There are several types of ID theft:
Child ID theft - Children’s IDs are vulnerable because the theft may go undetected for many years. By the time they are adults, the damage has already been done to their identities.
Tax ID theft - A thief uses your Social Security number to falsely file tax returns with the Internal Revenue Service or state government.
Medical ID theft - This form of ID theft happens when someone steals your personal information, such as your Medicare ID or health insurance member number to get medical services, or to issue fraudulent billing to your health insurance provider.
Senior ID theft - ID theft schemes that target seniors. Seniors are vulnerable to ID theft because they are in more frequent contact with medical professionals who get their medical insurance information, or caregivers and staff at long-term care facilities that have access to personal information or financial documents.
Social ID theft - A thief uses your name, photos, and other personal information to create a phony account on a social media platform.
Keeping Your Personal Information Secure Offline
Lock your financial documents and records in a safe place at home, and lock your wallet or purse in a safe place at work. Keep your information secure from roommates or workers who come into your home.
Limit what you carry. When you go out, take only the identification, credit, and debit cards you need. Leave your Social Security card at home. Make a copy of your Medicare card and black out all but the last four digits on the copy. Carry the copy with you — unless you are going to use your card at the doctor’s office.
Before you share information at your workplace, a business, your child's school, or a doctor's office, ask why they need it, how they will safeguard it, and the consequences of not sharing.
Shred receipts, credit offers, credit applications, insurance forms, physician statements, checks, bank statements, expired charge cards, and similar documents when you don’t need them any longer.
Destroy the labels on prescription bottles before you throw them out. Don’t share your health plan information with anyone who offers free health services or products.
Take outgoing mail to post office collection boxes or the post office. Promptly remove mail that arrives in your mailbox. If you won’t be home for several days, request a vacation hold on your mail.
When you order new checks, don’t have them mailed to your home, unless you have a secure mailbox with a lock.
Consider opting out of pre-screened offers of credit and insurance by mail. You can opt out for 5 years or permanently. To opt out, call 1-888-567-8688 or go to optoutprescreen.com. The 3 nationwide credit reporting companies operate the phone number and website. Pre-screened offers can provide many benefits. If you opt out, you may miss out on some offers of credit. www.usa.gov
Keeping Your Personal Information Secure Online
Know who you share your information with. Store and dispose of your personal information securely.
Be Alert to Impersonators
Make sure you know who is getting your personal or financial information. Don’t give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with. If a company that claims to have an account with you sends email asking for personal information, don’t click on links in the email. Instead, type the company name into your web browser, go to their site, and contact them through customer service. Or, call the customer service number listed on your account statement. Ask whether the company really sent a request.
Safely Dispose of Personal Information
Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive.
Before you dispose of a mobile device, check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device. Remove the memory or subscriber identity module (SIM) card from a mobile device. Remove the phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos.
Encrypt Your Data
Keep your browser secure. To guard your online transactions, use encryption software that scrambles information you send over the internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal or financial information online.
Keep Passwords Private
Use strong passwords with your laptop, credit, bank, and other accounts. Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, “I want to see the Pacific Ocean” could become 1W2CtPo.
Don’t Overshare on Social Networking Sites
If you post too much information about yourself, an identity thief can find information about your life, use it to answer ‘challenge’ questions on your accounts, and get access to your money and personal information. Consider limiting access to your networking page to a small group of people. Never post your full name, Social Security number, address, phone number, or account numbers in publicly accessible sites. www.usa.gov
Securing Your Social Security Number
Keep a close hold on your Social Security number and ask questions before deciding to share it. Ask if you can use a different kind of identification. If someone asks you to share your SSN or your child’s, ask:
why they need it
how it will be used
how they will protect it
what happens if you don’t share the number
The decision to share is yours. A business may not provide you with a service or benefit if you don’t provide your number. Sometimes you will have to share your number. Your employer and financial institutions need your SSN for wage and tax reporting purposes. A business may ask for your SSN so they can check your credit when you apply for a loan, rent an apartment, or sign up for utility service. www.usa.gov
Types of Internet Fraud
Scam artists defraud millions of people each year by using internet services or software with internet access to trick victims into sending money or giving out personal information. That’s why it’s important to take steps to protect yourself from and report internet fraud.
