What is identity theft?
Identity theft (also known as identity fraud) is the misappropriation of another
person's identifying information in order to:
- obtain credit fraudulently from banks and retailers;
- steal money from the victim's existing accounts;
- apply for loans;
- establish accounts with utility companies;
- rent an apartment;
- file for bankruptcy;
- obtain a job; or
- achieve other financial gain using the victim's name.
There are two main classes of economic crime related to identity theft: Account
takeover occurs when an identity thief acquires a person's existing
credit or bank account information and either withdraws money or makes purchases.
Victims usually learn of account takeover when they receive their monthly credit
card or bank account statement.
In true identity theft, an identity thief uses another person's Social Security
number and other identifying information to fraudulently open new accounts
for financial gain. Victims may be unaware of the fraud for an extended period of
time, which can allow the criminal to continue the ruse for months or even years.
How can a criminal steal my identity?
An identity thief needs only a few strategic bits of information — your Social Security
number, your birth date, perhaps your address and phone number — to commit fraud.
With this and a fake driver's license (with the criminal's picture where yours should
be), the thief can often get instant credit in your name. The criminal may provide
his or her own address, claiming to have moved, and thus keep you in the dark. The
more accounts the criminals are able to open, the more "evidence" they have that
your identity belongs to them.
What methods do identity thieves employ?
Theft of wallets and purses was once the most common way to obtain identity documents
and account information. Today, identity thieves attack virtually every area of
an individual's life, wherever personal information is stored or sent.
These are among the most common methods:
- Dumpster diving in trash bins for credit card statements, loan applications, and
other documents containing names, addresses, account information, and social security
numbers
- Stealing mail from unlocked mailboxes to get preapproved credit offers, credit cards,
utility bills, bank and credit card statements, investment reports, insurance statements,
benefits documents, and tax information
- Impersonating a loan officer, employer, or landlord to get fraudulent access to
credit files
- Insider access to names, addresses, birth dates, and social security numbers in
personnel or customer files
- Shoulder surfing at ATM machines and phone booths to capture PINs
- Online sources of personal data, such as public records and fee-based information
sites
If I become a victim, should I still worry about protecting my identity?
Yes. Without a disciplined approach to protecting your data, you risk repeated victimization.
If I become a victim, will I have to file a police report?
Yes. You must file a police report and sign the Federal Trade Commission's Identity
Theft Affidavit to be accepted as a new victim account.
What if the police won't take a report?
Some police departments may be reluctant to write a report on a crime of this kind,
taking the position that since the creditor suffered the financial loss, you're
not the victim. They may insist that the creditor file the complaint. The creditor,
however, may choose not to cooperate, calculating that it's not cost-effective to
spend time and energy assisting the police. Nevertheless, even if the creditor won't
prosecute, insist that the police take a report.
If I become a victim, will I need a lawyer?
Possibly, but it's unlikely. Some identity theft victims do require services that
can only be performed by an attorney. Such services normally involve going to court
to remove liens placed due to fraud and/or criminal warrants resulting from the
stolen identity.
If a criminal has taken my identity, should I cancel my credit cards?
The best course of action depends on your circumstances. Your goal is to reduce
the risk that a given account will be abused, while maximizing your own ability
to use your existing credit accounts. In weighing risks and benefits, keep in mind
that if you have recently become an identity theft victim, your situation may make
it difficult to obtain new credit in the near future.
Rather than canceling accounts, you may wish to notify the fraud department for
each account and have a fraud alert placed. If a credit or debit card (or the data
on it) has been lost or stolen, you may wish to cancel that card and have a new
card issued that is based on the same account, but has a different number. If you
have multiple credit cards, you may decide to cancel some to reduce your exposure.
In any event, instruct credit card issuers and banks not to change your address
without direct verification from you, in writing that originates from your present
address. You should also monitor closely the monthly statements for any credit card
or bank accounts you do decide to keep active.
What about changing my Social Security number?
In most cases, this is not advised. Over the years, that number has been attached
to numerous documents, including credit reports and various other private and government
records. Moreover, the Social Security Administration is reluctant to issue replacement
Social Security numbers except in very complicated or extreme cases.
What are the risks of using the Internet and other networks?
There are three main threats to the data on your computer: malicious software, network
intrusion by hackers, and physical theft.
To protect your computer against viruses, spyware, and Trojan horse programs (which
let hackers control your computer), you must use antivirus software — and keep it
updated. To keep intruders out, connect to the Internet through a properly configured
firewall, which can be software or device-based; this is especially important if
you have an "always on" Internet connection, such as a cable modem or DSL. Avoid
using public computers for online banking, email account access, or other sensitive
exchanges of information — keystroke loggers, web "cookies," or cached pages may
be capturing your data. Similarly, be cautious in sending sensitive data over wireless
networks. And be careful what you send via email — unencrypted text and attachments
can be intercepted as they travel across the Internet.
Finally, beware of "phishing" and "pharming" scams, which use fake corporate email,
redirected web addresses, and "cloned" corporate web pages to plant viruses and
con users into providing sensitive information. Never provide identity or account
information in response to an email, or if you have any doubt about the authenticity
of a web site.
What else can I do to protect my computer and computerized data?
Limit access to your computer to those you truly trust, and use restrictive permission
levels to protect sensitive files. Encrypt files containing sensitive information
whenever possible, including backup files. And don't forget to protect your computer
against physical theft — "password protection" sounds like a lot of work, but is
actually easy for a tech-savvy criminal to defeat.