What Is Identity Theft?
Identity theft occurs when someone uses another person's personal information such as name, Social Security number, driver's license number, credit card number, or other identifying information to take on that person's identity in order to commit fraud or other crimes. Stealing an identity is, unfortunately, surprisingly easy to do and happens when you least expect it.
This short video (requires QuickTime) shows you how fast someone can commit identity theft:
How Big Is the Problem?
According to Javelin Strategies, a prominent research firm that often reports on identity theft, incidences of the crime increased by 11% from 2009 to 2010, altering the lives of eleven million Americans. This means that one in every 20 Americans risks being a victim this year.
How to Protect Yourself from Identity Theft
The following tips can help lower your risk of becoming a victim of identity theft.
Protect your Social Security number. Don't carry your Social Security card or other cards that show your SSN. Read Your Social Security Number: Controlling the Key to Identity Theft. Do not print your SSN on checks or on your Drivers License.
Use caution when giving out your personal information. Scam artists “phish” for victims by pretending to be banks, stores, or government agencies. They do this over the phone, aka “vishing,” in emails, in postal mail, and sometimes in person. Phishers will also visit your home or office.
Beware of wolves in sheep's clothing. Currently, there are at least six types of known scams: foreign business offers, love losses, overpayments, rental schemes, sudden riches, and work-at-home. All of these can involve theft of your personal identity. Cons and scams of all sorts, particularly on the Internet, abound.
Treat your trash carefully. Shred or destroy papers containing your personal information including credit card offers and “convenience checks” that you don't use. Remember that Dumpster-diving is an increasingly lucrative and common occurrence. The Federal Trade Commission recommends everyone purchase a shredder.
Protect your postal mail. Retrieve mail promptly. Discontinue delivery while out of town.
Check your bills and bank statements. Open your credit card bills and bank statements right away. Check carefully for any unauthorized charges or withdrawals, and report them immediately. Call if bills don't arrive on time. It may mean that someone has changed contact information to hide fraudulent charges.
Check your credit reports. Review your free credit report at least once a year. Check for mis-spellings of your name, changed or mis-spelled addresses and any activity you don't recognize or any fraudulent activity.
Stop pre-approved credit offers. Pre-approved credit card offers are a target for identity thieves, who steal your mail. Have your name removed from credit bureau marketing lists. You can also call toll-free 888-5OPTOUT (888-567-8688) to do this.
Wireless Access Points. Free public wireless access, for example, in coffee shops or at airports (see, e.g., Symantec's Wi-Fi), are ripe for hacker exploitation, because public wi-fi access is the modern equivalent of an old-fashioned telephone party-line. Using a VPN (virtual private network) to protect your data will solve this problem.
Best not to use Peer-to-Peer (P2P) File-sharing. P2P File-sharing applications, like Limewire, Morpheus, Bear Share, Bit Torrent, and others, present real security risks, including the risk of identity theft, to both individuals and organizations. If you must use it, there are some measures you can take to manage your risk.
On-Line Job Hunting. Be careful about sharing personal information, when looking for a job online.
ATM Banking or Debit/Credit Card Use. Do not use PINS like your birthday, initials, maiden name, etc., and never use a debit card online.
Ask questions. Whenever you are asked for personal information that seems inappropriate for the transaction, ask questions. Ask how the information will be used, and if it will be shared. Ask how it will be protected. If you're not satisfied with the answers, don't give your personal information.
Protect your computer. Protect personal information on your computer by following good security practices.
Use firewall, anti-virus, and anti-spyware software that you update regularly.
Download software only from sites you know and trust, and only after reading all the terms and conditions.
Don't click on links in pop-up windows or in spam e-mail.
Physically protect your computer
Never leave your computer alone—even for less than a minute—when you are in a public place. Take it with you.
Purchase a laptop security cable and use it, but know these are not foolproof. At least it will deter a thief.
Password protect it, and use a password-protected screen saver.
Never leave your computer in a parked vehicle, even if the doors are locked. If you must leave it, hide the computer and accessories somewhere in the vehicle, so no one looking in can see any evidence of a computer.
Keep a record of the make, model, serial number and hardware network/MAC address of each piece of computer equipment you own.
Consider purchasing one of the newer tools on the market, like LoJack, that erase the contents of your hard drive, when you report your computer stolen, and also may assist you in recovery.
Use caution on the Web
When shopping online, check out a Web site before entering your credit card number or other personal information.
Only enter personal information on secure Web pages, that encrypt your data in transit. You can often tell if a page is secure, if “https” is in the URL, or if there is a padlock icon on the browser window.
If Your Data Becomes Compromised or Stolen...
If you find that any accounts have been tampered with or opened fraudulently, close them immediately. If you accidentally gave your personal information online, for example, you responded to a fraudulent email by entering your name and social security number and/or date of birth, you may want to review this FTC Consumer Protection page, among other suggestions listed on this page.
To ensure that you do not become responsible for any debts or charges, use the FTC ID Theft Affidavit Form developed by the Federal Trade Commission (FTC) to help make your case with creditors, or call the FTC ID Theft Hotline at 1-877-ID-THEFT (1-877-438-4338 toll-free. You can file a report with the Internet Crime Complaint Center, which is a partnership between the FBI and the National White Collar Crime Center.
If you are the victim of a stolen Social Security number, the Social Security Administration (SSA) provides information on how to report the fraudulent use of your number, and how to correct your earnings record.
If you accidentally gave your password(s) online, change all your passwords (for UVa passwords, click here), and carefully review the information provided on this page.
It is very important that you report identity theft to your local police department, as soon as you become aware that you are a victim. Obtain a copy of the police report, which will assist you when notifying creditors, credit reporting agencies, and if necessary, the Social Security Administration.
If Your Computer is Stolen...
Contact local law enforcement, and report the theft.
Change all your passwords, particularly if you saved them in your computer.
Revoke any UVa certificates installed on the device.
If you have any financial information stored on your computer, review the bullet points listed above on identity theft.
If your computer contained any sensitive information you kept for your employer, or anyone else, you should contact the respective parties immediately, and inform them.
Inform the computer manufacturer, in case whoever stole it calls for technical or other support. In this case you will need to know the computer's serial number.
Depending on where the computer was located when it was stolen, you may want to contact the building manager or other people who might have information about the theft.