Identity theft has rapidly become one of the most widespread and damaging financial crimes in the modern digital era. With massive corporate data breaches now routine and our sensitive personal information constantly flowing through cyberspace, it’s more vital than ever for consumers to intimately understand this stealthy threat.
Identity thieves don’t rashly exploit stolen personal information. Like cunning predators stalking their target, they’ll patiently lurk unseen, taking their time to deeply familiarize themselves with the minutiae of your financial life before striking.
They’ll start slow – a small test charge to verify if your credit card is active; perusing your credit report to see what existing accounts you already have and your overall credit habits. If those subtle moves go unnoticed, they’ll incrementally build on that access, deliberately gathering more of your details over weeks or months until they can convincingly impersonate you outright.
By the time the first overt signs of identity theft appear, considerable financial damage has often already been done covertly. The thief’s access allows them to methodically siphon funds from your accounts, open new lines of credit, or intercept government benefits and tax refunds before you ever have a chance to properly apply.
This highlights why noticing and heeding seemingly minor suspicious account activity is so crucial. That first unexplained small credit card charge or strange email address added to your account could be the tip of a much larger identity theft iceberg lurking unseen below the surface.
How Thieves Get Their Hands on Your Personal Data
For identity theft schemes to work, thieves first need to obtain enough of your personal details – full legal name, date of birth, Social Security number, driver’s license details, etc. – to convincingly impersonate you on paper, online, and over the phone.
Some of the most common ways identity thieves harvest people’s sensitive personal information include:
Massive Corporate Data Breaches
Increasingly frequent data breaches where cybercriminals manage to infiltrate company computer networks to steal massive customer databases full of names, birth dates, Social Security numbers, and other identity goldmines.
Once stolen, this data gets sold on the dark web black market for other criminals to exploit. Major breaches often expose millions of people’s details in one single haul.
For example, the 2017 Equifax breach alone leaked the full names, birth dates, addresses, and Social Security numbers of nearly 150 million United States consumers in one devastating mega-heist. Data breaches have only grown in frequency and severity since then across every major sector from retailers to hospitals to insurance companies.
Consumers usually have no clue their personal information was even stolen until that leaked data resurfaces months or years later in identity theft incidents.
Malware and Spyware Infections
Identity thieves are constantly developing new malicious software and viruses specifically engineered to steal people’s private information without their knowledge. Tactics include:
- Keylogging malware records every keystroke typed on infected computers, capturing usernames, passwords, Social Security numbers, credit card numbers, and other sensitive data entered by the victim.
- Info-stealing trojans allow thieves to remotely access and harvest data on infected devices via secret backdoor entry points. Once inside, they can browse the computer at will viewing stored documents, photos, internet history, or messages.
- Spyware cookies track browsing habits and activity across devices and sites to determine email addresses, shopping patterns, bank names, webmail logins, and other identity data.
Malware infections typically happen when people open email attachments from unknown senders, visit compromised sites, click deceptive pop-up links, or download questionable mobile apps. Once installed, these malicious programs operate covertly in the background to extract data.
Phishing Scams
This tactic involves criminals sending out mass emails pretending to be from trusted banks, online retailers, social media platforms, or government agencies. These emails cleverly mimic the legitimate sender’s branding and urgently encourage recipients to verify or update their account information by clicking an official-looking link.
However, the embedded links actually direct victims to sophisticated fake login sites controlled by the scammers. If people enter their usernames, passwords or other requested sensitive data, the thieves immediately capture it for malicious use.
Even rigorous consumer awareness training on phishing email tactics is rarely enough to reliably distinguish fake messages from genuine ones on a consistent basis. The financial incentives of stolen identity data make phishing attacks ubiquitous and evolving.
Public Records Mining
Thieves scour records available through public government databases, county offices, genealogy sites, and people search directories to harvest names, birth dates, addresses, maiden names, and other personal tidbits that can help them assemble or complete an identity profile.
