IDENTITY THEFT

Identity theft occurs when a criminal uses someone else's personal identifying details, such as their name, social security number, birth date to assume their identity or access their accounts for the purpose of committing fraud, receiving benefits, or gaining financially in some way.
Read in-depth about identity theft below. Download our free antivirus to protect your devices from viruses and cyber threats.

FREE ANTIVIRUS DOWNLOAD

What is identity theft? 

Identity theft is a pervasive and ever-growing threat in an increasingly digital world. There are millions of victims of identity theft every year. Victims can suffer from financial crime, reputational damage, stress, and anxiety.

Read this in-depth guide for more on: 

  • Identity theft definition.
  • Reporting identity theft.
  • How to avoid identity theft.
  • How you should respond to the theft of your identity.
  • Types of identity theft.
  • Examples of identity theft.

Identity theft meaning explained 

Identity theft occurs when a criminal uses someone else’s personal information to assume their identity or access their accounts for the purpose of committing fraud, receiving benefits, or gaining financially in some way.

Identity theft definition: What is identity theft 

Identity theft occurs when a criminal obtains or uses the personal information; e.g., name, login, Social Security number (SSN), date of birth, etc., of someone else to assume their identity or access their accounts for the purpose of committing fraud, receiving benefits, or gaining financially in some way.

Pre-Internet criminals typically had to go through your physical mail box or suffer the indignity of rummaging through your smelly trash to get the information they needed to steal your identity—like those “you’re already approved,” pre-screened credit offers we all get in the mail.

Thanks to the miracle of modern technology, today’s cyber criminals don’t have to work nearly as hard to invade your privacy, but they stand to gain so much more. Big businesses and the large caches of data contained on their networks present a much more lucrative target than piecemeal attacks on individual consumers. Accordingly, attacks on businesses were up 235 percent year over year, according to the recent Malwarebytes Labs Cybercrime Tactics and Techniques report. At the same time, attacks on consumers went down almost 40 percent.

Chances are your data has already been compromised in a data breach. According to the Identity Theft Resource Center’s (ITRC) 2018 End-of-Year Data Breach Report there were 1,244 data breaches, exposing over 446 million records in 2018.

Different types of identity theft 

Credit identity theft: What is credit identity theft? 

Credit identity theft happens when a scammer steals your credit card number outright and uses it to make fraudulent purchases or obtains a credit card or loan under your name. According to the FTC, credit card related identity theft is the most common form of ID theft.

Tax identity theft: What is tax identity theft? 

Tax identity theft occurs when a scammer gets a hold of your SSN and uses it to obtain a tax refund or get a job. This might come as a result of a data breach that exposes your SSN online, for example. The US Internal Revenue Service doesn’t get much love from taxpayers, but the organization’s efforts to reduce tax-related identity theft appear to be working.

Child identity theft: What is child identity theft? 

Why would someone want to pretend to be a child? Many reasons. Scammers can use your child’s SSN to obtain a tax refund, claim them as a dependent, open a line of credit, get a job, or obtain government ID. There are lots of ways you can protect against child identity theft, including freezing your kid’s credit. Generally, they need to be under 15 or 16 years of age, though the age limit varies by state (more on credit freezes later).

Medical identity theft: What is medical identity theft? 

Medical identity theft happens when criminals use your identity to see a doctor, get medical treatment, or obtain prescription drugs. In years past, medical identity theft could affect your ability to get health coverage or cause you to pay more for treatment. That’s not the case anymore thanks to recent changes in the law, but past due medical debts incurred by a scammer can appear on your credit file and hurt your credit score.

Seniors are a prime target for medical ID scams, because they receive Medicare and no one will think twice about frequent medical visits. With the Baby Boomer generation entering Medicare age (65+), scammers have more targets than ever before. Medical ID theft is up 103 percent year over year, according to the FTC.

Criminal identity theft: What is criminal identity theft? 

