What is Identity Theft?
Identity theft occurs when private personal information related to your identity (personally identifiable information or PII) is obtained by a third party, without your consent and usually without your knowledge, and used to impersonate you for the purpose of committing financial or other types of fraud.
Personal data used in identity fraud might be any combination of your name, your address, your date of birth, email address, social security number, personal banking details, credit card numbers and PINs, your online passwords or any other information that could be used to expose or gain access to further information or services that are private or confidential. The more personal information obtained, the broader the range of possible fraud becomes.
Criminals use stolen identities to commit many types of fraud, particularly Internet fraud. Examples of identity fraud include:
- Access existing or open new bank accounts, obtain loans, commit credit card fraud,
- Order goods and services over the telephone or online,
- Hijack and manipulate existing accounts,
- Sign up for new contracts such as hire purchase plans or mobile phones,
- Obtain official documentation, for example driving licences, passports,
- Claim welfare or other benefits,
- Masquerade as the victim to mislead, defame, deface or otherwise harm reputation.
How to Spot Identity Theft
It is not easy to detect identity theft until after identity fraud has occurred. Initially there is little indication your information has been stolen. There are many techniques available to the cyber criminal hunting for personal info.
With the advent of social media and the proliferation of social sharing services on the Internet, many people now divulge far more personal information in public. This is done innocently, often to make it easy for friends and relatives to find and interact with a person online. Unfortunately, this also makes it easy for anyone to obtain at least the basics of an identity, such as name, address, date of birth.
Easily accessible online databases, such as electoral rolls, company registers, staff lists, club memberships, make it trivial to extract personal information on millions of individuals. This can be used to supplement data found on social media, such as hobbies, interests, work addresses, telephone numbers, the names of other individuals living at an address.
Using computers to search for and collate personal info automatically and at high speed is easy to do, and in fact several companies have made gathering and selling this information a business model. Cyber criminals are equally adept at trawling the vast amounts of information out in the public domain to commit cyber fraud.
Hackers can use special password cracking software to break into your online accounts. Using strong passwords to deter these attacks is essential, but an unfortunate number of people still use easy to guess or weak passwords. Even large corporations are caught out by security lapses. It seems almost every week there is a fresh report of thousands or millions of personal records being stolen from company databases.
ID theft generally occurs in stages. First the criminal will obtain as much public information as possible on the intended victim, using automated techniques or special software developed for the task. Then more direct and targeted attacks are performed, such as password cracking, phishing, sending malicious email containing malware, fake telephone calls requesting further personal details.
When one victim’s identity has been stolen it can lead to the theft of additional information related to people the victim knows, friends, family, work associates, customers and business partners. Viruses, trojans and Internet worms can extract personal contacts from email inboxes, friend lists, etc.
As more of our personal information ends up stored on the Internet, more opportunities will exist to exploit that data. This is an inevitable side effect of the online world. Internet privacy is often confused with openness and friendliness. If you have nothing to hide, you have nothing to fear, so goes the popular saying. But this is far from true. You don’t need to have any dark secrets to hide for an identity thief to find and take advantage of the information you have made publicly available. Online privacy is a personal protection, not a negative mark against your character. Revealing only what is necessary is a sensible online security measure.
When the criminal has gained enough data, the fraud can commence. Your first indication of a problem is usually an unexpected bill or demand for payment for something you didn’t purchase, a large credit card bill containing unrecognised purchases, or a rejection letter from a lender refusing you a loan you never applied for.
At this stage a great deal of damage may already have been done. Your credit rating might have been adversely affected. Your bank balance may have been drained. You might be liable for a whole series of purchases or contracts you never set up and can’t afford to pay.
Most organisations have policies and procedures for responding to fraud. But the process of recovering from identity fraud can be time consuming and complicated. You are not always guaranteed to recover all the costs of fraudulent activity committed in your name.
One prudent method for monitoring the status of your identity is to sign up with an online credit agency and keep a regular check on your credit score. This will allow you to check for new and unrecognised credit or loan applications, a drop in your overall credit score and other adverse indicators. Some services will send you an alert when your status changes and this can be useful in spotting the early signs of an identity thief at work and give you time to respond before serious damage is done.
You can also sign up to an identity theft protection service. These services keep track of your online identity and activity for you and send alerts when suspicious activity is detected and may even be able to block that activity using fraud prevention techniques. They can also help you better secure your personal info and recover from or mitigate a stolen identity.
