IDENTITY THEFT – What it is, How to Prevent it, and What to do if You’re a Victim of it
This post is an excerpt from my upcoming book, Your Data, Your Devices, and You: Easy-to-Follow Instructions to Reduce Your Risk of Data Loss, Device Infection, and Identity Theft
What is Identity Theft?
Identity theft is when someone uses your personal information for their own gain. In effect, they impersonate you. Nowadays, your identity can be compromised in a large number of ways, and you can’t infallibly protect against all of them. There are several ways a thief can gain access to the items that constitute your identity. Some you can control, and some you can’t, so you want to put your strongest effort into what you can control, and then do your best to risk-shift what you can’t control.
How Do Identity Thieves Work, and How Can I Protect Myself?
How they work:
One way thieves learn about you is through “dumpster-diving.” Yes, they actually go through the garbage. You may be surprised at the information you toss in the trash and how it appears to someone who wants your identity. Each little piece of information about you is like a piece of a huge jigsaw puzzle with tiny pieces. The thief doesn’t need to put the whole puzzle together in order to cause you trouble. Enough pieces of a horse, and he knows it’s a horse. Enough pieces of a barn, and he knows it’s a barn. Enough pieces of a race car, and he knows it’s a race car.
How you can protect yourself:
There is one thing you can do to control some access to information. All sensitive information, when you’re finished with it, shred it or burn it. Don’t fool yourself that your credit card statement won’t be attractive if it’s covered in spoiled yogurt—if it’s readable, someone can use it and won’t care what it smells like.
How they work:
A second method of gaining access to your identity is stolen wallets and billfolds. You can’t control the theft itself, but you can control some of the fallout.
How you can protect yourself:
Immediately freeze your credit inquiry access, so that nobody can make a “hard” credit inquiry on your accounts. Most banks now allow you to freeze your debit and credit cards, and you can even do it from your phone or from the bank website. If not, or if you want to be absolutely certain that it happens quickly, call the customer service number and explain what happened. They’ll know exactly what to do. If a checkbook gets stolen, call the bank so that they know to stop payment on the checks past the last one you legitimately issued. Of course, report it to the police, because even if you don’t expect to see the wallet or its contents again, you need to report the loss of your driver’s license. Contact the issuer of each credit card you use and report the theft.
How they work:
Still another way a thief can take control of your identity is through a practice called “phishing.” (See sections on Phishing and Email later in this book.) It rhymes with “fishing,” and it builds on the same concept. The thief dangles some sort of bait in front of you and if you bite, it may cost you. Identity theft is only one of the things that can happen if you get caught in a phisherman’s net, and none of those things are pleasant.
How you can protect yourself:
Pay attention to people asking you questions. We tend to want to be helpful, but there’s nothing helpful about someone wanting your password, your bank account information, your social security number. Your bank won’t call you to ask you for your account number. They may call you and let you know they’ve taken a certain action, but if they initiate the call, they won’t ask you for account information. Only give bank account information to a bank if you’ve initiated the call, and only call the bank’s published phone numbers on documentation that your bank has sent you. If you call the main number, you can get your call routed to anywhere in the bank’s system. Government agencies rarely call, and the Internal Revenue Service never calls, they always send letters. If a government agency calls, they will never ask for personal information, and if you get a call from a government agency asking for personal or financial information, hang up.
How they work:
The fourth way you can lose your identity is if your personal information is part of a breached data set.
How you can protect yourself:
The unfortunate thing is that you don’t have any control over how organizations secure the data they collect, so there’s no way for you to guard against data breaches at other locations. Other than only giving out necessary information and only that when absolutely warranted, you can’t protect your information that is stored by someone else.
Before it Happens:
Make sure that you have a record of how to contact each credit card issuer, and your bank. Record the checks you write promptly so that you always have a record of the last check you issued. Record your driver’s license number. These are records that are so much easier to keep up with than to try and figure out or remember when you’re under the stress of the loss of your wallet. Under circumstances of theft, your bank will often be very helpful in helping you get some operating cash, as long as you are able to prove who you are. You can often do that by answering a few simple questions at the bank.
During the first round of edits on my book, one of my editors asked if I recommend making photocopies of the contents of your wallet (credit cards, etc.). My response is, not particularly. Your bank and credit card issuers have methods to identify you. At one time you needed to provide a credit card number in order to speak with someone, but that’s just about the least reliable form of proof. If you have records, the photocopies won’t add anything. It may be useful to keep the temporary copy of your driver’s license, but it isn’t a substitute for the real thing, just a record of the number. You will still have to get it replaced, and when you do, you’ll get a new temporary copy. If your wallet gets stolen, getting a replacement driver’s license is going to be one of the first things you will want to do.
