Identity theft: What is it and how to avoid it
Identity theft occurs when someone uses your personal identifying information and pretends to be you in order to commit fraud or to gain other financial benefits.
Your personal identifying information could include your full name, home address, email address, online login and passwords, Social Security number, driver’s license number, passport number, or bank number. Once thieves access this information, they may use it to commit identity theft or sell it on the dark web.
What is identity theft?
Whether an identity thief overhears you reading out your credit card number on the phone, buys your information on the dark web after it has been exposed in a data breach, or steals your information some other way, there are a lot of ways to access your personal details. Using that information is the next phase in the identity-theft process.
Here are some examples of what identity thieves might do with your sensitive personal information.
- Open new credit cards or other lines of credit using your identifying information.
- Make unauthorized purchases using your existing credit and debit cards.
- File a tax return using your Social Security number in order to claim your refund.
- Use your health insurance to get medical care.
- Pass an employment background check or rent an apartment, using your identity and financial standing.
Identity theft statistics
There were 1,473 reported data breaches in 2019, according to the Identity Theft Resource Center's End-of-Year 2019 Data Breach Report. That represents a 17 percent increase over 2018.
Some of the biggest breaches in U.S. history occurred in July 2019.
How does identity theft happen?
Identity thieves may access your personal information in different ways. Here are some examples.
Cybercriminals send fraudulent emails or texts that may look legitimate. The links in these emails or texts may be used to download malicious software — malware, for short. The software may be able to mine your computer for personal information and send it to a remote computer. Cybercriminals uses this information to commit identity theft or sell it on the dark web. It’s a good idea to never open suspicious-looking mails, click on links or download material.
Credit card or ATM card skimming happens when criminals replace card readers with a counterfeit device at cash counters or other point-of-sale systems, such as those at grocery stores, coffee shops, gas stations, or ATMs. This device captures data contained in the magnetic strip of credit cards and debit cards and passes it to the skimmer. Sometimes, a small camera is set up to capture entries like ZIP codes and ATM PINs.
With information like credit card or debit card numbers, names, ZIP codes, or ATM PINs, criminals may be able to make fraudulent purchases or withdraw cash in the account holder’s name.
Some public Wi-Fi connections are unencrypted. This could give criminals a chance to snoop on data traveling to and from your device. If your device has software vulnerabilities, cybercriminals may be able to inject malware to help them gain access to your data.
Cybercriminals sometimes create fake Wi-Fi hotspots with names that sound like a legitimate network. Identity thieves may be able to view and exploit the information passing through the rogue network. Always check the spelling of the network name before connecting. And take the added precaution of using a VPN to connect to public Wi-Fi, especially if you’re accessing your bank account, making an online purchase, or filing your tax return.
Identity thieves may steal mail and patch together your personal information to commit identity theft. They could get important details like bank account numbers, health insurance cards, or credit card details by stealing mail. They might be able to create a new identity if they access key information like your Social Security number.
It’s smart to shred mail before discarding it. Also, shred pre-approved credit card offers, tax-related documents you don’t need, documents that contain credit card numbers or other personal details, or any communication from financial companies.
Fraudsters may call you on the phone, claiming to be from a bank or the IRS asking for money. If you receive this kind of call, don’t provide any information over the phone. Instead, hang up immediately. Banks and the IRS communicate through the mail. If you are not sure about a phone call, look up the caller’s phone number and call them.
After a data breach, your personal information could be at risk of being sold on the dark web. Sometimes a data breach puts at risk the personal information of millions of people. For instance, the Equifax data breach exposed the personal information of as many as 147 million people.
Criminals use different techniques to install malware on another person's device. Malware could allow the criminal to access the device and information stored on it. Malware types include viruses, spyware, trojans, keyloggers.
Thieves may sift through your mail in hopes of finding personally identifiable information. For instance, they might find a credit card statement with your account number, a tax form with your Social Security number, or other pieces of info that will help them commit identity theft.
Child ID theft
Identity thieves can use a child's Social Security number to open financial accounts, apply for government benefits, apply for loans, and to apply for an apartment. The person whose identity was stolen might not know about the fraud until they apply for loans or other types of credit as an adult.
Tax ID theft
Tax-related identity theft occurs when someone uses your personal information, such as your Social Security number, to file a tax return to collect your tax refund. You might not know until you try to file your tax return. The IRS will inform you that a tax return has already been filed in your name.
What happens to my information after identity theft?