Common examples of internet fraud include:
When sensitive data (personal or financial information) is leaked from a secure location to an untrusted environment at a corporate or personal level
This involves dangerous software that is designed to disable computers and computer systems.
Phishing or spoofing
When a scammer uses fake email, text messages, or copycat websites to try to steal your identity or personal information, such as credit card numbers, bank account numbers, debit card PINs, and account passwords
Internet auction fraud
This involves the misrepresentation of a product advertised for sale on an internet auction site, or non-delivery of merchandise.
Credit card fraud
When scammers fraudulently obtain money or property through the unauthorized use of a credit or debit card or card number
Phishing and Vishing
Scammers use a variety of methods to try to steal your personal and financial information. They often try to make you feel comfortable with giving up your sensitive information by spoofing trusted logos of legitimate companies in an email or by pretending to be a family member or friend on the phone.
Phishing is when a scammer uses fake email, text messages, or copycat websites to try to steal your identity or personal information, such as credit card numbers, bank account numbers, debit card PINs, and account passwords. The scammer may state that your account has been compromised or that one of your accounts was charged incorrectly.
A scammer will instruct you to click on a link in the email or reply with your bank account number to confirm your identity or verify your account. They will sometimes threaten to disable your account if you don't reply, but don't believe it. Legitimate companies never ask for your password or account number by email.
Report Phishing Scams
Forward phishing email messages to [email protected] or file a complaint with the Federal Trade Commission (FTC). Include the full email header of the scam message in your report. Find out how to do this by searching online for the name of your email service and the words “full email header.”
How to Protect Yourself
Here are some ways to protect yourself from phishing scams:
Reach out if you’re unsure - If you believe that a company needs personal information from you, call the number from their legitimate website or your address book. Do not call the number or use the links in the email. Tell the customer service representative about the request and ask if your account has been compromised.
Turn on two-factor authentication - If your account supports it, you can set it up to require your password and an additional piece of information (code sent to your phone or a random number generated by an app) when you log in. This protects your account even when your password has been stolen.
Don't click on any links or attachments in the email - Any links, attachments, or phone numbers that you click on may contain a virus that can harm your computer. Even if links in the email say the name of the company, don't trust them. They may redirect to a fake website.
Vishing and Smishing
Similar to phishing, vishing (voice and phishing) and smishing (SMS texting and phishing) scammers also seek to steal your personal information. However, these scams target your mobile or landline phone instead of your computer. You may be directed to call a phone number to verify an account or to reactivate a debit or credit card.
Report Vishing and Smishing Scams
If you have received one of these requests, report it to the Internet Crime Complaint Center (IC3). Your complaint will be forwarded to federal, state, local, or international law enforcement. You will need to contact your credit card company directly to notify them if you are disputing unauthorized charges on your card from scammers, or if you suspect your credit card number has been compromised.
Victims of these scams could also become victims of identity (ID) theft. Visit IdentityTheft.gov to learn how to minimize your risk. www.usa.gov
What is a data Breach?
A data breach, data leak or data spill is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. This may include some or all of an individual’s personal identifying information.
What is synthetic identity?
Synthetic identity theft, is when a thief uses a combination of stolen factual personal identifying information such as a social security number along with a fake name and date of birth to establish a new identity.
Why are children’s social security numbers the “Most wanted”?
Children’s Social Security numbers are the most valuable because they are inactive and will generally remain unchecked for up to 18 years. Children generally have no public information associated with their SSN, making them a prime target.
How Is someone using a Child's Social security number?
When a consumer completes an application for a credit card or loan of some type, all the application information is sent to the Credit Bureaus (CRAs).
The CRAs searches for personally identifiable information to determine whether a credit report exists. Any credit request submitted to a CRA will create a credit file. The thief’s initial application will be DECLINED, but a new credit file will be established as a result.
With the newly established credit file, the fraudster will then apply for credit with another credit card issuer. When the card company runs a credit inquiry, the CRA will return information to the card company that a profile does exist.
The profile will not have any credit history associated with it but it will have a credit file. The credit card company will probably give them a small limit such as $300. Now the new fake synthetic id can build credit.
This is the very beginning of how the new Synthetic Identity is created. It can now be used over and over again until the child (the actual owner of the Social Security Number) first applies for a credit card or student loan themselves. This is when the Fraud is detected.