Criminal identity theft happens when a criminal is arrested and provides law enforcement with a name, date of birth, and fraudulent ID based on a stolen identity. Criminal ID theft typically comes up when applying for a job or an apartment. If the employer or landlord performs a background check, the crimes of your nefarious doppelganger might stop you from getting that job or housing.

Synthetic identity theft: What is synthetic identity theft? 

Synthetic identity theft is the creation of a new identity using a combination of real and fake information. Typically, criminals piece together different pieces of information with a real Social Security Number to form a synthetic identity for illegal activity.

Account takeover identity theft: What is account takeover identity theft?

Account takeover identity theft occurs when a scammer gains unauthorized access to your existing accounts, like bank accounts, credit cards, or social media pages. A fraudster can use this type of attack to steal from you, borrow in your name, or target your followers or contacts with scams and phishing attacks.

Why and how does identity theft happen: How does identity theft work? 

Here’s a sampling of the more common attack methods cybercriminals use to breach an organization, network, or your personal computer in order to steal your personal information and your identity. And if you’re interested in the history of data breaches, head over to our article on the subject.

Exploits 

An exploit is a type of attack that takes advantage of software bugs or vulnerabilities, which cybercriminals use to gain unauthorized access to a system and the data contained within. These vulnerabilities lie hidden within the code of the system and it’s a race between the criminals and the cybersecurity researchers to see who can find them first.

The criminals, on one hand, want to abuse the exploits while the researchers, conversely, want to report the exploits to the software manufacturers so the bugs can be patched. Commonly exploited software includes the operating system, Internet browsers, Adobe applications, and Microsoft Office applications.

Malware 

Spyware and keyloggers are a type of malware that infects your computer or network and steals information about you, your Internet usage, and any other valuable data it can get its hands on; e.g. your usernames, passwords, and SSN. You might install spyware as part of some seemingly benign download (aka bundleware).

Alternatively, spyware can make its way onto your computer as a secondary infection via a Trojan like Emotet. As reported on the Malwarebytes Labs blog, Emotet, TrickBot, and other banking Trojans have found new life as delivery tools for spyware and other types of malware. Once your system is infected, the spyware or keylogger sends all your personal data back to the command and control (C&C) servers run by the cybercriminals.

Phishing & social engineering 

Phishing attacks work by getting us to share sensitive information like our usernames and passwords, often employing social engineering tricks to manipulate our emotions, such as greed and fear. A typical phishing attack will start with an email spoofed, or faked, to look like it’s coming from a company you do business with or a trusted coworker. This email will contain urgent or demanding language and require some sort of action, like verifying payments or purchases you never made.

Clicking the supplied link will direct you to a malicious login page designed to capture your username and password. While emails are the most common form of phishing attack, SMS text messages (aka smishing) and social media messaging systems are also popular with scammers.

Oversharing on social media 

It’s not our fault when a social media site like Facebook or Google+ gets hacked, but oversharing personal information on social media does increase our risk of identity theft in the event of a data breach. A Facebook bug allowed spammers to get around login requirements and access personal information for 30 million users. Likewise, a bug in Google+ gave third-party app developers access to personal information, including name, email, DOB, gender, places lived, and occupation for nearly half a million users.

Two months later Google pulled the plug on the social media service when it was discovered another Google+ bug exposed over 50 million users. Should you limit your exposure and delete yourself from social media? If you answered yes, check out our guide.

Misplaced wallets, purses, and cell phones 

A common way for identity theft to occur is through the loss of a wallet, purse, or even cell phone. When a thief gets your wallet or purse, they can potentially gain access to your driver’s license, credit cards, and other vital identification documents. Likewise, after stealing your cell phone and breaching its security, they can access your sensitive information.

To mitigate the risk of identity theft in such cases, please take preventive measures. Try to avoid carrying unnecessary identification documents in your wallet or purse. And secure your mobile devices with strong passwords and biometric security.

Scam calls & robocalls 

Scam calls and robocalls are live or pre-recorded phone calls designed to trick you out of your personal information. A recent robocall covered on the Malwarebytes Labs blog involved scammers purporting to be from the Social Security Administration. Recipients were accused of “leaving behind trails of suspicious information” and if the recipients do not call the scammers back and confirm their SSN, a warrant would be put out for their arrest.

