- Cybercriminals are diversifying their targets and using stealthier methods to commit identity theft and fraud.
- As many as 1 in 10 people are now victims of identity fraud annually, with 21% of these individuals having been victimized multiple times.
- If you become a victim, there are several things you must act on immediately, including filing a police report and contacting the Federal Trade Commission.
According to a 2019 Internet Security Threat Report by Symantec, cybercriminals are diversifying their targets and using stealthier methods to commit identity theft and fraud — and no one is immune. If you have a Social Security number, you are a target. As many as 1 in 10 people are now victims of identity fraud annually, with 21% of these individuals having been victimized multiple times.
"I used to get calls once a month from clients about someone attempting to impersonate their identity and steal money," says Diana Nichols, president and founder of Gold Key Credit Consulting in Fairfield, Connecticut. "Now these types of incidents are happening on a weekly basis."
An advisor to celebrities, athletes and other ultra-high-net-worth individuals, Nichols urges working professionals to get smarter about managing their personal finances. "These days, it's important take computer security seriously and monitor your credit diligently. It's no longer an option whether or not you need to make the time to do so; it's a prerequisite," she says. "If you have anything to lose, you've got to be proactive about protecting your personal information."
And with scams getting more sophisticated with each passing year, putting measures in place to protect yourself are becoming more critical than ever.
Happily, says Nichols, while cybercrime continues to skyrocket, with over 73,668 incidents reported in total across California (the most popular state for identity thieves in 2019) alone, there's no need to panic. No matter how clever criminals get, a little planning and forethought can go a long way to helping you keep your finances secure.
Since 2010, data breaches have exposed more than 38 billion records, according to cybersecurity firm Risk Based Security. So it's a safe assumption to bet that in many cases, criminals already possess sensitive details about you that are floating around the online sphere — details that they may wait months or even years to actually exploit, inflating your sense of security, says Nichols.
Coupled with the rise of online tools that let threat actors easily identify individuals living in wealthy neighborhoods so that they can drive by and steal more data (e.g. bank statements, utility bills, etc.) straight from your mailbox? It makes for a powerful one-two punch that allows criminals to quickly stockpile a wealth of information on virtually anyone, including the answers to security questions that can help them quickly circumvent typical fraud-prevention measures.
Here are some of the more common, and clever, ruses that identity thieves have begun using more frequently over the last six months.
Opening credit-monitoring accounts with Experian, Equifax and other services in victims' names. This enables the thieves to scan your credit report for forgotten credit cards or accounts and rack up charges on them. "For example, they'll find an Ann Taylor or Victoria's Secret card that you don't use frequently and have a new card issued to a false address," says Nichols. "Don't think it can't happen to you, either. After having a false account recently opened in his name with [credit-monitoring company] Lifelock, the firm told a CEO of a major corporation it wasn't possible," she says. "Well, guess what. It turns out it was."
Using Google Maps, Zillow, Redfin and other location and real estate services to find locate upscale neighborhoods. These neighborhoods would be in the range of $700,000 or more, says Nichols. The thieves physically canvass these neighborhoods looking for mail contains personal information that they can swipe. "One multimillionaire client had his details stolen and credit card charges rung up to the tune of over $100,000 as a result," Nichols says. "You'd be amazed how much personal data is being delivered right to your doorstep."
Hacking into cellphones, computers and tablets using malware, spyware and software. This allows the thieves to swipe personal information from devices connected to public Wi-Fi networks. "You'd be surprised how easy it is to steal information from a hotel's wireless hot spot," warns Nichols. "A lot of people take photos of credit cards to send to other people, log in to financial institutions over these networks and such. One client even had their drivers' license details stolen, and someone attempted to have a new one issued to a different neighborhood in their home state."
Nichols says that "attempts at identity theft today are becoming more cunning, convoluted, and complex. If you want to fight back, your best defense is a good offense."
Here are six ways to protect yourself from becoming a victim.
If you think it sounds expensive and time-consuming to safeguard yourself from identity thieves, the costs of not doing so can be even more intimidating. According to Nichols, a single incident of identity theft can take six months and 40 hours of work for a typical individual to recover. Costs associated with addressing more complex incidents (especially those involving the need for help from a credit professional) can range from $5,000 and up. Bearing this in mind, it pays to be cautious.
Here are some steps Nichols urges you to take to protect yourself from becoming a victim of identity theft.
