Twenty years ago, the words “identity theft” may have conjured up images of shadowy figures rifling through trash cans for bank statements and other documents. Today, with personally identifiable information readily available on the dark web, identity theft has changed significantly.
The fraud is now far-reaching, costs Americans billions of dollars each year and can be very tough for victims to fix.
But it’s not a hopeless situation—you still have the power to protect yourself from ID thieves.
The Rise of Identity Theft
The current era of widespread identity theft may have begun in 2013. Shortly before Christmas that year, Target announced that a massive data breach had swept up personal information on 70 million customers and 40 million debit and credit card numbers.
Suddenly, ID fraud was as close as your neighborhood Target store. And it has become even more prevalent since then.
Personal data was compromised last year by a record number (1,862) of breaches, which increased 68% from 2020, says the Identity Theft Research Center. According to the Federal Trade Commission, Americans in 2021 lost $5.9 billion to fraud, most commonly identity theft. The cost to consumers was up more than 70% from the previous year.
What do identity thieves do with the information they steal? Often, they sell it.
The Dangers When Your Identity Is Stolen
Full sets of credentials—including name, address, date of birth and Social Security number—are known as “fullz” in the criminal underground. A U.S. citizen’s fullz goes for an average of just $8 on the dark web.
All the information a budding identity thief needs is a few clicks away, without the hassle or stench of combing through a rubbish bin. The thief doesn’t even need to live anywhere near the victim and could be halfway around the globe.
Armed with your dataset, thieves can open a credit card online in your name. With a bit more effort, they can develop fake documents including a driver’s license, health insurance card or passport.
And with those documents, the crooks can get bolder. For example, they might take out a mortgage or a line of credit against an existing mortgage, or use your health insurance to cover an expensive medical procedure. They can even steal your tax refund.
Newer Scams Target Covid Aid, Use ‘Synthetic’ IDs
In my role as senior fellow for threat research at Agari by HelpSystems, I’ve explored hundreds of email inboxes used by online scammers. Many of these inboxes contain unemployment insurance claims filed under different names in just about every U.S. state.
Some of the inboxes show evidence of fraud against the IRS, Social Security and federal programs to provide Covid business loans, disaster assistance, small business loans and pandemic rental assistance. The Secret Service estimates as much as $100 billion in Covid relief money was stolen. Other sources put the total as high as $400 billion.
A relatively new twist on traditional identity theft is called synthetic identity fraud. A scammer starts with a stolen Social Security number but creates a made-up name, address and date of birth.
The fraudster then establishes credit with the fake ID, often by taking out a high-risk, high-interest loan. The scammer pays back the loan, to establish a credit history for the synthetic identity. After several cycles, the synthetic identity has good enough credit to apply for a stack of credit cards. The thief can now run up the cards and disappear.
6 Ways to Reduce Your Risk of Identity Theft
Though identity thieves keep getting craftier, you can take action to avoid being victimized. Here are six steps to guard against identity theft—or quickly determine when a fraudster is trying to use your personal information.
1. Create an online Social Security account
Your Social Security number can be a gold mine for thieves; millions of the nine-digit numbers are already available for sale on the dark web. The Social Security Administration warns that you shouldn’t routinely carry your Social Security card around or say your number out loud in public. Officials also recommend that you create a “my Social Security” account on the agency’s website, so you can monitor for any suspicious activity involving your Social Security benefits.
2. Protect your tax return
To prevent someone from filing a tax return in your name, the IRS urges that you set up what’s called an Identity Protection PIN. It’s a six-digit code that helps the tax agency verify your identity when you file an electronic or paper tax return. That makes it harder for a scammer to use your Social Security number to file a phony return in hopes of obtaining a fraudulent refund.
3. Sign up for credit monitoring
While you may not be able to stop identity thieves from opening accounts in your name, a credit monitoring service can alert you to suspicious activity on your credit reports.
The best credit monitoring services can be free, or might charge a monthly subscription fee.
They’ll send email or text notifications if a new account appears on your credit reports. If you see a new account you don’t recognize and didn’t open, you can quickly try to deal with the problem.
4. Freeze your credit reports
A credit freeze prevents most lenders and creditors from accessing your credit reports—and they won’t open a new credit account in your name while the freeze is in effect. You can request a freeze with all three major credit bureaus, Equifax, Experian and TransUnion. Be warned that while a freeze is in place, you will have to request a temporary or permanent lift in order to apply for credit.
5. Shred important documents
Some identity thieves still do things the old-fashioned way: dumpster diving. They know that many people throw documents with sensitive personal information into the trash. A good paper shredder is an excellent investment for your home office. Make sure you shred bills after paying them, letters from your bank, receipts, pay stubs and medical statements.
6. Watch out for phishing
Phishing scams have been around for years but still manage to dupe consumers into giving up their personal and financial information, so it can be used for identity fraud. With phishing, you might get an email that looks like it came from your bank, telling you that you need to log in to your online account and update your information.
But when you click on a link, you’re taken to a copycat site that fools you into entering your user name and password. The Federal Trade Commission says one good way to protect yourself is by using multifactor identification, which requires you to enter an extra code or credential to log into a sensitive account.
More From Advisor
- Colorado And Delaware Approve Stimulus Checks—Is Your State Next?
- Gas Prices Are At Record Highs. Here’s How To Save At The Pump As Summer Travel Begins
- 5 Ways To Save Money And Keep Your Lifestyle Intact
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.