What is Identity theft ? Definition, Types, Tools and Protection

Identity theft occurs when someone uses your personal identifying information and pretends to be you to commit fraud or gain other financial benefits.

Identity (ID) theft happens when someone steals your personal information to commit fraud. 

Your personal identifying information could include your full name, home address, email address, online login and passwords, Social Security number, driver’s license number, passport number, or bank number.

Once thieves access this information, they may use it to commit identity theft or sell it on the dark web.

It is a crime committed to obtain personal information such as passwords, ID numbers, credit card numbers, or social security numbers. Criminals of identity theft then misuse this personal or sensitive information and act fraudulently in the victim’s name, commonly apply for loans, make an online purchase, or access the victim’s medical and financial data.

Types of identity theft

• Financial identity theft – This is the most common type of identity theft. In this type of attack, the stolen credentials are used to attain a financial benefit. The victim is identified only when he checks his balances carefully as this is practiced in a very slow manner.

• Account Takeover Fraud – Account takeover is when somebody gains access and takes control of one or more of your accounts without your knowledge or permission. At that point, they can use the account just as you would, potentially using it to make fraudulent transactions, transfer money or gain access to additional accounts,
• Tax-related identity theft – In this type of exploit, the criminal files a false tax return with the Internal Revenue Service (IRS). Done by using a stolen Social Security number.

• Biometric ID Theft – Biometric ID involves stealing a person’s physical or behavior characteristics to unlock a device think facial or voice recognition to unlock your phone, or to tap into your other devices. Make sure your biometric data is stored securely and safely by a company that requests it.
• Criminal identity theft – In this example, a person under arrest gives stolen identity information to the police. Criminals sometimes back this up with a containing stolen credentials. If this type of exploit is successful, the victim is charged instead of the thief.
• Child identity theft – In this exploit, a child’s Social Security number is misused to apply for government benefits, opening bank accounts and other services. Children’s information is often sought after by criminals because the damage may go unnoticed for a long time.
• Medical identity theft – In this theft, the victim’s health-related information is gathered and then a fraud medical service need is created with fraud bills, which then results in the victim’s account for such services.
• Identity cloning for concealment – In this type of exploit, a thief impersonates someone else in order to hide from law enforcement or creditors. Because this type isn’t explicitly financially motivated, it’s harder to track, and there often isn’t a paper trail for law enforcement to follow.
• Synthetic identity theft – In this type of exploit, a thief partially or completely fabricates an identity by combining different pieces of PII from different sources. For example, the thief may combine one stolen Social Security number with an unrelated birthdate. Usually, this type of theft is difficult to track because the activities of the thief are recorded files that do not belong to a real person.

Common theft techniques

Although an identity thief might hack into a database to obtain personal information, experts say it’s more likely the thief will obtain information by using social engineering techniques such as-

• Mail theft. This is stealing credit card bills and junk mail directly from a victim’s mailbox or from public mailboxes on the street.
• Dumpster Diving – Retrieving personal paperwork and discarded mail from trash dumpsters is an easy way for an identity thief to get information. People often discard preapproved credit card applications without shredding them first, which greatly increases the risk of credit card theft.
• Shoulder Surfing – This happens when the thief gleans information as the victim fills out personal information on a form, enter a passcode on a keypad or provide a credit card number over the telephone.
• Phishing – This involves using email to trick people into offering up their personal information. Phishing emails may contain attachments bearing malware designed to steal personal data or links to fraudulent websites where people are prompted to enter their information.

How to protect yourself from identity theft

• Secure your connection: If you are going to use your personal information online, make sure you do so only when your connection is secure – preferably via home or corporate network or cellular data. If possible, avoid public Wi-Fi with no password protection. If you have no other choice, use virtual private network (VPN) that will encrypt all your communication.
• Keep your devices secure: Protect your laptop, smartphone and tablet from malicious software and attackers by using a reliable, multi-layered, up-to-date security solution.
• Create strong passwords that are long, hard to guess, and unique. Keep all your passwords in a password manager, to store them more securely. To add another layer of protection to your passwords, use two-factor authentication wherever and whenever possible. 