Identity thieves can profit from your personal information in a variety of ways.
Steal your money or benefits
How identity thieves use your information often depends on what information they have. For example, if they have your credit card number, name, and address, a criminal may be able to make unauthorized charges to your credit card.
With more information, they might be able to file a tax return to steal your tax refund, use your stolen airline miles, receive medical treatment using your health insurance information, or apply for government benefits.
Sell it on the dark web
After a data breach, the exposed information sometimes ends up on the dark web — a part of the internet that isn't indexed by search engines. Social Security numbers usually sell for $1 each, a credit card number goes for up to $110, and a U.S. passport sells for up to $2,000, according to Experian.
An identity thief could also create fake social media accounts pretending to be you, use your info to pass a job background check or rent an apartment. Fraudsters often target people with a strong credit history and no criminal background.
Possible signs of identity theft
It pays to monitor your banking and credit card statements frequently, along with your credit reports and your mail. Here are some signs of identity theft you can look for.
- Your financial statements have discrepancies, or your bank statement shows purchases or withdrawals you didn’t make.
- You get calls from credit and debt collectors about charges you didn’t make.
- The IRS sends you a letter informing you that more than one tax return was filed in your name.
- There are unfamiliar charges on your credit card statement. Sometimes thieves start with small charges around $5 to test that the card will work before making larger purchases.
- You receive medical bills for services you didn’t receive.
- You don't get bills in the mail. This could mean someone has stolen your data and changed your billing address.
- You're turned down for a loan. If you typically have strong credit and expect to be approved for the loan, this could mean an identity thief took out loans in your name and damaged your credit.
How to help protect yourself against identity theft
Here are some easy ways you can protect yourself against identity theft:
- Create unique, complex passwords, for each account and device. A strong password includes a dozen letters, numbers, and symbols. Or you can create a long passphrase, which would be hard for a criminal to guess, but easier for you to remember. Change your password if you suspect the account has been compromised.
- Enable two-factor authentication on all accounts that offer it.
- Never give out your personal information — especially on phone calls you didn't initiate.
- Shred documents before throwing them away. This might include mail, receipts, bills, and any other paperwork that contains sensitive information.
- Choose paperless billing when possible, so your account information doesn't get sent to your mailbox. You can also opt out of receiving prescreened offers in the mail.
- Leave your Social Security card, Medicare card, and debit and credit cards in a safe place at home. Only carry what you absolutely need in your wallet.
- Use websites that are secure. The URL will start with an "https" (the "s" stands for "secure").
- Check your financial accounts often and keep tabs on your credit reports to look for changes you didn't make.
- Don't click links, open attachments, or respond to emails from unfamiliar or untrusted sources. These may contain malware.
- Set up alerts on your banking and credit card accounts. For example, your bank may notify you each time there's a withdrawal from your checking account.
Reporting identity theft
Reporting identity theft can help law enforcement bring criminals to justice and help keep your information safe.
If you've been affected by identity theft, first contact at least one of the three major credit bureaus: TransUnion, Experian, and Equifax. Once you request an initial fraud alert, the credit bureau is legally required to communicate it to the other two bureaus. You may also want to consider freezing your credit reports, which limits access to new credit lines.
Then report the identity theft to the authorities. The Federal Trade Commission’s website, IdentityTheft.gov, can provide you with a personalized recovery plan, guidance, progress tracking, and prefilled forms and letters. You can also report the crime by phone at 877-438-4338.
Also report the identity theft to the FBI's Internet Crime Complaint Center. The Bureau tracks information and distributes it to law enforcement officers who can investigate and search for patterns. This helps the government understand these types of crimes and stop them from happening in the future.
Why do you need identity theft protection?
Identity theft is one of the top consumer complaints, according to the FTC. In recent years, data breaches have compromised personal information of millions of people. That means Social Security numbers, birthdates, addresses, or credit card information could be for sale on the dark web.
Even if you take steps to help protect your personal information, it could be exposed in a data breach. Identity theft isn’t limited to your financial information. Criminals could go after your medical information to commit medical identity theft and use your insurance information to get medical services.
Children can also become victims of child identity theft. Criminals could steal a child's personal data and sell it on the dark web
.It’s a good idea to check your credit report regularly to make sure everything is accurate and correct. You can visit annualcreditreport.com to get a free credit report annually from each of the three major credit bureaus: Equifax, Experian, and TransUnion.
Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN
30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.
Join today. Cancel anytime.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.