1. Monitor your credit regularly. Keep an eye out for illegitimate inquiries or suspicious accounts opened in your name. Likewise, stay attuned to alerts from your bank, credit card provider and other financial institution. Note that small, probing attempts at intrusion are often made before a full-blown attempt at compromising your identity occurs.
2. Freeze your credit. A credit freeze (also known as a security freeze) restricts access to your credit reports, helping safeguard against fraudsters opening new accounts in your name, but a credit freeze may not stop misuse of your existing accounts or some other types of identity theft. Also, companies that you do business with would still have access to your credit report for some purposes. A credit freeze has no effect on your credit score or current credit accounts, and the process can be completed in less than 10 minutes. To freeze your credit, you must contact each of the three credit bureaus (Experian, Equifax and TransUnion). You'll be asked to provide personal information, such as name, address, Social Security number and birth date. You'll typically be asked a few questions to verify your identity and then be prompted to create a PIN, which should be kept in a secure location.
3. Close all open but unused credit cards and financial accounts in your name. Before doing so, though, consider how it will impact your credit score, noting that a portion of it may be determined by how much money you're able to borrow in total vs. how much debt you're currently carrying.
4. Register for a post office box. Have important letters containing sensitive information sent there to prevent thieves from casually raiding your mailbox.
5. Use a virtual private network. Also called a VPN, this data-encryption software hides your identity, online activity and communications from unwanted eyes. Traditionally used for secure connections into corporate networks, many users are now using them to secure their presence in cyberspace by hiding their IP address from other users, making their activities invisible.
6. Install antivirus, antispyware and email-filtering software. Set these tools to automatically scan every 24 hours for possible points of concern, and always make sure you have the most updated versions.
7. Check out the FTC and IRS websites. The Federal Trade Commission offers further information on how to keep personal information secure, safeguard your identity and even freeze your credit if necessary. Similarly, the Internal Revenue Service also offers a Taxpayer Guide to Identity Theft, which provides additional guidance.
If you think you've been hacked, or spotted warning signs of identity theft, Nichols recommends immediately taking the following precautions.
1. Pull your credit report. Every year, you're entitled to one free credit report from each of the main credit bureaus — Experian, Equifax and TransUnion. You can access these reports for free at annualcreditreport.com, which is authorized by federal law. If you think you've been hacked, pull your credit report immediately to look for unauthorized inquiries.
2. Create an Identity Theft Report. Found at IdentityTheft.gov on the Federal Trade Commission website, this report is one of the first steps toward your recovery. The online report asks a few questions about your situation, then devises a personal recovery plan.
3. Place an extended fraud alert on your credit file. An extended fraud alert requires a business to verify your identity before it issues new credit. This alert lasts seven years and is available only to identity theft victims. To get an extended fraud alert, you'll first need to fill out an Identity Theft Report.
4. Make a list of fraudulent activity. Applications to open new accounts, as well as the accounts that have already been fraudulently opened in your name, must be noted and forwarded to the three credit bureaus and listed on your Identity Theft Report.
5. Phone the creditors. and speak to the fraud department to make them aware. (The "new applications" department will be your first stop at arresting any further harm if the application is still in process.)
6. File a police report and fraud affidavit. These can be obtained from your creditor(s) or the Federal Trade Commission if these businesses accept the FTC's forms, and provide copies of these documents and any additional necessary paperwork to creditors' fraud departments.
7. Provide creditors' fraud departments with the details and contacts. It will take up to 90 days to conduct a full investigation.
8. Obtain letters from your creditors. These letters should state that the fraudulence on your account has been confirmed, resolved and removed from your account. Then make sure that your creditors have expunged this negative reporting on your account and that a letter stating this has been sent to all three credit reporting bureaus. (As a backup, you should personally send a copy of these letters to the credit reporting agencies as well.) Be sure to call afterward to make sure that they have received this information.
9. And finally, breathe. Identity theft not only impacts you financially but emotionally as well. The emotional stress can disrupt your sleeping and eating and lead to depression. Nichols suggests taking a step back, giving yourself room to breathe and allowing some time to pass to repair the damage, noting that recovering from identity theft can be a process that takes weeks or even months.
If you need help crafting an action plan, professional credit managers can help expedite the process, she says. Likewise, the FTC offers a tool that can provide you with a step-by-step recovery plan at IdentityTheft.gov. The IRS also offers expert tips for putting your affairs back in order on its Identity Theft Central website