Information found in public marriage licenses, birth certificates, voter registrations, foreclosure notices, and obituaries all get vacuumed up and consolidated by fraudsters seeking to build comprehensive identity dossiers.
Social Media Footprints
Oversharing personal details on social media provides identity thieves answers to common security questions and credentials needed to breach accounts. Photos with landmarks tagged can reveal hometowns; birthday wishes expose dates of birth; labeled family connections unveil mothers’ maiden names.
Posts with first car models, favorite musicians, sports team affiliations, high school mascots, and pet names also hand over answers to common online account security questions that thieves exploit as easy backdoor access.
Cell Phone Account Hacks
With the shift away from landlines, cell phone account numbers have become prime targets. Identity thieves use personal data previously gathered through other means to authenticate through customer service reps and port existing phone numbers to devices under the thief’s control.
Once your phone number is hijacked, it allows criminals to intercept sensitive SMS account recovery codes and passwords from financial institutions and webmail services. They can leverage these to further compromise additional online accounts.
Skimming Devices
Thieves have become highly adept at secretly installing tiny skimming devices inside the card reader slots of ATMs, gas pumps, and other payment terminals that copy debit/credit card numbers and PINs during transactions.
The devices are designed to blend in seamlessly with legitimate equipment. By the time they’re discovered weeks or months later, your stolen card data has long been sold on underground cybercrime markets purchased by fraudsters globally.
Physical Theft of Records and Devices
Directly stealing purses, wallets, smartphones, laptops, external hard drives, and printed documents containing people’s driver’s licenses, insurance cards, credit cards, Social Security cards, medical records, bank statements, school IDs, and other sensitive identity documents.
Thieves may ransack homes during open houses or break-ins looking for such records. Some even trespass through trash bins seeking discarded payment stubs, credit offers, insurance paperwork, etc.
The Most Common Identity Theft Schemes to Watch For
Once identity thieves have gathered enough pieces of your personal information, they leverage it to impersonate you in an array of creative ways. While the possibilities for fraud are endless, these are some of the most prevalent identity theft tactics perpetrated against consumers:
Credit Card Fraud
One of the most frequent forms of identity theft is credit card fraud, which occurs when criminals manage to acquire an individual’s credit card details either through data breaches, physical theft, skimming devices, or purchasing stolen account numbers on the black market.
Often thieves will first test the active stolen cards with small “pre-authorization” charges from merchants you don’t recognize. If those go through, they’ll gradually ramp up to bigger unauthorized purchases and cash advances.
Watch out for these common signs of credit card fraud:
- Strange small charges from unknown merchants popping up on your statement
- The available credit limit on your card suddenly dips lower without an explanation
- Your card is unexpectedly declined while trying to use it at a restaurant or store
- Obviously, fraudulent purchases appear that you must dispute, like electronics shipped to an unfamiliar address
New Account Fraud
Beyond draining existing accounts, identity thieves often use stolen information to deceitfully open new lines of credit or financial accounts in your name. This can include credit cards, bank accounts, loans, phone/utility services, government benefits, tax returns, investment accounts, or medical services.
The thief may add their own address or phone number to the fraudulent accounts to intercept mailed statements, cards, and correspondence related to their illegal activity. In many cases, victims don’t discover the unauthorized new accounts until collections agencies start contacting them for non-payment on debts they never knew existed.
Watch for these red flags of potential new account identity theft:
- You are unexpectedly contacted by a debt collector demanding payment on an account you never opened or knew about.
- You notice accounts opened in your name on your credit report that you did not initiate and do not recognize.
- You stop receiving your regularly mailed financial statements and bills because the thief changed contact info on the accounts.
- You find your services like phone, internet, electricity, or cable TV disconnected suddenly due to non-payment of several months of fraudulent bills that were never sent to you.
- You apply for government benefits but are denied because benefits were already paid out to accounts opened in your name that you’re unaware of.
Synthetic Identity Theft
This occurs when thieves combine real key elements of your identity (like your SSN) with fabricated details (fake name, birth date, address, etc.) to create a whole new fictional identity they can use to open accounts and make purchases.
