Protecting Yourself from Identity Theft
By: Wilmington Trust
Simply stated, identity theft is the process by which a person with criminal intent assumes the identity of a legitimate person in order to utilize their good credit and lack of criminal record.
Generally speaking, there are several facts that a criminal needs to know to
assume the identity of another. The most common are the person's full name,
address, social security number, and mother's maiden name. The one other element
that is usually, but not always, needed is a form of identification in the victim's
name, such as a driver's license or ID card. This information can be obtained
in many ways - from raiding your mailbox to creating an elaborate email Internet
hoax. This article will alert you to the various ways identity theft can occur
and help you protect yourself and your good name.
It's the Law
Officially, identity theft became illegal when the Identity Theft and Assumption Deterrence Act of 1998 was passed (Title 18 United States Code - Section 1028). Believe it or not, up until that time, identity theft was not actually a crime! Since then, additional laws have been introduced to address specific components of identity theft, such as obtaining social security numbers.
High- and Low-Tech Identity Theft
While emphasis is often placed on the high-tech ways in which criminals steal
identities, in reality, most identity theft is done with low-tech methods. Most
of the information that identity thieves need is often readily available and
can be surprisingly easy to obtain. Some of these low-tech methods include the
- Shoulder Surfing - The practice of looking over someone's shoulder while they're using an ATM or writing a check at a merchant establishment.
- Mail Box Raiding - A popular and low-risk activity where criminals often cruise down a residential street looking for mailboxes that have the flag up, indicating that there is outgoing mail inside. The jackpot would be your payment of a credit card bill. Very quickly, they would have your credit card number and probably your full name, address, and bank account number from the check enclosed to pay the bill.
- Dumpster Diving - The process of looking through the trash, whether it's the dumpster outside of a store or the trash cans in the front of your house. Financial institutions are especially sensitive to this practice and have made great strides in properly securing and disposing of trash. Unfortunately, not all businesses employ such safety measures.
- Business Infiltration, Burglary and Theft - Infiltrating and burglarizing a business to obtain customer records. Again, while financial institutions are very aware of this problem and generally have strict policies in place to protect their clients, not all businesses may be as sensitive to this concern.
While these low-tech methods of obtaining information have been utilized for
some time, high-tech identity theft crimes are rising steadily. The majority
of high-tech identity theft crimes occur using the Internet. The most common
methods include the hacking and cracking of merchant databases for customer
information. However, infiltrating an individual's personal and financial information
over a home computer using a simple email is also becoming more commonplace.
Some methods of high-tech identity theft crimes include:
- Phishing - Sometimes called "spoofing," phishing is a high-tech
fraud that uses spam emails to deceive consumers into disclosing personal
and financial information. These scams involve sending you a seemingly legitimate
email request for information, often asking you to verify or reconfirm confidential
passwords, account numbers, social security numbers, and other sensitive information.
In such emails, the fraudsters tell you to "update" or "validate"
your billing or personal information and can even direct you to a website
that has been designed to look like one with which you are familiar and with
which you conduct business, such as your bank or retailer. One example
is a fraudulent email sent to financial institution clients that appeared
to have been sent by the FDIC. The email stated that the recipient's account
had been denied insurance from the Federal Deposit Insurance Corporation due
to suspected violations of the Patriot Act. The email further indicated that
deposit insurance would be suspended until personal identity, including bank
account information, could be verified.
- Site Cloning - This is another high-tech fraud which uses a legitimate-looking
logo and branding, web links, and graphics to replicate or clone a real website,
thus misleading you into believing it is the website of your bank, Internet
provider, or the like. By directing you via email to this fraudulent clone
of a website, the identity thief is able to request your personal information
to gain unauthorized access to your bank or financial accounts.
How Can I Protect Myself?
In light of all these potential dangers, what precautions can you take to safeguard your personal information? A good first step is to consider your mail handling practices. As previously mentioned, a large number of identity theft cases are carried out through low-tech methods with the mail being the easiest to infiltrate. Some suggestions for reducing your risk are as follows:
- Do not let mail sit in your mailbox for any length of time - remove it promptly.
- Instead of putting mail in your mailbox and raising the flag, consider dropping
it off in a post box or, if convenient, taking it directly to the post office.
- Use common sense and only put the minimal amount of information required
on the outside of envelopes, packages, or on postcards.
- If you receive an email that warns you that an account of yours will be
shut down unless you reconfirm your billing information, do not reply on the
link in the email. Instead, contact the company by using a phone number on
the website that you know to be genuine.
- Avoid emailing personal and financial information. Before submitting information
via a website, look for the "lock" icon on the browser's status
bar. It signals that your information is secure during transmission.
- Review credit card and bank statements as soon as you receive them to determine
whether there are any unauthorized charges. If your statement is late, call
your credit card company or bank to confirm.
- Report any suspicious emails requesting personal or financial information
to the Federal Trade Commission. Send the actual email to firstname.lastname@example.org.
When conducting retail or financial business through the Internet, be sure that a padlock symbol appears on your browser status bar. This means that the site uses Secure Sockets Layer (SSL) 128-bit encryption technology, which protects information as it crosses the Internet by encrypting - or scrambling - your information so that it is virtually impossible for anyone other than you to read.
I'm a Victim - What Should I Do?
As soon as you are aware that you may have become the victim of such a crime, you should first complete a police report. Once the report is filed, the following steps should be taken:
- Begin the process of notifying all of your creditors, initially by phone, and then in writing.
- Notify all of the major credit bureaus, again keeping a record of the notifications.
- Check your credit history. In November of 2001, the Supreme Court ruled that consumers only have two years to file a lawsuit against a company that erroneously damages their credit rating. The clock starts ticking from the time the error is made, not from the time the consumer discovers it!
- Notify utility companies (electric, telephone, etc.) and alert them in case someone attempts to obtain service in your name.
- Change all of your passwords and get new PIN codes for your debit and credit cards.
Finally, listed below are some resources where you can learn more about identity
theft and find help if you become a victim.
Updated: January 1, 2013
This article is for informational purposes only and is not intended as an offer or solicitation for the sale of any financial product or service or as a determination that any investment strategy is suitable for a specific investor. Investors should seek financial advice regarding the suitability of any investment strategy based on their objectives, financial situations, and particular needs. This article is not designed or intended to provide financial, tax, legal, accounting, or other professional advice since such advice always requires consideration of individual circumstances. If professional advice is needed, the services of a professional advisor should be sought.
© 2013 Wilmington Trust Corporation.