Didn’t mean to terrify you, but this is serious stuff, and although you can’t always be the one in charge of the information that makes up your identity, forewarned is forearmed. If you are paying attention, you can ward off a lot of trouble just by catching things early.
HOW TO RESPOND TO SUSPECTED IDENTITY THEFT
You should be monitoring your banking transactions regularly, whether you use your bank’s online services or not. The days are long gone when you could wait for your statement to come in and do a once-a-month reconciliation. Catching anomalies quickly is the key to resolving them. If you have even a slight suspicion that you may be a victim of identity theft, if something just doesn’t seem right in your financial world and you can’t identify any particular transaction, call the financial institution and tell them that you think you may be a victim of identity theft. Use those words. “I think I may be a victim of identity theft.” Every financial institution has a special department to work with identity theft, and that’s the department you need. Legitimate financial institutions take those words very seriously. Call or go see them immediately, as soon as you believe something may be wrong. Don’t worry that you may be overreacting, because the longer you wait to get an investigation started, the greater the damage you can suffer.
You will need to contact law enforcement as well, but your financial institution may suggest that you wait until they can verify what happened. You may be advised to change your credit card accounts and accounts at other institutions as well, so that any information that was stolen is no longer valid. Keep notes of every conversation, retain all communication (including emails), document everything as closely as you can remember. Make a note of what it was that first raised your hackles.
If you aren’t sure something is related to your suspected incident, but it just feels “off”, document it or save it in some form. You can toss what’s irrelevant later, but you really won’t know what is and isn’t relevant until the situation is resolved. Keep it all together if possible. You don’t have to print everything that you see digitally, but save it all in one folder on your computer or in your cloud account (iCloud, OneDrive, Google Drive, DropBox, etc). Keep all physical copies of what may be evidence in one file folder or envelope clearly labeled and easy to find.
There’s also a website called IdentityTheft.gov that can help you create a plan for dealing with identity theft. It can be reassuring to have a step-by-step plan for your next actions, especially when you’re already frazzled by the thought of what just happened, and sometimes by a sense of betrayal if you know the person who did it. It’s a very useful resource, but your first call should still be to the bank where you do most of your business.
Change your login details everywhere you can think of that stores personal information, especially financial institutions. That would be banks, credit unions, brokerage accounts, retirement accounts, the IRS, and the Social Security Administration. If you’ve never had an online account at the IRS and the Social Security Administration, it may be a good idea to establish one so that an identity thief can’t do it pretending to be you. The Social Security Administration also has forms to help you minimize the damage. Just make sure you don’t use a password there that you’ve used somewhere else.
HOW TO SURVIVE IDENTITY THEFT, OR POSSIBLE IDENTITY THEFT
It may be tempting to think that never using financial services online will keep you safe. Doing everything with cash and checks won’t protect you. It will block a couple of avenues that identity thieves use, but there is simply no way to eliminate all possible risks. If you have a bank account, you’re vulnerable, because of the proliferation of electronic transactions between banks.
You’ve heard that it’s not a good idea to have all your eggs in one basket, and that’s valid advice to survive an identity theft event. That is, make sure you have some sort of emergency fund at a separate institution from your main institution, or offline altogether. Before you experience identity theft, check with your bank to find out how they can be of service in the event it happens. Let the bank officer know that you’re trying to be prepared without panicking, and you need to know ahead of time what you can count on, what documents you’ll need to bring in, and what access you will have to any funds or services you typically use.
You may hear a news report about a security breach where credit card information has been compromised. If you don’t do business with that organization, and never have, you have nothing to worry about. You may hear about personnel information having been compromised at an organization. If you aren’t an employee there, you’re fine. If you have done business with a company that experiences a breach, or if you work for a company that has its employee information compromised, then that company or organization will have steps in place to handle the onslaught of distress calls they get. You should contact the company’s designated department or your bank’s or credit card issuer’s fraud department and follow whatever instructions they give you.