Since the made-up identity includes verified pieces of your actual identity, it can be harder to detect as fraudulent right away. The activity won’t show up on your traditional credit reports initially because the name attached is completely fictitious.
Signs your identity is being used to form the basis of a synthetic identity include:
- You notice your Social Security number was used on a credit report under a name you don’t recognize.
- You try to e-file your tax return but it gets rejected because your SSN already appears on a tax return under another filer’s name.
- You receive an IRS notice about multiple tax returns being filed with the same SSN but different names and details.
- Debt collectors reference you by a completely unfamiliar name when trying to collect on defaulted payments for accounts you never opened.
- You are denied government benefits because your SSN was already used this year under a different name to claim benefits.
Account Takeovers
Once identity thieves have your account login credentials through phishing schemes, hacking, spyware, or physical theft, they can access and drain your financial and payment accounts directly. This can occur with bank accounts, investment accounts, mobile payment apps, retirement accounts, and e-commerce site profiles.
Look out for these signs of potential financial account takeovers:
- You notice withdrawals or transfers from your bank account that you never authorized. Often small amounts may be stolen first to avoid triggering alerts.
- Your debit card is suddenly declined when you try to use it, likely due to unauthorized changes triggered by a thief’s activity behind the scenes.
- You experience insufficient fund fees from your bank because the checks you’ve written have started bouncing due to unauthorized account withdrawals taking your balance negative.
- You are locked out from accessing your investment account online because the password, phone number, and email were changed by the thief to lock you out.
- Your account balance is drastically lower than it should be based on your normal spending patterns and deposits.
Government Benefits Fraud
Identity thieves often target government benefits programs like Social Security, Medicare, unemployment insurance, and tax refunds. Using victims’ Social Security Numbers and other details, fraudsters file for assistance first before the legitimate applicants can submit their paperwork. Once approved, funds get directly deposited into accounts controlled by the thieves.
Watch out for these signs of government benefit identity theft:
- Your Social Security, disability, unemployment, or other expected government payments suddenly stop without explanation. Later you find out the deposits recently changed because benefits were rerouted to an account number you don’t recognize.
- Soon after losing your job, you apply for unemployment assistance but are denied because an unemployment account is already active under your Social Security number – which you definitely did not open.
- When you go to electronically file your tax return as usual, you receive an error saying your Social Security number was already used to file a return this year. This likely indicates tax identity theft.
- You receive written notices from the IRS or Social Security Administration referencing suspicious misuse of your Social Security number being used to claim government benefits without your knowledge.
Medical Identity Theft
With skyrocketing healthcare costs, medical identity theft has also increased. Thieves use victims’ insurance information, names, and birthdates to obtain expensive prescription medication, medical equipment, elective procedures, and other services. The false claims get mixed into the victim’s medical records.
Watch for these signs of medical identity theft:
- You receive explanations of medical benefits from your insurance for procedures you never obtained or appointments you never attended. This shows fraudulent use of your health coverage.
- You receive bills for co-pays and deductibles on medical claims you know you did not file. This indicates someone is impersonating you at healthcare providers.
- Your legitimate health insurance claims start getting denied because your annual policy dollar limit was already reached prematurely by a thief’s activity.
- Debt collectors start calling insisting you pay for ambulance transportation or emergency room visits that actually didn’t involve you.
- Your doctor’s reliance on test results or health data is corrupted by an identity thief’s activity conducted under your identity, leading to improper medical guidance.
Child Identity Theft
Children’s clean credit records make them appealing targets for identity thieves seeking to open undetected fraudulent accounts. Often the crime goes undiscovered for years until the child applies for student loans, a first job, or government benefits as a young adult and encounters unexpected problems.
Watch for the following signs of potential child identity theft:
- Your minor child starts receiving pre-approved credit card offers in the mail addressed directly to them, despite not being of legal age to open accounts.
- When reviewing your child’s credit report, you find open phone, utility or credit accounts with companies you never authorized under their Social Security number.