• Never reuse any password for multiple accounts or services. This way, even if attackers are able to obtain this password, the damage they can cause is limited only to the compromised account (or service). 
• Monitor your bank and credit accounts: Check your online banking account and credit scores regularly for suspicious activity. This might help you uncover an attack before it causes extensive damage to your finances or reputation. Also, set limits for your transactions to prevent any misuse of your money.
• Be careful with sensitive data: If you want to throw away any physical documents that contain personal information, make sure you discard them in a safe manner – by making them unrecoverable or by shredding them. A similar logic applies to your electronic devices: When selling or disposing of old smartphones, tablets or laptops, make sure you have wiped all the sensitive data they stored.
• Do not share any sensitive information.

• Do not fill personal data on the website that claims to offer benefits in return.
• Never share your Aadhar/PAN number (In India) with anyone whom you do not know/trust.
• Never share your SSN (In US) with anyone whom you do not know/trust.

How to Recognize Signs of Identity Theft

Identity theft can affect you in many ways, and there are various ways to identify it. Knowing the warning signs that signal fraud is developing—or is happening already—can help you more quickly take action to stop it. Here’s what to look out for:

• You no longer get your household bills in the mail. An absence of bills in the mail could mean your personal data has been compromised, and the identity thief has changed your billing address to try to keep you from seeing your statements.
• You’ve been turned down for a loan or credit card. If you’re rejected for credit but have a solid credit history, you might have been targeted by an identity thief. If you’re approved for a loan or credit but at higher interest rates than you expect, that’s also a sign you may have been victimized by identity theft.
• You’re being billed for items you didn’t purchase. If you receive an invoice for a purchase you don’t recognize, or you’re being billed for overdue payments for credit accounts you don’t own, that’s a sign your identity’s been compromised.

• Your financial accounts show charges you don’t recognize. If your bank, credit card or other financial account show unauthorized transactions, those accounts may have been breached.
• Your tax return was rejected. If you filed your tax returns and received a rejection notice from the IRS due to a duplicate return, that could indicate a return has already been fraudulently filed in your name.
• Small test charges appear on your credit card statement. It’s common practice for identity thieves to “test” that a stolen card is still active by making low-cost purchases of under $5. If the credit card is approved, the fraudster knows that the path is clear for larger transactions.
• Your creditors alert you to suspicious activity. You may get a call or text from a company you do business with that tells you fraudulent activity has been detected. For instance, the company that issued one of your credit cards might tell you a suspicious transaction has been attempted with your card. Take care of the immediate issue, and take steps to prevent it from happening again.

Ways to Protect Yourself From Identity Theft

To better protect your personal data against identity thieves, it’s important to be proactive about your approach. Ultimately, the goal is to build as many effective barriers as you can, which can discourage identity thieves from trying to victimize you.

Start that process with these eight steps:

1. Password-Protect Your Devices

Not having a password on your smartphone or tablet is akin to leaving your home with the door wide open. If the device falls into the wrong hands, your email, financial accounts and other private data stored on the phone will be easily accessible.

2. Use a Password Manager

Using the same password for all of your electronic devices and key financial accounts is a major security risk. If you do, a fraudster only has to figure out a single password to gain access to the rest of your accounts.

A good way to stop an identity thief from accessing your data is to mix up your passwords, and use a unique one for every account. Don’t include your name in any passwords or your birthday, and change your password anytime you suspect an account is compromised.

Of course, it’s virtually impossible to remember a unique password for every account you have. To make things easier, you can use a password manager such as LastPass or 1Password to securely store your account information without requiring you to remember all of your login credentials.

3. Watch Out for Phishing Attempts

Avoid clicking on any suspicious-looking links in emails or text messages. In a cyber attack called phishing, identity thieves use emails and websites that look like they’re coming from your bank, credit card company, mortgage lender or other financial institution to trick you into entering your account information or other private data.

These emails may even ask you to open an attachment that installs harmful malware on your device.

