Identity Theft: Don't be a Victim

What Is Identity Theft?

Identity theft occurs when someone uses another person's personal information such as name, Social Security number, driver's license number, credit card number, or other identifying information to take on that person's identity in order to commit fraud or other crimes. Stealing an identity is, unfortunately, surprisingly easy to do and happens when you least expect it.

According to Javelin Strategy & Research, $16 billion was stolen from 15.4 million U.S. consumers in 2016, compared with $15.3 billion from 13.1 million victims a year earlier. In the past six years identity thieves have stolen over $107 billion.

How to Protect Yourself from Identity Theft

The following tips can help lower your risk of becoming a victim of identity theft.

Protect your Social Security number. Don't carry your Social Security card or other cards that show your SSN. Read Identity Theft and Your Social Security Number. Do not print your SSN on checks or on your driver's license.

Use caution when giving out your personal information. Scam artists “phish” victims by pretending to be banks, stores, shipping companies, or government agencies. They do this over the phone (called “vishing”), in emails, in the postal mail, and sometimes in person. Phishers will attempt to scam you at your home or office.  

Learn how to stay safe on social networking sites. Limit the amount and kind of personal information you share on social media. Your friends don't need to know your address, the year of your birth, or other uniquely identifying information. If you go on vacation, wait until you return to share your photos and descriptions.

Beware of wolves in sheep's clothing. There are many common scams involving the theft of your personal identity. Make yourself aware of these types of scams and learn how to prevent yourself from being victimized.

Treat your trash carefully. Shred or destroy papers containing your personal information including credit card offers and “convenience checks” you don't use. Remember that Dumpster-diving is an increasingly lucrative and common occurrence. The Federal Trade Commission recommends everyone purchase a shredder.

Protect your postal mail. Retrieve mail promptly. Discontinue delivery while out of town.

Check your bills and bank statements. Open your credit card bills and bank statements right away. Check carefully for any unauthorized charges or withdrawals, and report them immediately. Call if bills don't arrive on time. It may mean that someone has changed contact information to hide fraudulent charges.

Check your credit reports. Review your free credit report at least once a year. Check for misspellings of your name, changed or misspelled addresses and any activity you don't recognize or any fraudulent activity.

Stop pre-approved credit offers. Pre-approved credit card offers are a target for identity thieves, who steal your mail. Have your name removed from credit bureau marketing lists. You can also call toll-free 888-5-OPT-OUT (888-567-8688) to do this.

Wireless Access Points. Free public wireless access, for example in coffee shops or airports, are ripe for hacker exploitation, because public wi-fi access is the modern equivalent of an old-fashioned telephone party-line. Using a VPN (virtual private network) to protect your data can solve this problem, though hackers can infect a computer in the very short time between logging onto the public wireless and engaging the VPN.

Best not to use Peer-to-Peer (P2P) File-sharing. P2P File-sharing applications, like LimeWire, uTorrent, BitTorrent, and others, present real security risks, including the risk of identity theft, to both individuals and organizations. If you must use it, there are some measures you can take to manage your risk.

On-Line Job Hunting. Be careful about sharing personal information when looking for a job online.

ATM Banking or Debit/Credit Card Use. Do not use PINS like your birthday, initials, maiden name, etc., and never use a debit card online.

Internet Use. When shopping online, check out a Web site before entering your credit card number or other personal information, and never use a debit card online.

Read the privacy policy, and take opportunities to opt out of information sharing.

Only enter personal information on secure Web pages that encrypt your data in transit. You can often tell if a page is secure, if “https” is in the URL, and a padlock icon on the browser window.

Ask questions. Whenever you are asked for personal information that seems inappropriate for the transaction, ask questions. Ask how the information will be used, and if it will be shared. Ask how it will be protected. If you're not satisfied with the answers, don't give your personal information.

How to Protect Your Computer

Protect personal information on your computer by following good security practices.

Use strong, difficult-to-guess passphrases or passwords.

Use antivirus software that you update regularly.

Download software only from sites you know and trust, and only after reading all the terms and conditions.

Don't click on links in pop-up windows or in spam email.

Never leave your computer alone—even for less than a minute—when you are in a public place. Take it with you.

Purchase a laptop security cable and use it, but know these are not foolproof. At least it will deter a thief.

Never leave your computer in a parked vehicle, even if the doors are locked. If you must leave it, hide the computer and accessories somewhere in the vehicle, so no one looking in can see any evidence of a computer.

Keep a record of the make, model, serial number and hardware network/MAC address of each piece of computer equipment you own.

If Your Data Becomes Compromised or Stolen...

If you find that any accounts have been tampered with or opened fraudulently, close them immediately. If you accidentally gave your personal information online, for example, you responded to a fraudulent email by entering your name and social security number and/or date of birth, you may want to review this FTC Consumer Protection page, among other suggestions listed on this page.

To ensure that you do not become responsible for any debts or charges, you should follow the steps to report identity theft and get a recovery plan developed by the Federal Trade Commission (FTC) to help make your case with creditors, or call the FTC ID Theft Hotline at 1-877-ID-THEFT (1-877-438-4338 toll-free. You can file a report with the Internet Crime Complaint Center, which is a partnership between the FBI and the National White Collar Crime Center.

If you are the victim of a stolen Social Security number, the Social Security Administration (SSA) provides information on how to report the fraudulent use of your number, and how to correct your earnings record.

If you accidentally gave your password(s) online, change all your passwords (for UVA passwords, click here), and carefully review the information provided on this page.

It is very important that you report identity theft to your local police department, as soon as you become aware that you are a victim. Obtain a copy of the police report, which will assist you when notifying creditors, credit reporting agencies, and if necessary, the Social Security Administration.

If Your Computer is Stolen...

Contact local law enforcement, and report the theft.

Change all your passwords, particularly if you saved them in your computer.

Revoke any UVA certificates installed on the device.

If you have any financial information stored on your computer, review the bullet points listed above on identity theft.

If your computer contained any sensitive information you kept for your employer, or anyone else, you should contact the respective parties immediately, and inform them.

Inform the computer manufacturer, in case whoever stole it calls for technical or other support. In this case you will need to know the computer's serial number.

Depending on where the computer was located when it was stolen, you may want to contact the building manager or other people who might have information about the theft.