Don't Be The Victim of Identity Theft This Year
Identity theft is now the fastest growing crime in America. According to the Federal Trade Commission (FTC), 1.5 million Americans had their identity stolen last year [*].
Unfortunately, 2022 isn't looking any better.
The first few months of the year have set new records for cases of fraud, identity theft, and data breaches. Hacks at companies like Microsoft, Cash App , and Okta have compromised the personal data of millions of people [*].
Even the CEO of the Identity Theft Resource Center (ITRC) says "There is no reason to believe the level of data compromises will suddenly decline in 2022."
Identity thieves are getting more sophisticated with their attacks. But the good news is that there are still some simple measures you can take to prevent identity theft.
How Can Identity Theft Happen?
Identity theft happens when bad actors use your personally identifiable information (PII) for their personal gain.
For example, an identity thief could buy your Social Security number (SSN) off the Dark Web for as little as $5 and then take out fraudulent loans in your name.
PII includes things such as your:
- Full name
- Date of birth
- Home address
- Account logins and passwords
- Social Security number (SSN)
- Financial information
- Driver's license number and ID
With even just a few pieces of your personal data, criminals can commit up to 15 different types of ID theft . But the most common are credit card fraud, loan fraud, and tax or government benefits fraud (medical identity theft is also now gaining popularity).
Before we go any further, here's what you need to know:
- Credit card fraud occurs when criminals steal your credit card number and rack up debt or even open new cards in your name. Even if they don't have your physical card, scammers can use your stolen credentials to make fraudulent purchases online. Unfortunately, there's also been a rise in familial fraud where a family member opens a credit card in your name .
- Loan or lease fraud occurs when someone uses your identity to take out auto, business, personal, student, or real estate loans. Scammers have no intention of paying off these fraudulent loans and may even file for bankruptcy in your name.
- Tax and government benefits fraud occur when a criminal files for taxes or benefits in your name. For example, they might use your SSN to file a falsified tax return and receive a large refund from the IRS. Or, they could use it to apply for government benefits and pocket the money.
The easiest defence against these and other types of identity theft is to become a harder target.
While it's impossible to guarantee protection against identity theft, there are ways to protect your PII and make your data harder to steal.
10 Steps to Avoid Identity Theft
1. Know the most common ways criminals steal your identity
To steal your identity, criminals need access to your PII. Unfortunately, there's a good chance some of it has already been leaked in a recent data breach. But that's not the only way you can become the victim of identity theft.
To prevent identity theft, learn where you're most vulnerable to attacks:
- Phishing attacks. Also known as an imposter scam, this is when scammers send spam emails and texts or call you on the phone pretending to be someone you trust. For example, they could claim to be from the IRS and ask you to "confirm" your identity by revealing your SSN. Or, they might try to get you to click on a link that will infect your device with malware.
- Physical theft. Identity thieves can find everything they need to steal your identity on your driver's license, ID, or even in the mail.
- Shoulder surfing. This "attack" occurs when you use your devices in public. A scammer with lurking eyes watches you enter your online banking password. Or if they're more sophisticated, they could use a man-in-the-middle attack to intercept your Wi-Fi connection and spy on you.
- Social engineering attacks. Similar to phishing, social engineering attacks use psychology to pressure you into doing what criminals want (like giving up your PII). Identity thieves research your life and use your personal information against you.
Simply put, you could be at risk any time you receive an unsolicited message or call, lose a piece of mail, use your devices in public, or browse the internet.
2. Watch out for the warning signs of a phishing attack
Phishing attacks are the main way scammers trick you into giving up personal information. These messages and phone calls can look and sound convincing. But any information you provide or links you click on can put your identity in danger.
So, how can you tell if a message is from a scammer?
Scammers will often try to spoof their contact information to make it look like they're coming from an official number or email. But if you look closely, you'll see that they're different from what's listed on the supposed sender's official website.