The really grifty part of this scam is that the perpetrators used spoofing technology to make the calls appear to come from the Social Security Administration’s national customer service number. According to the FTC, scam calls from people pretending to be from the Social Security Administration are trending up.

SQL injection attacks 

A SQL injection (SQLi) is a type of attack that exploits weaknesses in the way websites or applications talk to SQL databases, causing them to spit out information from the database. Malwarebytes Labs ranked SQLi as number three in the The Top 5 Dumbest Cyber Threats that Work Anyway. A bad guy enters malicious code into the search field of a retail site, for example, where customers normally enter searches for whatever they’re trying to buy.

Instead of returning with a list of search results, the website will give the hacker a list of customers and their credit card numbers. This may sound like an oversimplification, but it really can be this easy. Attackers can even use automated programs to carry out the attack for them. All they have to do is input the URL of the target site then sit back and relax while the software does the rest.

Public Wi-Fi 

While public Wi-Fi can be convenient, such networks could make you exposed. Adept hackers can easily intercept your online activities and gain access to your personal information or inject malware onto your device. This is true if you’re not using an encrypted protocol like HTTP.

If you must use a public Wi-Fi network, using a virtual private network (VPN) will make your connection more secure.  

Skimming 

Skimming attacks involve the use of illegal devices to steal credit card information from legitimate credit card readers, like the ones found at ATMs or gas stations. When you swipe your card, the skimming device captures your card’s magnetic strip data. Protect yourself from such attacks by only using your credit card at trustworthy locations. Avoid using credit cards on machines that appear to be tampered with. Skimming also happens on the websites. Criminals inject skimming code into vulnerable websites and the code captures the credit card details of everyone that uses the payment form. The most common one is Magecart, you can read more about website skimming here.

Data breaches  

A data breach occurs when a hacker gains unauthorized access to a company’s database to steal sensitive customer information. Common targets of data breaches include ecommerce websites. A cybercriminal can use a breach to steal your confidential information like your name, address, social security number, and financial details.

The best way to protect yourself from a data breach is to only use reputable websites. However, even some renowned websites have suffered from data breaches. So, it’s important to stay updated on cybersecurity news. If a breach occurs, immediately change your passwords and keep an eye on your financial accounts for suspicious activity.

Misconfigured access controls 

Broken or misconfigured access controls can make private parts of a given website public when they’re not supposed to be. For example, a website administrator at an online retail site will make certain folders on the network private. However, the web admin might forget to make the related sub-folders private as well, exposing any information contained within. While these sub-folders might not be readily apparent to the average user, a cybercriminal with strong Google-fu skills could find those misconfigured folders and steal the data inside.

Credential stuffing attacks 

In the aftermath of a data breach, affected organizations will often force reset the passwords for all impacted users, but that doesn’t necessarily mean everyone is safe. Cybercriminals can use stolen emails, usernames, passwords, and security questions/answers to break into other accounts and services that share the same information.

Using off-the-shelf automation tools designed for testing web pages, cybercriminals enter a list of stolen usernames and passwords into a website until they land on the right credentials for the right website. This is credential stuffing and while it can be used to hack individual consumer accounts, it’s typically used as part of a remote desktop protocol (RDP) attack.

“The Internet consensus seems to be that you shouldn’t pay for credit monitoring services, but if it’s offered to you for free (i.e. after a data breach) go ahead and sign up.”

10 signs of identity theft 

Experts say you must react quickly to mitigate the damage of an identity theft attack. Here are some signs that you should look out for:

1: You stop receiving your regular bills and credit card statements 

An early warning sign of identity theft is when you stop receiving your regular bills and statements. You may stop receiving your statements because a fraudster has changed your address to prevent you from noticing unusual activity.

2: You receive statements for accounts you never opened 

Identity thieves may use your data to open a new account to commit financial crimes. Statements from such accounts may show purchases you never made.