- After you e-file taxes claiming your eligible child as a dependent, the return is rejected because their Social Security number was already used improperly on another return.
- You apply for government assistance on behalf of your child but the application is denied because their Social Security number shows income or existing accounts that your child does not actually have.
- Debt collectors start calling your home insisting on speaking specifically to your minor child and demanding payment on fraudulent debts opened using their stolen identity.
Criminal Identity Theft
In rare but nightmarish cases, thieves intentionally use an innocent person’s identity when arrested or cited for crimes to conceal their own criminal background from police. This leaves victims with wrongly tarnished criminal records without even knowing.
Watch for these warning signs of potential criminal identity theft:
- You are unexpectedly detained or even arrested by police over active warrants related to serious offenses you have no association with and know nothing about.
- A routine background check for a new job or volunteer position reveals unexplained felony convictions or an arrest record containing crimes you certainly did not commit.
- Your driver’s license is mysteriously suspended because of unpaid traffic tickets or citations that don’t belong to you appearing on your record.
- Police officers suddenly arrive at your front door to arrest you based on a warrant for a crime you have zero involvement in.
- You receive angry letters from courts attempting to collect fees and fines for offenses secretly committed by an identity thief using your name as their alias.
Sophisticated Phishing Scams
As consumers have gotten smarter about identifying fake emails, phishing scams have become increasingly convincing:
- Fraudsters meticulously mimic bank, retailer and social media branding within messages, often using the exact logo images, fonts and colors.
- Emails may appear to come from valid known addresses like “support@yourbank.com” with the bank’s name and logo.
- Urgent subjects are used like “Unusual activity on your account – Immediate action required” to trick victims into acting fast without close inspection.
- Links may initially direct to the real website homepage to look legitimate before redirecting to a fake lookalike login page controlled by scammers.
- Fake sites mirror the encryption padlocks and web addresses of authentic sites. URLs may even incorporate the company name to appear convincing like “yourbank-securecustomerportal.com”.
Sophisticated Vishing Calls
Similar to phishing, phone-based “vishing” scams use social engineering to manipulate victims:
- Caller IDs are spoofed to mimic legitimate companies’ numbers, adding to credibility.
- Professional sounding automated greetings and menu prompts replicate large financial institutions to sound official on first contact.
- Scammers reference small real account details like partial card numbers or recent transactions to make the threat seem valid.
- High pressure tactics insist you could lose access to funds if you don’t act immediately to verify information.
- Follow-up calls come from other characters posing as fraud investigation or police officers adding to the supposed severity.
Public Wi-Fi Hacking
Unsecured public Wi-Fi makes accessing sensitive accounts risky:
- Hackers set up rogue hotspots with the same names as legitimate venues near the actual businesses to trick users into connecting.
- Shoulder surfers observe passwords and activity over victims’ shoulders.
- Snooping software scans all connected network traffic looking for login credentials and account numbers.
- Without encryption, all transmitted data is exposed including account logins, emails, messages and browsing activity.
Device Malware Infections
Harmful software is constantly evolving to be stealthier and more potent:
- Legitimate-looking pop-up windows mimic urgent security warnings from your operating system, antivirus, or web browser directing you to download malware disguised as system scans or security patches.
- Drive-by downloads automatically install viruses onto devices simply by visiting compromised websites without clicking anything.
- Apps imitating popular retailers, social networks and gaming portals infect devices after granting access permissions.
- Keylogging and info-stealing malware lurks completely undetected in the background vacuuming up your sensitive activity.
Biometric Data Theft
New biometric login options also introduce new risks:
- Facebook’s photo tagging uses facial recognition allowing strangers to pinpoint you in the background of friends’ photos you’re not in control of.
- Law enforcement and government agencies store detailed fingerprint databases that have also been breached.
- Iris scans, facial recognition profiles and fingerprint data copied by device malware could enable serious identity impersonation.
- Voice spoofing apps can mimic vocal patterns used for biometrically authenticated account access by phone.