Phishing messages usually don't address you by name, may include typos, and often use threats, urgency, or promises to spur action. They'll also often include links, attachments, or QR codes with convincing reasons why you should click on or scan them.
If you have any suspicions, don't respond or click on links or attachments in these messages. Instead, contact the company directly using the information listed on their website.
Read more: How To Tell If Someone Is Trying To Scam You Online →
3. Safeguard your IDs and wallet
Identity thieves don't only rely on sophisticated hacking. Criminals can steal your identity with just the ID you carry in your wallet or purse. That's why the less personal information you carry with you, the better.
Even then, it's important to keep your physical ID safe from scammers.
Try to always keep a list of what's inside your wallet or purse as well. This way, if your wallet is stolen, you'll know what accounts to close and how you might be at risk.
For even more security, keep important documents in a locked safe at home in case of burglary. And if you're going to pay with a credit card, choose a chip or contactless reader, as these are more secure than swiping.
4. Avoid public Wi-Fi (unless you have a VPN)
Free wireless internet at an airport or your local coffee shop is convenient. But it also presents the perfect opportunity for fraudsters to steal your information.
Public Wi-Fi networks are notoriously easy to intercept. If an identity thief taps your connection, they can steal your usernames and passwords.
If you need to use public Wi-Fi:
- Use a cellular hotspot. Tether your phone to your laptop to ensure that hackers can't scam you over vulnerable Wi-Fi networks.
- Use a virtual private network (VPN). A better option is to use a VPN. This tool encrypts your data — all hackers will see are strings of numbers and letters. Aura's VPN uses military-grade encryption to protect all your devices and prevent identity theft.
5. Secure your online accounts and use two-factor authentication (2FA)
Strong passwords are often your first (and only) defense against identity thieves. But a shocking 22% of U.S. adults use their own names for passwords on online accounts [*].
This is essentially giving an identity thief a free pass to hack your email, take over your online bank account, or steal your social media profiles.
Instead, secure your online accounts by using:
- Strong passwords that are at least eight characters long. Use a combination of upper and lowercase letters, numbers, and symbols.
- A secure password manager that keeps track of your login information. Aura's password manager will also alert you when an account has been compromised.
- Two-factor or multi-factor authentication (2FA or MFA). These add an extra layer of protection to your accounts by requiring a special code along with your password. But skip using SMS for authentication as it can be hacked or bypassed if someone steals your phone. Instead, use an authenticator app like Google or Authy.
- Fingerprint or biometric security on your devices. If you're signed into accounts on your mobile device or laptop (like your email), hackers can steal your identity by stealing your phone. Biometric security is much harder to hack (although there have been cases of fingerprint identity theft). For the best protection on your devices, combine biometrics with a strong passcode.
Finally, keep an eye out for messages about your passwords — especially failed login attempts or password changes. If you can connect your phone with a remote security feature like Apple's Find My app or Android's Find My Device, set it up now.
6. Monitor your credit report and consider a credit freeze
The warning signs of financial fraud from identity theft start small. Scammers regularly "test" accounts and credit card numbers with small charges. But the end results can be disastrous if you don't catch these early on.
Identity fraud can cost you thousands of dollars and hours of your life as you try to repair your credit.
Paying close attention to bank and credit card statements is a good way to spot financial fraud early. Look for unusual charges on your account statements, like those from unfamiliar vendors.
If you believe you're a victim of identity theft, contact the company, card issuer, or financial institution. They should be able to cancel the charges, close compromised accounts, and get you a new account number.
By law, you're also allowed a free copy of your credit report every year from each of the three major credit bureaus: TransUnion, Experian, and Equifax.
You can get your free credit report at AnnualCreditReport.com. Look for suspicious activity, such as new credit inquiries, negative changes in your credit score, accounts you don't recognize, or incorrect information (like your date of birth).
7. Reduce your online footprint
Everything you do online — from Google searches to social media posts — makes up your online footprint. Identity thieves use this information to design phishing emails, guess your passwords, and scam your friends.
