If you’ve ever had your credit card company call to alert you to unsusal charges to your account, then you’re all too familiar with identity theft. As our way of doing business (and pretty much everything) has become more electronically-based, the incidents of identity theft have soared. In 2017, 16.7 million people were victims of identity fraud, according to the 2018 Identity Fraud Study released by Javelin Strategy & Research.
“Identity theft complaints are on the rise,” says John Krebs, an attorney in the Division of Privacy and Identity Protection at the Federal Trade Commission (FTC). Krebs helps manage and monitor consumer reports of identity fraud through sites like IdentityTheft.gov, which received 371,061 complaints in 2015.
And the theft doesn’t just involve people stealing credit card numbers.The most common identity fraud scams today include:
- Using someone else’s personal information to file a false tax return—and reap the refund
- Piggybacking on someone else’s health insurance for the benefits
- Opening new, fraudulent credit card accounts with someone else’s information.
The latest identity scam
Last year, the FTC received 133,015 identity theft complaints related to taxes or wages — fully 30 percent of all complaints lodged. Tax-related fraud was the second highest type of identity theft, with 82,051 complaints. Tax ID fraud happens when a thief files a fraudulent tax return using another person’s social security number, and gets the refund sent to a bank account of their choosing.
“The IRS has many filters to prevent fraud, but it’s still big problem,” says Krebs. During the 2013 filing season, the IRS estimates that fraudulent returns accounted for $30 billion in refund claims, and though they were able to ferret out 81 percent of the frauds, the IRS still paid out $6 billion in fraudulent refunds, according to the Department of Justice. That’s a lot of fraud.
How thieves are getting your information
The two most common ways thieves get information is through making phone calls and going online. In February 2017, the IRS released a statement saying they have seen a 400 percent rise in email/phone phishing scams and malicious software (a.k.a. “malware”) incidents, all of which are designed to trick you into giving up your personal information. (The gist with malware is that they entice you to download these malicious software programs through desirable-sounding links or websites, allowing them to then monitor or control your computer use—including recording your keystrokes. Scary!)
“The general advice we give to everybody: If you didn’t initiate the communication, then beware,” says Krebs. “If someone says, ‘Oh we’re your bank and we see a problem with your account,’ don’t trust them.” If you get a suspicious email, don’t click on links and go directly to your bank’s website, he advises. “A lot of times, they’re just phishing.” Or look up the bank’s number and call them to ask if there is a problem with your account.
Other common information-stealing tactics:
- Hacking into digital records or stealing physical records from banks, stores, and other institutions. The Privacy Rights Clearinghouse reports 259 data breaches in 2018, exposing a total of 813 million personal records. The list includes casinos, restaurants, hospitals, and tax agencies.
- Pawing through your garbage to find credit card offers, discarded medical records—anything that lists your personal information
- Looking over your shoulder as you enter your PIN number at an ATM or installing skimming devices on ATMs that read your card information
- Stealing your wallet or purse
- Stealing mail from your mailbox
6 ways to protect yourself from identity theft
1) Keep your important papers secure (tax documents, social security card, medicare card, checks, etc.). “Protect your info as your would your cash or your jewelry,” says Krebs. “You want to make sure you’re doing everything you can.” Don’t carry your Social Security card in your purse or wallet, he says, since your Social Security number is the key to much of your personal information. Also shred and properly dispose of documents that have that sensitive information, such as your date of birth, credit card number, bank account numbers, etc.
2) Consistently monitor your credit reports, credit card statements, and health insurance statements. Go over every charge on your statements. A small charge or retail store account you don’t recognize could be the tip of the fraud iceberg. And be especially careful if you’ve already been the victim of identity theft. “Once someone has your name, social security, and date of birth, you have a much bigger problem,” warns Krebs. “You need to be much more vigilant. Monitor your credit report, but it doesn’t catch everything.” To get your credit report for free, try Freecreditreport.com (operated by Experian) or another reputable company such as Equifax or TransUnion.
3) Be thoughtful about when and to whom you give your Social Security number. “Your Social Security number is your most sensitive asset,” he says. “A lot of times, it’s asked for, but may not be necessary. These days it’s acceptable to ask why they need your Social Security number and how they will protect it.”
4) Beware of online strangers. “Be alert to online impersonators and telephone impersonators,” advises Krebs. And never click on links sent by a stranger.
5) Make sure your computer system is up-to-date and has the most curent anti-virus software installed. “Microsoft and Apple can identify vulnerabilities, but it only works when people do the updates,” he says. Visit windows.microsoft.com and macworld.com for easy-to-follow system-update tips. Not sure if you have anti-virus software installed on your computer? Search your Applications (by clicking the Windows icon at the lower left of your screen and then clicking All Apps) for anything that says “malware” or “anti-virus.” If you come up empty-handed, visit pcmag.com and search their list of the 2018’s best anti-virus software.
6) Dispose of your old computer and smartphone safely. “Don’t just throw it away or donate it,” says Krebs. Instead, take it to a computer store or an electronics recycling center — “they will wipe your info as part of their process.” Wary of scammers at stores or centers? Search e-Stewards.org to find a certified electronics recycling drop-off site. And if you really want to thwart would-be theives, don your protective goggles, locate your computer’s hard drive, and smash it to smithereens with a hammer. Learn more about how to safely throw away old computers and phones here.