Destroyed or Stolen Paper Records
While digital data receives lots of attention, physical documents remain vulnerable:
- Mail and documents stolen directly from home mailboxes provide a wealth of sensitive information.
- Insiders at medical providers, insurance companies and banks can smuggle out physical files.
- Car break-ins, office burglaries and home foreclosures present opportunities for record thefts.
- Fire, flood and other natural disasters can lead to mass destruction of paper identity documentation making recovery challenging.
Avoiding Identity Theft When Traveling
Business and personal travel introduces additional identity theft risks:
- Public airport WiFi and internet cafes frequently accessed while traveling may be unsecured. Avoid accessing sensitive accounts.
- Baggage containing personal documents or devices can be lost or stolen during transit. Keep essentials with you.
- International data protection and fraud investigation capabilities vary. Be cautious about what country you access accounts from.
- Devices are vulnerable to physical theft if left unattended in taxis, shuttles, rental cars, or cramped airplanes when traveling. Keep them close at all times.
- Foreign ATM skimming or credit card cloning threatens your financial information. Use credit cards instead of debit cards in higher-risk regions. Verify charges often.
11 Proven Ways to Outsmart Identity Thieves
While completely preventing identity theft is extremely difficult given the prevalence of data breaches, there are prudent precautions everyone should take to reduce their risks:
- Freeze your credit reports to block access. Credit freezes restrict access to your credit history, preventing thieves from being able to open any new fraudulent accounts. Freezing is quick, easy, and highly effective.
- Strengthen online account passwords. Use complex 12+ character passwords and passphrases for each account. Never reuse the same credentials across multiple sites.
- Enroll in credit monitoring. Credit monitoring alerts you whenever suspicious inquiries or accounts are detected on your credit to catch fraud early.
- Shred sensitive paperwork before disposal. Use a cross-cut shredder to destroy any documents containing personal information or account numbers before trashing them.
- Watch out for phishing scams. Use extreme caution with unsolicited emails or texts requesting personal information or account details. Verify legitimacy directly through known contacts first before responding.
- Remove personal details from people’s search sites. Opt out of sites like Spokeo that publish your contact details online for anyone to access.
- Freeze children’s credit. Child identity theft is growing, so freeze your minor children’s credit reports too until they become adults.
- Check your credit reports frequently. Periodically obtain your credit reports from Equifax, Experian, and TransUnion to review all accounts for any unauthorized activity.
- Change passwords and security question answers regularly. Update credentials used for financial accounts every 60-90 days for extra safety. Avoid reusing similar passwords on multiple accounts.
- Use two-factor authentication when available. Two-factor authentication adds an extra verification step like requiring a texted code, for significantly stronger login protection.
- Limit Social Security number usage. Only provide your full 9-digit SSN when absolutely necessary, and inquire how the recipient will secure it.
What to Do if You Suspect You’re an Identity Theft Victim
If you notice any suspicious activity on accounts, promptly take action to limit the spread of damage:
- Request free credit reports and thoroughly analyze them for any unauthorized accounts or charges that could indicate identity theft.
- Place fraud alerts and credit freezes with the three major credit bureaus. This restricts access to your credit files and makes it harder for thieves to open new deceptive accounts.
- Report the identity theft incident to the FTC at IdentityTheft.gov and file a police report. This creates an official record with authorities.
- Close any compromised accounts immediately and dispute all fraudulent charges with banks and creditors. Alert them to monitor your accounts closely for further suspicious activity.
- Change online account passwords, security questions, and PINs to prevent thieves from accessing accounts they’ve already compromised.
- Consider enrolling in an identity theft protection service that provides ongoing credit monitoring and identity recovery assistance under a monthly subscription plan.
- Be diligent about checking bank, credit card, and healthcare statements closely for any transactions you don’t recognize. Report anything suspicious promptly to limit the damage.
- Keep detailed written records documenting your actions and who you contact. Identity theft recovery often requires proving details years later.