What is Identity Theft?
Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits, tax refunds, or a new loan or credit card in your name. If you don’t take precautions, you may end up paying for products or services that you didn’t buy and dealing with the stress and financial heartache that follows identity theft.
Your personal information exists in numerous places all over the internet. Every time you browse or purchase something online, watch a video, buy groceries, visit your doctor, or use an app on your smartphone, information about you is being collected. That information is often legally sold or shared with other companies. Even if just one of these gets hacked, the criminals can gain access to your personal information. Assume that some information about you is already available to criminals and consider what you can do to slow down or detect the use of your information for fraud.
How to detect it
- Review your financial cards and other accounts regularly for any charges or payments you did not make. An easy way to do this is to sign up for email, text messages, or phone app notifications for payments and other transactions. Monitor them for fraud.
- Investigate situations when merchants decline your credit or debit cards. Look into letters or phone calls from debt collectors for overdue payments for credit cards, medical bills, or loans that you know are not yours.
- Pay attention to letters that inform you about unemployment or other government benefit claims for which you never applied.
- If available in your area, review your credit reports at least once a year. For example, in the United States, you can request free reports from annualcreditreport.com.
What to do when it happens
- Contact the organization that is involved in the fraud. For example, if a criminal opened a credit card in your name, call that credit card company to notify it about the fraud. If someone filed for a tax refund or unemployment benefits in your name, contact the corresponding government organization.
- File a report with law enforcement to create an official record of identity theft. You can often do this online. For example, in the United States you can report at identitytheft.gov. Follow the site’s instructions for any additional steps you may need to take.
- When responding to fraud, keep records of your interactions with your financial institutions and law enforcement, as well as the costs you incur due to identity theft in case these details will be needed later.
- Notify your insurance company; you may have identity theft protection included in one of your policies.
How to defend against it
Here are some simple steps you can take to decrease the chance of identity fraud happening:
- Limit how much information you share about yourself with online services and websites.
- Use a unique strong password for all of your online accounts and enable two-factor authentication as additional protection for your most important accounts.
- If applicable in your location, restrict who can get access to your credit reports. For example, in the United States freeze your credit score so that anyone who tries to get a credit card or loan in your name has to first temporarily unfreeze it.
- Consider getting insurance coverage, either through a dedicated policy or as part of your existing insurance plan, that covers the costs of dealing with identity theft.
Lenny Zeltser is the CISO at Axonius, a cybersecurity asset management company. He also teaches malware combat and writing at the SANS Institute. Lenny is active on Twitter as @lennyzeltser and writes a security blog at zeltser.com.
OUCH! is a monthly security awareness newsletter for everyone. It is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it.
Editorial Board: Walter Scrivens, Phil Hoffman, Alan Waggoner, Leslie Ridout, Princess Young.