploit highly trained computer science graduates are also scouring for a wealth of personal data. Such gangs typically carry out large-scale retail attacks and medical data attacks. Such a huge amount of data would allow them to make a fortune on the black market.
What would cybercriminals do with your identity?
There are two methods of disposal: use immediately and reserve for sale:
Criminals who want to use your data right away will do all their attacks at once. They will try to hack emails, smartphones and retail websites to gain access to bank accounts, while calling credit card companies to set up new user profiles. While short-lived, such attacks can cause devastating economic damage.
Other criminals will keep your data, either try to sell it or open a new credit card, and they will keep using it until the limit is reached, after which you will start receiving calls from various collection agencies. This type of attack is more stealthy, and over time, will eventually cause greater losses.
Anyone can be a target of identity thieves. If any of your information is available online (personal information, credit card data, address, phone number) then you are at risk of a data breach. Criminals are treated equally: the more information you post online, the higher the risk.
How to protect yourself from identity theft?
So, how can you prevent identity theft and protect your identity online? Here are some precautions you can take to avoid identity theft:
1.Keep data on a “need to know” basis:
If someone asks for your personal information (such as your Social Security number, credit card number, passport number, date of birth, employment history or credit status, etc.), ask why they need it and how they will use it. What security measures do they have to ensure your private information remains private?
2.Use social media sparingly:
Familiarize yourself with the security settings of each social networking platform and make sure these are at a level you are comfortable with. Avoid disclosing personal information such as your address or date of birth in your social media profiles, and handle information provided to any dating or meeting sites with care. Criminals can use this data to build a profile of you.
3.Keep your computer up to date:
Many hackers use malware to steal your information. Keep your computer updated with security patches and antivirus software to help protect against existing vulnerabilities and detect new attacks.
To reduce the possibility of malware infection, avoid opening unknown email attachments or browsing suspicious websites.
5.Destruction of private records and statements:
Shred credit cards and bank statements and other documents containing private financial or sensitive information. Don’t leave receipts from ATMs, credit cards, or gas stations when you’re out, and keep your paper records to a minimum.
Protect your mail:
- Quickly empty your mailbox, lock it or get a PO Box so criminals have no chance of stealing sensitive mail.
- Secure Your Social Security Number:
In the United States, a Social Security number is the master key for personal data. Do what you can to protect it. When asked about your number, ask why it is needed and how it will be protected. Do not carry your card with you. Safely store or shred files containing your Social Security number.
- Never let your credit card out of your sight:
Always keep an eye on your credit or debit card and don’t let the retailer or anyone else take it out of your sight. Also, be wary of ATM card swipe devices.
- Double-check your credit card statement:
Read financial statements. Make sure to recognize every transaction. Remember the due date, and if you don’t receive the expected bill, call to investigate. Review the “Explanation of Benefits” statement to make sure you are aware of the services provided to prevent health care fraud.
- To use the bank safely:
Make sure you only use a secure connection to log into your bank’s website. Do not save your credit card information online.
- Know who you are dealing with:
If someone contacts you asking for personal or financial information, find out who they are, the company or organization they represent, and why they are calling. If you believe the request is legitimate, please contact the company in person and confirm what you have been told before disclosing any of your personal data.
- Remove your name from marketing lists:
Unsubscribe from unwanted marketing lists. In the United States, you can also add yourself to the national Do-Not-Call register (1-888-382-1222).
- Monitor your credit report:
Obtain and thoroughly review your credit report at least once a year to check for suspicious activity. If you notice anything, notify your credit card company or creditor immediately. You can also investigate a credit protection service, which will alert you when your credit report changes.
What to do if your identity is stolen?
Identity fraud is on the rise and can cause significant damage, but many people don’t know what to do when they fall victim to this crime. Read this step-by-step guide on what to do if your identity is stolen:
1.Found the source:
Before you can correct the problem and get help with identity theft, it’s important to understand the source of the attack. In traditional identity theft, criminals “spammed” for personal information, such as receipts or credit card bills; today, thieves are increasingly targeting commonly used online services. Banking sites, online retailers, and dating sites all hold vast amounts of consumer information.
There are many signs that you may have been the victim of identity theft, such as a new credit account being opened in your name, a purchase made without your consent, or your contact information with a government agency being altered. Once you realize you’ve been victimized, think about your recent online activity:
Have you responded to any emails that appear to be from financial institutions claiming your account has been suspended or under investigation?
Have you downloaded any video players or media files that came with senders you don’t know?
Has your frequently used e-commerce site suffered a cyber attack recently?
Any of the above can leave you vulnerable to hacking.
2.Notify affected creditors or banks:
Once the source of the theft has been identified, you can start making calls. Start by calling any company where the scam is taking place, such as your credit card issuer or bank. Ask them to close or freeze your account and change all your login and password information.
Most credit cards offer zero liability policies and other protections for cardholders affected by identity theft. In the U.S., victims of credit card fraud are also protected by the Fair Credit Billing Act, which limits the maximum liability for unauthorized charges to just $50. On the other hand, electronic transfers to ATM or debit cards and bank accounts are governed by the Electronic Funds Transfer Scheme. Under the terms of the law, consumers must act quickly.
Reporting a lost or stolen ATM or debit card before any fraudulent transaction takes place will ensure that you are not responsible for any changes made afterwards. This means it is in your best interest to report suspicious activity as soon as possible. Once an identity theft report and police report is filed, you should also share it with your creditors.
3.Freeze your credit:
Freeze your credit and prevent credit reporting agencies from releasing your credit report to new creditors. Contact the major credit bureaus to request a freeze.
For the strongest defense against identity fraud, experts recommend placing both fraud alerts and credit freezes on your reports. The freeze has no time limit; it will remain there until you decide to lift it; you can lift the freeze temporarily or permanently.
When you put the freeze on your report, the credit bureau will issue a PIN or password that you will need when you decide to lift the freeze. Losing your PIN may delay or hinder your ability to unfreeze your credit, so keep it in a safe place while the freeze is enabled.
4.Change all affected account passwords:
Change all passwords for any fraudulently affected accounts.
If one of your existing accounts doesn’t have a password, now is the time to create a strong password. A strong password of at least 12 characters or longer, including upper and lower case letters plus a mix of symbols and numbers. The shorter and less complex your password, the easier it is for cybercriminals to crack it. You should avoid choosing obvious things—such as using serial numbers (“1234”) or personal information that acquaintances might guess, such as your birth date or your pet’s name.
To make your password more complex, you might consider creating a “passphrase”. Passphrases involve choosing a meaningful phrase that is easy to remember and then making the first letter of each word the password.
Avoid using the same password for multiple accounts and never write down the password. If you have too many passwords to remember, consider using a password manager to help you keep track of them. Remember to change your password regularly – every six months or so.