Identity Theft: What It Is, How To Prevent It, and Why It's Terrible
Identity theft is one of the things you never expect to happen to you until it does.
The scariest part is not the theft itself but what follows after. Victims of identity theft don't often discover their financial, reputational, and bureaucratic lives are destroyed until long after the crime was committed. This delay makes it extremely difficult for authorities to investigate identity theft cases.
Table of contents
- What Is Identity Theft
- Identity Theft Statistics 2024
- How Does Identity Theft Happen?
- Real-life examples of identity theft
- What Are the First Signs of Identity Theft?
- How To Prevent Identity Theft
- Stay Alert Online!
What Is Identity Theft?
Identity theft occurs when malicious actors steal someone's personally identifiable information (PII) to commit fraud or steal money.
Getting hold of PII is critical here. Some of the most common PII include
- Name,
- Address,
- Phone number,
- Date of birth,
- SSN (social security number),
- Online login details (usernames and passwords),
- And credit card details.
What makes PII theft so damaging is the hacker's ability to piece multiple threads of information together to create an accurate profile of the victim. This makes it easier for them to impersonate you and commit crimes like financial fraud or accessing your accounts.
Identity theft is carried out in various forms and sizes, but some are more common than others.
Identity Theft Statistics 2024
The landscape of cybercrime is a grim one, with each passing year bringing a surge in data breaches, hacks, and leaks. Identity theft, in particular, has seen a steady climb, as evidenced by these statistics reported by the Federal Trade Commission (FTC), IBM, and other security companies.
2023 data breaches
In 2023, the number of data compromises increased by 78 points compared to 2022, with (353,027,892) victims reported from data breaches across different industries. Other findings from 2023’s data breach report include the following findings:
- Nearly 11 percent of all publicly traded companies were compromised in 2023.
- Publicly traded companies withheld information about an attack in 47 percent of notices compared to 46 percent of other organizations.
- While most industries saw modest increases, Healthcare, Financial Services and Transportation reported more than double the number of compromises compared to 2022.
- Most data compromises were due to cyberattacks. Phishing-related and ransomware attacks were down slightly, while Zero Day attacks jumped significantly compared to previous years.
These statistics demonstrate the importance of protecting ourselves from identity theft. Throughout this article, we will examine what is identity theft, real-life examples, and how to protect yourself from identity theft.
Reported cases of identity theft
The FTC received 5.7 million fraud and identity theft reports, 1.4 million of which were identity theft cases.
Age
People between the ages 30-39 were the most common group targeted for identity theft.
Most common identity theft types
Government Documents or Benefits Fraud tops the list of identity theft types, with 395,948 reported cases.
Cost
The median loss of fraud cases for victims is about $500.
Total losses are estimated to be $10.2 billion.
Government and tax-related fraud
Recent Paycheck Protection Program (PPP) loans for pandemic-affected businesses and other government programs have been happy hunting grounds for fraudsters.
They often use the victim's identity to apply for unemployment checks, tax refunds, and new jobs. Since governments automatically carry a high level of trust, this is one of the most popular types of identity theft.
Credit card fraud
Hackers often use PII to attack your credit card and credit score. Even if they don't have physical access to the card, they can clone it using PII to take out loans or create new accounts.
Bank fraud
Some hackers go straight for your bank account by cloning debit cards or carrying out ACH transfers. According to the FTC report, opening new bank accounts has seen the second fastest YoY growth.
Utility fraud
Hackers can use your PII to link their utility accounts and use the strong credit score to keep the lines active for months. Eventually, the authorities will reach your door, asking you to pay a hefty amount for utilities you didn't use.
Since PII is often static and shared between multiple accounts, hackers can scale their attacks to exploit financial loopholes. All they need is a crumb of data to start.
How Does Identity Theft Happen?
Identity theft can cause irreparable damage, so you need to understand how hackers go about their business once they get hold of PII and what you can do to minimize the impact.
Phishing attacks
Phishing is the process of sending malicious links or attachments via emails, team chat apps, text messages, or social media. The content mimics a legitimate business to gain your trust and use urgency to undermine your rational thinking. Cloudflare employees were recently targeted with phishing text messages which exposed a large amount of company data.
Lost or stolen assets
Some criminals don't hide behind screens; they simply go ahead and steal your wallet or phone. Once they break into your phone or find documents in your purse, they can piece the puzzle together and possess the entire gamut of your PII.
