With internet users increasing globally, identity theft numbers are spiking. According to the Federal Trade Commission (FTC), there was a 70% increase in fraud reports from 2020 to 2021 at 2.8 million. This statistic added to the 45% increase reported between 2019 and 2020 at nearly 2.2 million.
While the pandemic had a huge effect on these numbers, it wasn’t solely responsible. It acted as an accelerator in the global rush towards everything digital.
In this digital boom, many of us are exposing our data — knowingly and unknowingly. And often lying in wait are cybercriminals who want to use that data for nefarious purposes.
Here are the common ways cybercriminals can steal your identity and some of the best practices to protect yourself from identity theft online.
Defining identity theft
The US Department of Justice defines identity theft or fraud as any type of crime where someone illicitly obtains and uses data.
Both companies and individuals can fall victim to the attack via deception or outright fraud. This is usually done for financial gain.
There are many ways in which criminals can use your personal information, including:
- Running up large shopping bills.
- Stealing tax returns.
- Opening lines of credit or credit card accounts.
- Withdrawing money from your account.
- Engaging in other criminal activities in your name.
Though this can happen in person — like when someone steals your wallet or purse — identity theft isn’t limited to the physical world.
Common methods for online identity theft
Overall, the number of online frauds is still less than the number of phone and text scams. Yet, with $1.8 billion in losses from online fraud methods — email, website/apps, and social media — the monetary numbers far surpass phone, text, and snail-mail methods.
That’s why it’s important to know what methods cybercriminals use to get to your personal data.
Below is a list of some common online methods for identity theft.
In simple words, phishing is when someone tricks you into giving your personal information using a fake email.
The email may look like it’s coming from a reputable source or company — think banks and charity organizations. It contains a message that says there’s a problem and urges you to press a certain link to resolve the issue.
Typically, the link leads to a fake webpage where you have to input your personal information to verify your account. Once you click to proceed, it sends your information to the scammer.
On the other hand, an email can contain a toll-free number that routes to a cybercriminals’ call center. From there, they’ll do or say anything to get you to reveal your financial or other sensitive information.
Malicious software is also known by its catch-all term ‘malware.’ Most identity thieves use ransomware and spyware. Both can get into a computer when you visit a compromised website or open a malicious attachment in an email.
Once installed, ransomware blocks you from accessing your computer. To regain access, a thief demands a ransom from their victim. In the meantime, they can access personal information stored on the computer.
Spyware, on the other hand, infiltrates the computer to collect information that a thief can use to steal an identity.
Social media has become deeply ingrained in society. Many of us use our accounts to share photos and videos and post about events going on in our lives.
Unfortunately, cybercriminals are turning to our social media profiles to access our sensitive information.
Here are some key things you should avoid sharing on social media:
- Your driver’s license, credit cards, or bills – Yes, even if you use a photo program to block sensitive information.
- Geolocation tags – These can help to verify your address.
- Check-ins – They help thieves identify other data points where they could steal information — like when you go to the doctor’s office, fitness center, or a small business.
- Your birthday – Identity thieves may use it for verification questions.
Poor device disposal
Surprisingly, discarding your old laptops, tablets, smartphones, and other electronics can pose a danger and put you at risk.
How many of us complete a factory reset of a device before tossing it? While it may seem unimportant, this is another way identity thieves can steal our data.
Hackers find discarded devices and reboot them to gain access to banking, contact, and other login information, while a previous user is completely unaware.
To avoid identity theft in this situation, the FTC recommends backing up your device, signing out of all accounts, de-pairing it from any Wi-Fi or Bluetooth connections, and then performing a factory reset before recycling or donating your device.
A data breach is a type of security violation that exposes personal or business information and leads to reputational and financial loss.
The most notable example of a data breach occurred in 2017. Hackers infiltrated the databases at Equifax — one of the three main credit bureaus in the US — and gained access to the personal information of over 147 million people.
If you’re unsure how to protect yourself from identity theft, read on.
How to protect your identity online
Public networks 101
Public Wi-Fi networks aren’t always using the latest standards of encryption. This creates an opportunity for cybercriminals to access your information while you’re browsing the web in a cafe.
To prevent identity theft on a public network, you have to encrypt the information on your device. Virtual private networks — or VPNs — are some of the most useful solutions for this. VPNs are available for almost any device and operating system, even if you need a VPN for Linux.
If you don’t have access to a VPN, using your phone data can serve as an alternative way of protection. Phone companies often encrypt their data.
Regardless, the best practice is to never access personal or financial information on a public network and don’t permanently log in to accounts from it.
Securing your private network
Even if you’re not using public Wi-Fi, your personal information could still be at risk.
In fact, anyone close enough to your Wi-Fi router can access your sensitive information.
Use these simple tips to protect your home or company’s private network from cybercriminals:
- Be sure to secure your Wi-Fi network with a unique, strong password. And even at home, change your password every quarter.
- Install an application that monitors devices that connect to your network. Set it to block any unauthorized devices.
- Never use your router’s default passwords, especially for the router admin login. Identity thieves can easily access this information on the web.
- Switch off any remote management features on your router.
- Create a ‘guest network’ for visitors or friends to use. This is more for companies, but you can do it at home too.
Strong password protection
Strong passwords are long passwords — at least 16 characters — that combine capital and lowercase letters, symbols, and numbers.
Never set up a common password with number combinations like “1234” or words like “admin” or “system.” And always ensure that security questions are unique to you with information not available on the internet.
Set up strong passwords for all accounts that contain your personal information. To make it easier, you can use one of the password managers. These apps create and store unique passwords for any website you use.
Experian, TransUnion, and Equifax — are the three national credit bureaus that track credit history in the US. When you apply for a credit card or a loan, that’s who the bank or credit card company contacts for your credit score.
Obviously, keeping a solid credit score is important, and it’s good to monitor it for personal or business purposes. But it’s also a way to check if someone is illegally using your identity.
Visit the official site — authorized by federal law — AnnualCreditReport.com on a regular basis and access your free credit report. The report can help verify bill payments, credit checks, and loan applications or payments. From there, you can look into anything that’s suspicious and immediately inform your bank.
With this guide, you have the resources you need to identify and protect yourself from identity theft.
Remember, the FTC only tracks reported cases, but there are many more out there that go unreported. Identity theft is a serious issue. Stay cyber safe!