If you suspect a link isn’t legitimate, don’t click on it, and never type in your username or password on an unfamiliar login screen. Never download an email attachment unless you know what it is.

4. Never Give Out Personal Information Over the Phone

Fraudsters may also regularly pose as a bank or credit card company employee over the phone, but doing so should be a dead giveaway. The fact is, no legitimate organization will call and ask you for personal information—like a bank or credit card PIN number or Social Security number.

If you suspect a call is potentially legitimate, ask for the caller’s credentials, hang up, and contact the organization using the phone number listed on your financial institution’s bank statements. Also, note that the IRS won’t contact you by phone out of the blue, and will typically send taxpayer requests and information via postal mail.

5. Regularly Check Your Credit Reports

Credit reports include the activity on the financial accounts in your name, including their last-reported balances. As a result, a good way to spot discrepancies is to check your credit report regularly. If you can spot something suspicious early, such as an unfamiliar account on your report, you can take action to address it more quickly and stop the situation from getting worse.

6. Protect Your Personal Documents

Physical documents can present a security risk if not properly looked after. These papers may include information that would prove useful to identity thieves, including your Social Security number, as well as information about your bank accounts. You can protect yourself in a few ways.

Avoid leaving mail in your mailbox as they are a frequent target of identity thieves. If you’re going out of town, ask a trusted neighbor to pick up your mail or request a mail hold until you get back. You might consider limiting how much sensitive paper mail you receive in the first place by signing up for electronic statements with your financial accounts.

Identity thieves may also dig through your trash to get your information. When disposing of physical private records and statements that include any personal and/or financial data, it’s a good idea to destroy it—you can usually find a good shredder for cheap.

Finally, you should try to avoid leaving a paper trail of ATM, credit card or retail receipts behind. Identity thieves can use receipts to help piece together your personal data, so hold on to receipts and throw them away or shred them when you get home.

7. Limit Your Exposure

It’s a good idea to limit the number of credit cards you carry in your wallet, so if it’s stolen, you can minimize the impact.

Additionally, avoid carrying your Social Security card on your person—the theft of a Social Security number is an ID thief’s gateway to more financial accounts, and thus must be protected at all costs.

What to Do if You Believe You Are a Victim of Identity Theft

If you notice something suspicious, the sooner you take action to address it, the better. Once identity thieves know they can get away with their crimes, they can increase their activity and make it even more difficult to recover.

Here are some steps you can take if you believe you’ve been victimized by an identity thief:

• Review your credit report. Regardless of the type of fraud that has occurred, take some time to review your credit report to make sure everything is accurate. If you find an account you don’t recognize, address it immediately.
• File an identity report if needed. If you’re able to confirm that your identity has been stolen, take steps to report it. That includes reporting to the Federal Trade Commission and possibly even filing a police report. You may also want to reach out to your creditors to explain the situation.
• Place a fraud alert or security freeze. Fraud alerts and security freezes can help prevent future fraud from happening. A fraud alert will notify prospective creditors that you may be a victim of fraud and encourages them to contact you at a number you provide to verify your identity. A security freeze, on the other hand, stops anyone from viewing your credit report to begin with, which prevents someone from opening a credit account in your name. Another option is to lock your Experian credit file with Experian Credit Lock.
• Dispute any inaccurate information you find in your report. If you believe you have fraudulent information on one or more of your credit reports, make sure you dispute it with the appropriate credit bureau. Disputes are generally resolved within 30 days, and the fraudulent information will be removed if the credit bureau confirms your claim.

Be Vigilant With Identity Theft Fraud Protection

Identity thieves often strike when you least expect it, so it’s crucial to avoid taking the security of your personal data for granted. As you take steps to protect your information and identity, you’ll make yourself a more difficult target for thieves and may even stop them in their tracks.

As you monitor your credit, protect your devices and accounts, avoid phishing and other scams and keep your documents out of the wrong hands, you’ll be able to sleep better knowing that your information is safe.

Do not make all the personal information on your social media accounts public.