How to Prevent Identity Fraud or Limit the Effects
- Suspicious Links or Attachments in Email or on Web Sites: Hackers and ID thieves can obtain personal information using computer viruses, trojans and worms. These usually find their way on to your computer when you click on a link in an email or on a web site that installs these unwanted programs, or you download an attachments that is infected. Before you click on a link ask yourself, who sent this link, is it the sort of link I would expect to receive from this person? Hover over the link before you click it. Does the link direct to the a known web site or does it refer to a download you are expecting to receive? If in doubt, email the sender and ask them to confirm they sent the information.
- Ignore Pop Up Adverts and Offers: While most of these offers will be genuine, hackers often use browser pop ups to entice or even force you into clicking download links. Sometimes these pop-ups keep appearing, even when you shut them down. Or else they give you no option to exit unless you click the link. In such cases, shut the whole browser down and then perform an anti-virus scan to ensure your computer has not been infected with adware or other malware.
- Use Anti-Virus/ Security Software and Keep it up to Date: Security software can prevent viruses and other malware being downloaded to your computer even when you accidentally click a malicious link or download an infected attachment. Security software scans every file as it is downloaded to check for hidden viruses or spyware and can block the download or remove the malicious code. Anti-virus software is an absolute necessity for online protection. It won’t save you every time but it will catch 99% of the threats.
- Use Strong Password and Use Different Passwords for Different Accounts: If you use one weak password for all your accounts you potentially expose all your private and confidential information to an identity thief. Having a different password for each of your accounts makes it much harder for an attacker to gain all your data. Using strong passwords might prevent them breaching your data at all. It can be difficult to remember many passwords, so use a cloud based password storage service such as LastPass or 1Password to make the process easy to manage.
- Protect Your Main Email Account: Many online services use an email address as the main item to identify a customer or user. The email address is the user name of the Internet. While you probably must provide your email address to many people so they can communicate with you, it is essential you keep you email account as secure as possible. If an identity thief gained access to your email inbox they would likely gain a wealth of personal information that could not only be used to commit fraud against you, but also all the people you communicate with. Always use a strong and unique password to protect your email account and use two factor authentication if it is available.
- Limit What You Make Public Online: How much information do you really need to publish online to allow your friends and family to communicate with you? Do strangers really need to know your birthday? Do casual acquaintances need to know personal details about you, such as your place of birth, your mother’s maiden name, your favourite colour? These are all common questions used to secure online accounts. Publishing them in the open on the Internet gives the identity thief a head start. Use the privacy tools of online services such as Twitter and Facebook to lock down your accounts and reveal only the minimum that is required to get you connected to the people you want to interact with. If providing information is not strictly necessary, then don’t provided it.
- Be Careful of Strangers: This is what we tell our kids, but it applies equally to adults on the Internet where the people we interact with are anonymous and can claim to be whoever they want to be. Go slowly with people you meet on the Internet. Build a degree of trust before divulging personal information. If you receive friend requests from total strangers, block them. Privacy and security are better rewards than having a large number of friends, most of them strangers in reality.
- Make Purchases on Trusted and Secure Sites: Whenever you are filling a web form and especially if you are providing your credit card details, look for the green padlock in the browser address bar that confirms the web site is secure and your data will be encrypted when it is sent across the Internet. If you can find what you are looking for on well known and well trusted sites, such as Amazon.com or one of the big store chains, use those sites in preference to untried and untested alternatives. If you must use a lesser known site, check for reviews and complaints in Google.
- Don’t Save Your Credit Card Details to Web Sites: No matter how convenient it may be, don’t store your credit card details on third party web sites. These web sites could be hacked and your details stolen. Instead, store your credit card details in password management software like LastPass or 1Password and fill your forms securely using those services.
- Protect Your Phones and Devices: Set up password locks on your devices and auto lock your devices after a short period of inactivity. If your device has a feature that allows you to wipe it should it be lost or stolen, enable it. Use your mobile device for two step authentication and verification on all services that offer it. This greatly enhances your security and makes it extremely difficult for third parties to break into your accounts or impersonate you.
- Sign Up to a Credit Score Monitoring Service: Regularly checking your credit score and the activity on your credit report can give you early warning of suspicious activity. Catching identity theft before it develops into identity fraud is well worth the effort of checking your credit report once a week. Some companies now offer these services for free.
- Subscribe to a Identity Protection and Fraud Detection and Prevention Service: There are services available that will monitor your identity and online status 24/7 and detect suspicious activity and anomalies. These services are usually cheap and they can be invaluable in preventing theft as well as cleaning up the mess should your identity be stolen.