Wifi hacking
Public wifi is convenient, but it rarely uses industry-standard security protocols. Hackers know it, and they target public wifi to stalk users. If you use cafe or airport wifi to share personal or business data, you might already be at risk.
Shoulder surfing
Shoulder surfing is the subtle way of tracking a victim in a coffee shop or a crowded bus when they punch in their credit card or log in to websites. Rookies spy on nearby devices, while advanced hackers can follow typing patterns from a distance to figure out sensitive information.
Skimming
Skimming is the process of replacing or modifying point-of-sale systems and ATMs with tracking devices that store your card details. When you use your card to pay or withdraw money, you unknowingly give away your pin and other information for hackers to exploit later.
Dumpster diving
Dumpster diving is the old trick of recovering paperwork, sticky notes, and discarded computer hardware that might contain sensitive data. It was popular in the pre-cloud era, but it's still effective today since many businesses forget to shred documents before putting them in the trash. In today's digital world, it can also mean going through the computer's recycle bin to find sensitive documents the user thought were deleted.
Data breach
A data breach in a company that hosts your account may lead to hackers gaining your PII. It's one of those cases where you can do very little to prevent it from happening, but with proper knowledge, you can mitigate the impact. Like the Cloudflare attack, Twilio suffered a data breach in August this year, exposing hundreds of customer data.
Synthetic ID
Even if hackers don't get your complete PII, that doesn't stop them from committing identity fraud.
They can create a synthetic ID by combining your authentic details with made-up information if they have your SSN. They can use this legit-looking ID to trick officials, make a new bank account, or sign up for government checks. Children and the elderly are often victims of synthetic ID crimes.
Burglaries and home invasions
With so much emphasis on cybersecurity, we often forget about generic crimes. Burglars often break into houses not to steal cash or jewelry but access credit cards, driving licenses, and SSNs. Since they can just copy the information without stealing, victims don't realize it until it's too late.
Family identity theft
Family identity fraud works similarly to synthetic ID fraud, where children's blank credit score is used for crimes, but it also goes beyond that. Sometimes family members, such as an older kid or a sibling, steal PII to commit fraud without the victim's consent. Familial identity fraud is more common than you think.
Real-life examples of identity theft
Below, you will find real-life examples of scams and identity theft, how they happened, and the results from each case.
Thief steals over $70,000 using a widow’s identity
An 87-year-old widow was charged $70,000 on various accounts by an identity thief who opened multiple accounts in her name. The victim claims creditors said she owed $12,000 on a Platinum Visa credit card.
Another creditor threatened to repossess the victim’s car for non-payment on the vehicle’s loan, which she didn’t even own.
The victim filed an ID theft complaint with the police department to get the loans written off. She believes the thief to be a 24-year-old woman who lived in the same apartment complex as her
Jewelry fraud
A prison guard from Texas received a call from a jewelers’ fraud unit telling him somebody was attempting to open an account in his name at a jewelry store in Austin. Fortunately, the company refused to open the account when they realized the person was trying to commit identity theft.
The victim, Cedric, checked his credit report for other suspicious activity and learned that identity thieves had opened credit accounts in his name, charging him over $8000 over three accounts.
Cedric filed a complaint about the identity theft on his accounts and placed a fraud alert on his credit accounts to prevent future identity theft attempts in his name.
Police believe Cedric’s personal information was leaked from a car dealership where he purchased his vehicle.
Credit card fraud
A vice president for a lending bank in San Antonio, Carlos, learned he had become a victim of identity theft when he received various credit cards in his name that he didn’t apply for. Carlos checked his credit account after he received a letter declining to open an account with a company because there was already an account in his name.
The credit report showed that somebody had stolen Cedric’s identity to apply for accounts with 40 creditors, including Visa and MasterCard. The identity thief used Carlos’ information to buy a sports car, open credit accounts with $10,000 credit, $2,000 on a Wal-Mart credit account, and rent an apartment.
Eventually, the thief was caught by the police, and now Carlos recommends that everybody constantly check their online bank accounts to ensure they haven’t become victims of identity theft.
What Are the First Signs of Identity Theft?
If you're a victim of identity theft, you must detect the red flags well in advance before it harms you or your family. Here are a few signs of identity theft that you should look out for:
Your bank statement or credit card bills look unfamiliar
Hackers will target your bank sooner than later if your PII is compromised. It's not an ideal situation, but the good thing is that the changes won't be subtle, and you will need to act quickly.
