While no one can totally prevent it, there are many things you can do to protect yourself from online fraud and identity theft.
What is Identity Theft and Identity Fraud?
According to the US Department of Justice, “Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.”
How Does Identity Fraud Happen?
If you’ve ever received an email from a friend claiming to be stranded overseas and in need of money to get home, an offer from a widow who is looking for a kind, trusting person like yourself to give her your bank account information so she can deposit millions of dollars into your account for safekeeping, or if you’ve received seemingly official emails from banks, PayPal.com, or other financial sites asking you to provide them with your account or other personal info, you’ve probably been targeted for online fraud.
Here are a few of the most common examples of identity fraud:
Phishing
Those suspicious emails you get that tell you you’ve won a contest, or that the company needs to verify personal information, or that a widow wants to send you a million dollars, are all examples of phishing – an attempt to get you to share your personal information like usernames, passwords, and bank or credit card account numbers. Many of these phishing emails also contain links that, if clicked, can put a virus on your computer to hunt for your sensitive data and send it without your knowledge.
Skimming
Skimming is the theft of your credit or debit card information at the time you make a legitimate transaction. Skim artists get temporary jobs at restaurants, gas stations and hotels for the purpose of scanning the credit and debit cards of unsuspecting customers using pocket-size skimmers.
Thieves also put skimmers over the top of card readers on ATM machines and gas pumps to capture card info, and some add tiny cameras to watch customers type in their pin numbers. Then they print new debit or credit cards with your number and information on them or simply enter your information online to make purchases.
Un-Secure Internet Connections
If you have an unsecure wireless internet connection at home, hackers in your neighborhood could use your internet connection to access personal data stored on our computer or network.
Also, if you use un-secure Wi-Fi hotspots at restaurants, hotels, or other locations to access your bank accounts or make online purchases, hackers can monitor your transactions and capture your personal data.
Data Breaches
A data breach is the theft or unintentional release of private data (like individual social security numbers, driver’s license numbers, medical records, or financial records and account information) by people unauthorized to access or release the data.
Data breaches often occur by someone hacking into a corporate network to steal sensitive data. But they can also occur by authorized or unauthorized employees who view or steal the information.
Smartphones
Smartphone users are 33% more likely to be victims of identity fraud according to Javelin Strategy & Research due to “careless consumer usage.” How? We forget that when we make a call over a cell phone, or send a text or email, someone else may be listening or may be able to access that info. Also, malicious smartphone apps can steal sensitive information that is stored on your smartphone and send it to identity thieves without your knowledge.
16 Ways to Prevent Identity Fraud
While no one can prevent all identity theft and fraud, there is a lot you can do to protect your identity and private information.
- Check your financial accounts regularly. The sooner you notice something out of the ordinary and report it, the better.
- Install a firewall and anti-virus software to protect your computer and personal information, and update them frequently.
- Update your operating system and web browser software regularly.
- Secure your wireless home network (Wi-Fi) by enabling encryption.
- Be wary of emails that urgently implore you to click on a link to update your account information, use a generic greeting like “Dear Member,” have misspellings or use poor grammar.
- Do not click on any links or attachments. You can often spot a fake email by hovering over the links and checking whether the URL actually leads to the website of the business or, in a scam email, to a third party site.
- Delete suspicious email from your computer completely and be sure to empty your “trash” or “recycling bin,” as well.
- If you did click on a link, run your anti-virus software’s full system scan feature.
- If you’re not sure if an email is legitimate or not, contact the company directly to verify, or visit their web page by typing in their web address (instead of clicking the link provided in the email).
- Protect your passwords by keeping them in a safe place. Your passwords should have at least eight characters and should contain numbers, symbols and letters. Create different passwords for each online account that you have, and use an online password manager like Roboform to remember them all.
- Use cash more instead of debit or credit cards.
- Never give personal or financial information to unsolicited callers.
- Use a debit card as a credit card so you don’t have to enter the pin number.
- Never access your financial accounts or purchase anything when using an un-secure public Wi-Fi connection.
- Protect your smart phone by adding a password lock, enrolling in a data wiping program that can be accessed from a computer if you lose your phone, and downloading apps only from trusted app stores.