While you can't erase your online footprint, here are some ideas to limit access:
- Don't overshare on social media. Think twice before you post. Many of us accidentally reveal sensitive information, location data, and even PII in social media posts.
- Adjust your privacy settings. Limit your account visibility to just close friends and family. This way, you can be a bit more liberal with what you post.
- Delete old and unused accounts. Identity thieves use inactive accounts to run scams or steal passwords. If you stop using an online service, disable your account and delete your data.
- Create a Google Alert for your name. This will inform you anytime your name appears on a website. While it adds to your online footprint, it reveals auto-generated content that you should take down.
8. Use antivirus to protect your devices from malware
Malware is malicious software that hackers use to spy on you, steal your sensitive information, or even encrypt your devices until you pay a ransom.
One especially insidious type of cyber attack uses a keylogger. Once installed, these record everything you type — including passwords, logins, and emails — and send them remotely to a hacker.
Many phishing messages include links or attachments that secretly download malware.
With how much personal information is on your devices, it's essential you keep them safe from hackers. Don't click on any strange attachments or links in messages, no matter how enticing they seem.
But what if you accidentally opened a spam email or clicked on a dangerous link?
First, look for the obvious signs of a virus. This includes performance delays, unfamiliar browser plugins, and persistent pop-ups.
If you see signs of malware, immediately disconnect from the internet. It's much harder for hackers to steal your information without an internet connection.
Then, secure your device before you get professional help. For example, on a Mac, you should:
- Steer clear of logging into any account.
- Delete any temporary files from your Cache folder.
- Check Activity Monitor for any malicious apps running in the background.
- Run a malware scanner separate from the antivirus software already on your device.
- Clear your browser cache after removing dubious extensions.
- Finally, consult Apple Support to wipe or reinstall your OS.
9. Safeguard your mail from scammers
As unsophisticated as dumpster diving or mail theft sound, they're still lucrative sources of sensitive information for identity thieves. If you don't already own a shredder, invest in one and shred anything with personal data before throwing it away. That includes:
- Bank statements
- Letters or offers from your credit card company
- Health insurance claim
- Personal or student loan statements
- Anything with your phone number or other contact information
Check for unfamiliar mail, like debt collection notices from lenders you don’t recognize or notifications of new accounts you didn’t set up. All these red flags point to identity theft in the works.
Finally, pay attention if your mail stops arriving. A thief may have used a change-of-address scam to redirect your address to their own.
10. Keep your whole family safe with identity theft protection
Protecting your identity can feel like a full-time job. But you don't have to do it on your own.
Aura's identity protection and credit monitoring services proactively protect your accounts from thieves and criminals.
With Aura, you get:
- Credit monitoring with fraud alerts. We'll monitor your bank and credit accounts in near-real time and alert you of fraud and suspicious activity.
- Identity theft and online account protection. Aura monitors your online accounts, SSN, and other sensitive information that identity thieves try to steal.
- Device and network security. Aura's VPN and antivirus software protects your devices from hackers, malware, and phishing sites.
- Protection for your whole family. Aura's family plans include coverage for up to five adults and children.
- A 24/7 White Glove Fraud Resolution team. If your identity is stolen or you're the victim of fraud, our team will walk you through the next steps.
- A $1,000,000 insurance policy. You're covered for eligible losses due to identity theft.
Was Your Identity Stolen? Here’s What To Do
- Immediately change any exposed passwords and delete inactive, vulnerable online accounts.
- Report identity theft to the Federal Trade Commission (FTC) at IdentityTheft.gov.
- Make sure to file a police report with local law enforcement.
- Freeze your credit and place a fraud alert with a credit bureau.
- Call any organizations you think may have also been affected by the theft — online services or banks.
Remember, identity theft protection services make it easier to be proactive about digital security. Rather than reacting to data breaches or, even worse, identity theft, you have peace of mind knowing someone's got your back.