You're likely a victim of identity theft if your bank statement contains unexpected transactions, your check bounces (hinting at a possible lack of cash), or you get calls from your bank to verify an unfamiliar purchase.
You might also see unfamiliar credit card charges, notifications of a new credit card or loan, a sudden drop in credit score, or calls from debt collectors asking you to repay loans you've never taken. Any unusual activity can lead to identity theft.
Your income is misreported, or you haven't received a tax refund
We all wish the tax season to be simpler, but if someone files taxes on your behalf without your consent, that's a red flag. Cybercriminals file taxes in order to receive your tax refund. They might also use your SSN to get jobs which will complicate your income reports.
If the IRS alerts you of an activity you didn't personally engage in; you might be set up for a tax scam.
Your emails and utilities don't work properly
This is a dumpster diving plus a utility scam all rolled into one. If your mail keeps missing from the mailbox or doesn't arrive at all, someone is either stealing them or has routed the address to a new place to receive your mail.
Similarly, if you're handed an enormous utility bill for unknown accounts or your water, electricity, or phone services are suddenly shut off for non-payment, you might have become a victim of identity theft.
The website feels different after logging in
Hackers often use phishing websites that impersonate real ones to trick users. If you visit a website and feel the branding or the structure is off, you might have seen a fake website. In case you logged in recently, act quickly to contain the issue. A similar thing can happen with emails as well.
You get MFA notifications and sign-in alerts
Most companies encourage multi-factor authentication (MFA) for users, and if you have it turned on and received a login code, know that someone is trying to access an account with your PII. You might even receive a notification or email updating you about a recent login you didn't initiate. Be aware of the notifications and alerts to detect an issue in its infancy.
How To Prevent Identity Theft
Fighting against cybercriminals might seem like a losing battle, but all you have to do is stay under their radar and cover your tracks. By becoming a more challenging target, you can protect your online privacy.
Here are a few ways you can avoid falling prey to identity theft:
Watch out for the red flags
It's not enough to remember the most common ways people lose their PII; it's also essential to put that knowledge to practice. Start with being extra cautious of phishing attacks that use social engineering to mimic real people and companies.
Keep your assets close to you in public, and avoid typing personal data. Use Public Wi-Fi only if you use a VPN as well.
Reconsider your online presence
The burden of data governance keeps growing with more website accounts and social media platforms. If it's possible, consider reducing your online footprint.
Start by limiting the number of social media platforms you use and what you share in them, restricting the privacy settings, deleting old accounts, and setting up a Google Alert for your name. This way, you'll be notified if your name pops up on a website.
Occasionally monitor the dark web and credit report
It's a security best practice to periodically scan the dark web to see if your or your family members' PII has been listed for sale, and it's also critical to monitor your credit report to catch anomalies.
Extend theft protection to the entire family
Children are often more at risk of identity theft than adults because of their clean slate. While considering an identity theft protection service for yourself, don't forget to extend it to the entire family. A good theft protection service should include credit monitoring, device, and network security, an insurance policy, and a 24/7 fraud resolution team.
Advanced threat protection should also include data backup. Identity theft leads to data loss. And in some cases, it can be impossible to restore your records after a cyber attack if you don't back up your data.
Prepare to react quickly
We wish you never have to use any of the measures listed below, but if the worst does happen, here's what you should do immediately:
- Change your passwords immediately and log out of other devices.
- File a complaint on FTC's website identitytheft.gov to receive an ID theft report. You can also do it by phone by calling the FTC directly at 1-877-438-4338.
- You can also file a police complaint if you know the thief or if your name has been used in police interactions.
- You can also file a report by identity theft type. Contact Medicare's fraud office for medical identity theft, contact the Internal Revenue Service for tax identity theft, and contact the labor department for unemployment identity theft.
- You should also call one of three credit bureaus and freeze your credit.
- For senior citizens, the report should be filed with the National Long Term Care Ombudsman Resource Center.
- Finally, you should reach out to each institution or company where you have an account and request them to close the existing account and create a new one.
Stay Alert Online!
Identity theft is hard to prevent and even harder to contain. You can mitigate most of the risks by staying vigilant, but it's a good idea to subscribe to an identity theft protection service and move to privacy-first cloud apps to store and share your life's moments.