- Enroll in an identity guard service like LifeLock for as low as $8.99 per month, to monitor access to your personal and financial information.
What Should You Do if You Are a Victim of Identity Fraud?
Don’t think you’re at risk for identity theft or fraud? Think again. My wife and I have been victims several times over the last three years:
- My wife’s purse was stolen at a restaurant in Miami Beach, Florida the day before we were to embark on a cruise. She lost her driver’s license, debit card, iPod, and all of our cash for the cruise. Gratefully, our passports were not in her purse!
- My corporate credit card number was stolen during the middle of an eight-day business trip. The credit card company said it was likely due to a skimmer at a hotel.
- Our home was once broken into while we were on vacation during the summer and our computers were stolen. Our tax returns, financial accounts information, and other private data were stored on those computers.
- My wife’s debit card number was stolen two months ago. Again, it was likely due to a skimmer.
Here are three things you should do right away if you think you are a victim of identity theft or fraud:
- If your purse or wallet are stolen, or home has been broken into, contact the police. If you need to file an insurance claim, they will need your police report number.
- If your financial accounts have been compromised, immediately contact your bank or debit/credit card issuer to report the misuse and request a new card.
- Report the incident to the Federal Trade Commission (FTC) through their ID Theft Clearinghouse at www.ftc.gov/idtheft. This will allow the FTC to identify patterns associated with the unauthorized transactions.
- If your data has been accessed through a data breach, consider subscribing to a credit-monitoring service, which is often offered for free for a year by the company that had been breached.
What steps have you taken to protect yourself from identity theft and fraud? Leave a comment below!
I noticed you mentioned Roboform. My husband’s company has an app called Keeper Password & Data Vault that enables you to create high-security passwords and access your records anywhere, anytime. It has over a million downloads and is available for iPhone, iPod, Android, Blackberry, Windows Phone, iPad, Android Tablet, and Amazon Kindle Fire.
Arlene, thanks for letting me know about Keeper Security. Sounds like a good resource that I’ll need to check out!
Wow! I have been lucky. I can’t believe you and your wife have run into so many occurences. I have to say sometimes by being old school with cash is the way to go. Also, trying to put as making hurdles in a spammer/phisher/other’s way with secure wi-fi etc. Thanks!
I’m sorry that you had a bad experience in Miami. I’m based in Florida. However, I’m glad you got to experience a cruise out of Miami. They are fabulous.
Brian, thanks for your comment. We try to get to Florida once each winter. We especially love Miami Beach, but I really want to get back to the Keys…I went there as a kid when my aunt and uncle lived on Marathon Key and would love to take my wife to Key West. We celebrated our 20th anniversary earlier this year and I’m hoping to take her on a cruise sometime this winter. I’m keeping my eyes open for a great last minute deal. And we’re going with our kids and my wife’s entire family again in 2014.
Thanks for the post. Very thorough. One of the challenges it highlights however is how complex this whole issue really is.
We’re impatient Americans (for good or ill). What one thing would you suggest for people to execute?
I know there isn’t a silver bullet. It’s naive and foolish to think there is. But what’s the closest thing? What’s the one thing everyone should do today?
JP, thanks for your comment! Here are the top two things I’d recommend: 1. Watch where you surf online, what you click, and where you give your credit card info, and 2. Keep a close eye on your accounts so that you can respond quickly if you find fraudulent transactions.
Thanks Rich!
Great article. If it hasnt already been mentioned freezing your credit is also a very good way to protect yourself.
Alan, thanks so much for mentioning the credit freeze!
Under “Smartphones”, you said, “”We forget that when we make a call over a cell phone, or send a text or email, someone else may be listening or may be able to access that info.” Of course, this applies to any cellphone, smart or not. I also suspect that this method of identity theft is very, very small. I suspect most of it on smartphones comes from malicious smartphone apps, but again we don’t have any numbers.
