What is Identity Theft, and How to Stay Away From It?

The U.S. Federal Trade Commission says that over two million Americans fell prey to ID theft in 2020. The situation in Europe was also very bad, with 20% of citizens feeling the sting of stolen identities. It’s the second-most frequent kind of fraud in the EU.

The usual targets for identity theft are senior citizens and minors. Criminals know their craft and regard these groups as the easiest to exploit. Giving them the information you need to usurp their identity is easier. But make no mistake: Everybody is vulnerable, and identity theft can happen to anyone.

This article tells you how identity theft works, how you can protect yours, and what you can do if you become a victim.

Identity theft: What is it, anyway?

Also named “identity fraud,” identity theft happens whenever a person acquires enough information about another individual to pass for him. Once the wrongdoer has managed to impersonate the victim, he can loot money, obtain credits on the victim’s behalf, remain hidden, and buy services. Getting a new job is not out of the question either.

Identity theft comes in two flavors: credit and non-credit. Let’s have a closer look at both types and their subtypes.

Credit ID theft

• Account takeover. In this scenario, the login credentials are vital information to steal. Once gathered, the criminal can use the victim’s accounts as their owner. To make things worse, he can change the email addresses and other security information so that the victim has a harder time realizing what’s happening. The additional time gained in that fashion allows the damage to grow.
• Synthetic ID theft. Again, the critical information is the SSN. The criminal builds a new personality, associating a false name, birth, and address. Then the usual happens new accounts, new debit cards, and purchases. This is much harder to trace, so it’s expanding faster than the other frauds on our list.
• True name ID theft. The SSN is the key here. It allows a criminal to adopt your identity entirely. Then he can open accounts, get loans, and do other things in the victim’s name. This type of fraud is becoming harder to perpetrate thanks to credit monitoring, credit freezes, and fraud alerts, but it can still happen.

Non-credit ID theft

• Medical ID theft. The criminal goes for the victim’s health insurance member number. The result is that a bad medical history becomes attached to your identity. That can ruin your chances of future coverage. This fraud doesn’t involve financial operations directly, so it’s harder to detect unless unrecognized medical bills pile up.
• IRS ID theft. And we are back with an impersonation that starts with the SSN. A tax return reaches the IRS (the criminal is to thank). This return won’t have your name, only your number. You will remain unaware but not for long. You will get notified about numerous filed returns –the IRS knows how to do its job. It’s hard to detect because only the IRS intervention can make you aware when this is happening.
• Criminal ID theft. A Driver’s license number is at the center of this one. The criminal creates false identification cards featuring your data but his picture. Something else must happen to give the criminal’s game away, like a traffic violation or to find out that warrants are issued against you.

How are the criminals getting the information?

Identity fraud practitioners have many resources to secure the information they need to perpetrate a crime.

• Mail theft. Very low-tech but effective. The criminal visits your mailbox, steals your letters, and gets information from unopened mail documents.
• Phishing. Phishing is a series of digital techniques designed to trick victims into surrendering vital information voluntarily. It exploits the victim’s trust in institutions or individuals the phisher impersonates.
• Dumpster diving. Going through a person’s garbage is a time-honored investigation technique long-honored by criminals and law enforcement agents alike. However, your boxes and cans are not all you throw away. You also throw away things that include essential data.
• Shoulder surfing. That’s right. Good old rubber-necking works when you’re entering your information into your device in public.
• Hacking. A hacker sets up a MITM attack. The most common places for this are public WiFi hotspots, a hacker’s wet dream. The attack allows the hacker to intercept your traffic. He can figure out all you did in a session if it’s not encrypted.

Tips for protection from identity theft

Before we talk about the measures you can take to protect your identity from thieves, let us tell you this: digital security has no silver bullets. In this arena, nothing is ever 100% effective.

So even with the utmost care, you can’t guarantee it will never happen to you. But even in that context, being aware and acting accordingly can dramatically reduce the probability of something like this happening to you. So without further ado, let’s talk about what you can do to protect yourself from the world’s identity thieves.

1. Use unique passwords

Repeating a single password for every account you have online is convenient. But, unfortunately, it’s also a precious gift for criminals. If you do this, they can subvert all your digital resources with a single strike because one single password will give them control over every account.

It would be best if you used a unique password for each account of any kind you have. Yes, this is not as convenient, and it takes effort. However, a good password manager will make it easy for you to implement this policy and afford you a lot of security.

2. Choose high-quality passwords

It’s not enough to pick unique passwords. They also have to be good ones.

We have a complete guide on choosing solid passwords, so we won’t go into much detail in this regard. Use combinations of upper and lowercase letters along with numbers and symbols. Any word or phrase you can read as a plain text message or find in the dictionary is not a good password, period.

And yes, having passwords of this type makes them harder to memorize. So, again, pay the license for an excellent password manager and take full advantage of it.

Your preferred web browser surely has an in-browser password manager. Don’t use it. Stick to a dedicated password manager because you can’t open it without a password. If you use the browser’s password management system and your system is physically compromised, the device’s new owner will have access to everything.

3. Be careful with your information, especially when it’s sensitive

Your devices will always hold sensitive information about you. You can’t avoid that because they wouldn’t be handy if they didn’t. However, it pays to be aware and careful about this.

Always know where in your device you keep the essential bits of information. Then, if you sell one of your devices or pass it on to the family, make sure you erase all that information before it goes to another person.

Also, personal information doesn’t belong on social platforms. You can secure your account with the platform’s privacy settings, but you still can’t answer for the accounts of all your friends and followers. If their security and privacy are weak, it could harm you too.

Last but not least, never fill up a formulary online unless you’re sure it belongs to a legitimate website. Remember that phishing attacks will try to persuade you that you are delivering your information to trustworthy actors, so be vigilant.