IDENTITY THEFT INSURANCE
There are companies that offer protection against identity theft, but you need to read the fine print before you engage them. If you are going to purchase this protection, it must be purchased BEFORE the theft happens; afterward, it’s too late to get protection. It would be like buying car insurance after an accident and hoping you’re covered for that accident. Some companies only offer protection for the accounts with institutions they’ve partnered with, which really reduces the value of the protection if your accounts are not at those institutions. At a minimum, you should look for the amount of insurance coverage, credit monitoring with all three credit bureaus, “dark web” monitoring, a mobile app, a family plan, and round-the-clock support 365 days a year (although that last one could be waived if a service meets all your other criteria, and you feel standard business hours will serve you adequately). I’ve compiled a really short list of five of them, but before you make a choice, do a lot more research and actually speak to someone at the companies you’re interested in. Ask specific questions about “what if,” regarding the types of events you’re most concerned about.
Identity Force
The cost in 2021 was $180/year for an individual plan, and has an additional child identity theft protection, and offers plans for individuals and businesses.
Identity Guard
The cost in 2021 was $90/year for an individual plan. At the time there was no 24-hour support, but there are plans for individuals, families, and businesses. This company uses IBM’s Watson Artificial Intelligence to detect ID theft.
LifeLock
A product of Norton, the antivirus company. In 2021, a Basic plan was $150/year. Every subscription includes a VPN (See section on VPNs in the WiFi segment), cloud storage for backup (See section on Backups later in the book), password manager (See section on Passwords later in the book), and several other tools.
ID Watchdog
A family plan includes up to 4 children, and cost $150/year in 2021, with additional services available at added costs.
PrivacyGuard
There are too many price options to sift through and list here, but basic identity protection started at $10/month in 2021, and they also offer a credit protection plan. They don’t offer 24/7 live support.
LIST OF WHOM TO CONTACT IN THE EVENT OF ID THEFT (in no particular order, just get them all)
Law Enforcement
Credit reporting agencies (Equifax, Experian, TransUnion) to freeze your credit file
ChexSystems (verifies customers requesting new bank accounts — you can put a security alert on your data)
Your banks
Your retirement accounts
Your pension plans
The social security administration
The IRS
The DMV
The USPS (and it may be a good idea to get a post office box at the local post office for a while)
Any service providers for communications
Any utility providers (utility bills are often used to establish identity and residency)
The National Consumer Telecom and Utilities Exchange (NCTUE, a sort of credit reporting organization for telecommunications and utilities service providers)
Credit reporting agencies can also monitor your children’s identity to catch any accounts being opened in their names.
IdentityTheft.gov
Identity theft can be devastating, and in those first few hours when you realize it’s happened, or happening, it can be hard to breathe, and even harder to think rationally. If you’re reading this in a physical book, paper clip this section so you can get to it easily. If you’re reading this in a digital copy, print out the list of whom to contact and put it where you can get to it easily, maybe carry a copy in your wallet or purse, keep a copy stashed in the console of your car so you can get to it when you need it. It’s really reassuring to have a plan for what to do when things start falling apart, and even if you don’t feel it’s very likely to happen, it’s amazing how your panic can subside when you realize that you do know exactly what to do.
SYNTHETIC IDENTITY FRAUD
This is something relatively recent. Instead of a hacker posing as a real person other than himself, he pieces together a completely different identity and uses it to engage in fraudulent activity. It still requires theft of other people’s credentials, but it is harder for you to become aware that the credentials have been stolen unless you’re aware of a breach that involved your information.
The thieves start with a list of Social Security numbers, and they find some numbers that aren’t associated with a lot of credit history. Combining these numbers with names and addresses of real people, and different birth dates, they have a whole new person. They can use this information to take out loans or obtain credit cards, but they can also apply for and receive government benefits, and get employment without legal documented status.
You might pick this up if you monitor your credit reports regularly, and putting a freeze on your credit can help prevent your information from being used in this kind of fraud.
I know this is a lot to digest, but if you take it step by step, you can keep yourself from being “low hanging fruit” for identity thieves. Also, copy the text of agencies to call in case of identity theft, and keep it handy. I have a plan to create a printable document for you to download, but I can’t make that happen right now. For now, just copy it and paste it into a Word document or Notepad, and print it out. That way you don’t have to panic, you can just go through the list methodically and minimize the damage. If you catch it soon enough, you might be able to limit the experience to inconvenience, but you absolutely must contact law enforcement — even if you suspect that the identity thief is a family member.
Let me know in the comments below if you found this helpful, and if there are other topics like this you’d like me to cover, drop that in there as well.