Under “What Can You Do to Prevent Identity Fraud?”, you list a number of ways to help prevent ID fraud. One is to “Use a good debit card as a credit card so you don’t have to enter the pin number.” A criminal who gets your debit card number can do the same thing. My thought is to not use a debit card at all. Your protections are much less than a credit card since your bank account can be wiped out much easier. I traded in my debt card for a regular ATM card and charge items on a credit card or pay cash. I then go online and transfer money from my checking account immediately to the credit card. Also, you mention to “Enroll in an identity guard service like LifeLock for as low as $10.00 per month, to monitor access to your personal and financial information.” I’m surprised that you would recommend LifeLock considering all the trouble they got into by false advertising. Remember their CEO that was showing his Social Security Number to the world? Well, it turns out that he was a victim of identify theft at least TWICE because of that. The company also made claims of what they could do which were false. I would recommend any company OTHER than LifeLock. I have been using ID TheftSmart for free since my credit union had a data breech. They have been very low key and monitor my credit for unusual activity, etc. They send me an email once a month telling me that during the previous month nothing unusual was detected, etc.
James, thanks for sharing your comments and tips! I mentioned LifeLock because I think it is the best-known identity guard company, but perhaps I should have mentioned some of the others by name as well.
Yes, LifeLock had some troubles and faced some fines a couple of years ago, but I think it is rebounding positively in the face of the increased public scrutiny. Also, LifeLock just went public last month on the NYSE (its ticker symbol is LOCK), which opens itself up to more scrutiny.
Thanks for sharing your experience with ID TheftSmart. I will check it out. 🙂
Most identity thieves will want to apply for new credit at a new address. That way the credit card with a validation sticker does not arrive in the mailbox of the unsuspecting victim, it appears in the mailbox of the thief.
People should get copies of their credit reports and look for any recent changes of address that are incorrect.
Kevin, thanks for your comments! Great point about checking credit reports for any incorrect address changes. Years ago, some of my dad’s credit info started appearing on my credit report. We share the same first name but not the same middle name. My oldest son shares my first and middle name (he is a “junior”) so I’ll be interested to see if any of that happens between me and him too.
These scammers usually provide offers that are tempting enough for us to provide the info they need. They are actually becoming more creative and detailed especially on the letters they send on emails. I usually avoid anything that requires information out of the ordinary. Thank you for the tips, I will keep them in mind.
always getting fraud emails related to lottery.
I try to be as careful as possible, and do almost all of the actions described above. But even the most careful person can’t protect against data breaches. In the last 5 or 6 years, I’ve had two credit card numbers and a debit card number stolen, most likely from data breaches, or a skimmer. These didn’t cost me any money because I reported them quickly. But there was the inconvenience of having to cancel the card, get a new one, then replace all the automatic subscriptions to the cards. I’ve also been notified several times by companies I do business with that their databases have been breached (not just credit card info, but my personal data, including DOB, SSN, address, and more). Thankfully, I haven’t been a victim of identity theft. But it’s a risk I don’t want to deal with, so I subscribed to an ID theft prevention/insurance program. I figure the roughly $10 a month is worth the peace of mind that comes with knowing I won’t be on my own if my identity gets stolen. They’ll help with the cleanup process. That is where the heartache comes from!
Thanks for a great article! Another safeguard is to shred important docs and unwanted mail (e.g. Credit card offers, etc. ) Also get a mailbox that can be locked, and ask post office to hold your mail when on vacation, you can specify a date when they will resume delivery. UPSP online service is efficient for doing all this! As for online monitoring, apparently Costco has teamed up with IdentityGuard to offer a discount that I’m going to check out. For around $10/month they offer a deal almost similar to Lifelock’s premium $25 option.
Great list of tips. One of the real dangers of identity theft is when criminals obtain Protected Health Information (PHI), and other vital medical records. Your date of birth, social security number, home address – all of this, and more, is so incredibly sensitive that when it falls into the wrong hands it’s a disaster waiting to happen. Always ensure the safety and security of PHI and all other sensitive information by being vigilant as to who you give your information to. Never assume anything – ask if you are unsure. On a side note, Covered Entities and Business Associates should be focusing on the true merits of HIPAA compliance, and that’s putting in place documented HIPAA information security and operational policies, procedures, and processes. I’ve worked with so many healthcare providers that lack the basic and fundamental documentation for HIPAA compliance, therefore it’s easy to see why non-compliance issues are still a major factor with HIPAA.