4. Don’t trust third parties

Delinquents will attempt a phone call impersonating a bank, a government agency, or some other legitimate organization and attempt to persuade you to surrender personal information. They are after things like SSNs, passwords, PINs, and other items of the sort. So remember this: the phone is not for giving away sensitive information to anybody.

If you have any doubt, then hang up. Then call the organization that was supposedly reaching out to you and find out what was happening. Make a report if you think it’s relevant. The organization will probably confirm to you they didn’t call you.

5. Hire an ID theft-monitoring firm

Monitoring the internet to protect a user from identity theft is a commercial service available to anybody who wants it. The biggest brands in that industry are Identity Guard, IdentityForce, and LifeLock. Go to their websites, learn about their plans, and consider hiring one.

Other services will also monitor the dark web. It’s not the standard, but it should be because compromised information tends to end up in the underground information market. So, yes, it is an additional cost. But, it’s also extra safety and tranquility.

6. Get a VPN

Using a top-notch VPN is among the best measures to take regarding your digital security. The VPN ciphers all your traffic, so even it’s useless to hackers even if he manages to intercept it. 

The VPN will turn those security nightmares called pubic WiFi hotspots into safe places for you to go online.

If you want to pick a VPN on the fly, our top pick is ExpressVPN because it has excellent service and many additional benefits.

7. Freeze your credit card

Freezing your credit card is free, and you do it with the same three major credit bureaus.

8. Be alert to phishing and spoofing

The criminals could try to squeeze additional sensitive information from you through phone calls, phishing Emails, or Email spoofing. For example, they will impersonate a bank or the government. But remember that such organizations will never ask you for any information over the phone.

9. Watch your mailbox

You know all the mail you should typically be getting. So keep an eye on your mailbox because stolen mails are a red flag. Secure your mailbox with a Postal Service-approved lockable mailbox. Stealing your mail is one of the preferred methods criminals use to steal identities, so make sure that everything reaches you safely.

10. Shred

The criminals know how to dig around your garbage, so make sure they will find nothing by shredding everything that includes sensitive information.

11. Use a digital wallet

A digital wallet will prevent you from directly making payments using your credit or debit cards. Instead, think of it as a security buffer for your cards.

12. Protect your mobile devices

In our digital world, increased convenience goes hand in hand with increased risk. Your tablets, Android, iPhone, and other phones surely afford you great convenience, so you must protect them thoroughly.

How can I know if somebody stole my identity?

As we explained in the section about the types of identity thefts, realizing that your identity is compromised is not always obvious. If you’re not vigilant about your financial operations, online accounts, and overall digital life, it could take something dramatic for you to find out.

Dramatic red flags

Some dramatic scenarios will let you know your identity is compromised. While we sincerely hope it never comes to that for you, you need to know them for the sake of awareness.

• A loan is denied to you because your credit score has deteriorated recently.
• A background check fails.
• A preexisting health condition you don’t have ruins your chances of getting health insurance.
• The IRS sends a notification.
• You get arrested out of seemingly nowhere because there was a warrant waiting for you — which you are not responsible for.
• A Shylock calls you asking for the payment of a loan you never had.

Not-so-dramatic red flags concerning identity theft

Some other signs could appear, but not as distressing as the previous ones.

• You notice financial operations you don’t recognize or remember. You just know you didn’t perform them, like purchases or bank withdrawals.
• You get invoices or delivery notifications you don’t recognize.
• Mail like credit card documents stops reaching you at your address. It could be other types of correspondence that are also sensitive.
• Your email receives alerts about anomalous activities.

I am the victim of Identity Theft! Now what?

First of all, keep calm. You can do things to help your situation and mitigate the damage, but your cool head must prevail at all times, or everything will get worse.

Your first measure is to report to the authorities that you are the victim of identity theft. Here’s how to do it in the U.S. and the E.U.

The United States: Reporting ID theft

Follow these steps in the United States:

• Have a close look at all your assets. If you find anything fishy, put that account on freeze, or close it.
• Change all your passwords as soon as you can. You could find that your password for a given account no longer works. In that case, contact client support. Tell them what is happening and, ask for help, follow their instructions.
• The three leading credit agencies in the U.S. are Experian, Equifax, and TransUnion. Contact one of them to have them place your account under a one-year fraud alert. One is enough. It will share the information with others. If you learn about any account you didn’t open, reach out to the organization holding it and cancel it.
• The Federal Trade Commission has an Identity Theft website. Use it to report your identity theft. The page will guide you through a plan to recover and issue an Identity Theft Report on your behalf. Keep it handy because you could need it in the future to support your claim.
• Go to your local authorities and file a report with the police. No, you shouldn’t expect them to move a finger, but you will need proof that you filed a report.
• Perform a full anti-virus scan on every device you own.
• If debt collectors are accosting you, answer them before a month goes by. Start by disputing the obligation and explaining that your identity was stolen. The FTC’s identity theft website has information on how to do this, including some sample letters you can use to write your own.
• Always pay attention to your credit card reports to see any anomaly as soon as possible.

The EU: Reporting ID theft

If you are a European resident dealing with identity theft, the procedure is not as uniform as in the U.S. because every country has a different way of doing things.

However, it would be best if you first went to Europol’s website for an online cybercrime report. Once you get started, you will find links for each country so you can follow the correct procedure.

I filed my report. What do I do next?

Your actions will kickstart an investigation and the process of restoring your reputation. The precise procedure varies with every case.

For example, your bank will solve the credit card issue by giving you a new plastic with a different number. But other things will take more red tape, so they will be slower to resolve.

Keep extensive notes and document all the processes. Keep every email, and also keep detailed notes about every phone conversation.

FAQs