Simply stated, identity theft is the process by which a person with criminal intent assumes the identity of a legitimate person in order to utilize their good credit and lack of criminal record.
Generally speaking, there are several facts that a criminal needs to know to assume the identity of another. The most common are the person’s full name, address, social security number, and mother’s maiden name. The one other element that is usually, but not always, needed is a form of identification in the victim’s name, such as a driver’s license or ID card. This information can be obtained in many ways— from raiding your mailbox to creating an elaborate email Internet hoax. This article will alert you to the various ways identity theft can occur and help you protect yourself and your good name.
It’s the law
Officially, identity theft became illegal when the Identity Theft and Assumption Deterrence Act of 1998 was passed (Title 18 United States Code – Section 1028). Believe it or not, up until that time, identity theft was not actually a crime! Since then, additional laws have been introduced to address specific components of identity theft, such as obtaining social security numbers.
High- and low-tech identity theft
While emphasis is often placed onthe high-tech ways in which criminals steal identities, in reality, most identity theft is done with low-tech methods. Most of the information that identity thieves need is often readily available and can be surprisingly easy to obtain. Some of these low-tech methods include the following:
Shoulder surfing: The practice of looking over someone’s shoulder while they’re using an ATM or writing a check at a merchant establishment.
Mail box raiding: A popular and low-risk activity where criminals often cruise down a residential street looking for mailboxes that have the flag up, indicating that there is outgoing mail inside. The jackpot would be your payment of a credit card bill. Very quickly, they would have your credit card number and probably your full name, address, and bank account number from the check enclosed to pay the bill.
Dumpster diving: The process of looking through the trash, whether it’s the dumpster outside of a store or the trash cans in the front of your house. Financial institutions are especially sensitive to this practice and have made great strides in properly securing and disposing of trash. Unfortunately, not all businesses employ such safety measures.
Business infiltration, burglary, and theft: Infiltrating and burglarizing a business to obtain customer records. Again, while financial institutions are very aware of this problem and generally have strict policies in place to protect their clients, not all businesses may be as sensitive to this concern.
While these low-tech methods of obtaining information have been utilized for some time, high-tech identity theft crimes are rising steadily. The majority of high-tech identity theft crimes occur using the Internet. The most common methods include the hacking and cracking of merchant databases for customer information. However, infiltrating an individual’s personal and financial information over a home computer using a simple email is also becoming more commonplace. Some methods of high-tech identity theft crimes include:
Phishing: Sometimes called “spoofing,” phishing is a high-tech fraud that uses spam emails to deceive consumers into disclosing personal and financial information. These scams involve sending you a seemingly legitimate email request for information, often asking you to verify or reconfirm confidential passwords, account numbers, social security numbers, and other sensitive information. In such emails, the fraudsters tell you to “update” or “validate” your billing or personal information and can even direct you to a website that has been designed to look like one with which you are familiar and with which you conduct business, such as your bank or retailer.
Site cloning: This is another high-tech fraud which uses a legitimate-looking logo and branding, web links, and graphics to replicate or clone a real website, thus misleading you into believing it is the website of your bank, Internet provider, or the like. By directing you via email to this fraudulent clone of a website, the identity thief is able to request your personal information to gain unauthorized access to your bank or financial accounts.
How can I protect myself?
In light of all these potential dangers, what precautions can you take to safeguard your personal information? A good first step is to consider your mail handling practices. As previously mentioned, a large number of identity theft cases are carried out through low-tech methods with the mail being the easiest to infiltrate. Some suggestions for reducing your risk are as follows:
- Do not let mail sit in your mailbox for any length of time – remove it promptly
- Instead of putting mail in your mailbox and raising the flag, consider dropping it off in a post box or, if convenient, taking it directly to the post office
- Use common sense and only put the minimal amount of information required on the outside of envelopes, packages, or on postcards
- If you receive an email that warns you that an account of yours will be shut down unless you reconfirm your billing information, do not reply on the link in the email. Instead, contact the company by using a phone number on the website that you know to be genuine
- Avoid emailing personal and financial information. Before submitting information via a website, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission
- Review credit card and bank statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late, call your credit card company or bank to confirm
- Report any suspicious emails requesting personal or financial information to the Federal Trade Commission. Send the actual email to firstname.lastname@example.org
When conducting retail or financial business through the Internet, be sure that a padlock symbol appears on your browser status bar. This means that the site uses Secure Sockets Layer (SSL) 128-bit encryption technology, which protects information as it crosses the Internet by encrypting— or scrambling—your information so that it is virtually impossible for anyone other than you to read.
I’m a victim – what should I do?
As soon as you are aware that you may have become the victim of such a crime, you should first complete a police report. Once the report is filed, the following steps should be taken:
- Begin the process of notifying all of your creditors, initially by phone, and then in writing
- Notify all of the major credit bureaus, again keeping a record of the notifications
- Check your credit history. In November of 2001, the Supreme Court ruled that consumers only have two years to file a lawsuit against a company that erroneously damages their credit rating. The clock starts ticking from the time the error is made, not from the time the consumer discovers it
- Notify utility companies (electric, telephone, etc.) and alert them in case someone attempts to obtain service in your name
- Change all of your passwords and get new PIN codes for your debit and credit cards
This article is for informational purposes only and is not intended as an offer or solicitation for the sale of any financial product or service. It is not designed or intended to provide financial, tax, legal, investment, accounting, or other professional advice since such advice always requires consideration of individual circumstances. If professional advice is needed, the services of a professional advisor should be sought.