3: Debt collectors start calling you day and night about debts you’ve never heard of 

Receiving calls from debt collectors about outstanding debts you don’t recognize could be the sign of identity theft. This happens when a scammer uses your identity for transactions, leaving unpaid bills.

4: The IRS alleges you failed to report income for a company you never worked for 

Identity thieves may use your Social Security number to gain employment, and the income earned under your name could trigger an investigation by the IRS. You should immediately make an effort to clear your name in this scenario.

5: You see withdrawals/charges on your bank or credit card statement that you didn’t make 

If you notice unusual withdrawals, unauthorized transfers, or unfamiliar charges on your bank statement, it may be a sign of identity theft. Monitor your bank account regularly for any discrepancies and report them to your bank immediately.

6: You try to file your taxes only to discover that someone else beat you to it 

If someone has already filed taxes using your Social Security number, it’s a cause for concern. You should report the matter to the IRS immediately.

7: You try to file your taxes and find someone claimed your child as a dependent already 

Identity thieves regularly target children. Please contact the IRS if you learn that someone else has claimed your child as a dependent.

8: Your credit report includes lines of credit you never opened 

If your credit report shows accounts you didn’t apply for, it’s a strong indication that your identity has been compromised. Contact the credit bureaus and relevant financial institutions immediately to report the fraudulent accounts.

9: Your credit score fluctuates wildly and for no apparent reason 

Regularly monitoring your credit score is an effective way to spot any irregularities. If you notice an unexplained change in your credit score, it could be an indication of identity theft.

10: You receive a notification 

Most financial institutions and credit monitoring services send notifications when suspicious activity is detected. Please ensure that the notification is authentic and not a phishing attack, before investigating the alert.

Notable identity theft examples 

2013 Yahoo data breach 

The 2013 Yahoo data breach affected all three billion Yahoo user accounts (yes, that’s billion with a “b”). If at any point in time you had an account with Yahoo, you’re a victim. The stolen data included names, emails, a mix of encrypted and unencrypted passwords, and security questions and answers—all of which are immensely useful for hacking into other accounts that use the same login credentials (aka credential stuffing attacks).

As a result of the Yahoo data breach and others like this, this, and these, your personal data is likely for sale right now on the Dark Web. The Dark Web is like the Bizarro World version of the Web we use every day. While the average person uses the normal Web to stream movies, buy groceries, and download software. The Dark Web caters to a different kind of customer looking for illegal porn, drugs, and caches of stolen data.

According to the New York Times, three shady buyers paid $300,000 each on a Dark Web marketplace for the stolen Yahoo data.

Collection 1 

Collection 1, the largest assemblage of stolen data in history was at one point selling on the Dark Web for a mere $45.

This is a familiar narrative within the world of cybercrime—you place your trust in an organization, the organization is hacked, your data is stolen, cybercriminals sell your data on the Dark Web, buyers use your data to commit fraud.

Equifax data breach in 2017 

Hackers gained access to the personal information of approximately 147 million people in the 2017 Equifax data breach. Examples of stolen data included Social Security numbers,  addresses, and credit card data, resulting in widespread concerns about identity theft. The company agreed to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and American states.

Celebrity cases

Dozens of celebrities have suffered from identity theft. One example is Will Smith. Career criminal Carlos Lomax racked up $33,000 in credit bills in the name of the entertainer after using his Social Security number and other sensitive data to obtain 14 credit accounts at different stores in the Pittsburgh region.

Is identity theft a felony: Is identity theft a federal crime?

Identity theft is a federal crime in many countries, including the United States. In the U.S., the Identity Theft and Assumption Deterrence Act (ITADA) of 1998 made identity theft a federal offense, punishable by imprisonment and fines. The ITADA allowed federal law enforcement agencies to pursue identity thieves and prosecute them under federal jurisdiction.

However, identity theft laws may vary in different countries. It’s best to familiarize yourself with the specific identity theft laws in your location if you’re the victim of such an attack.

Identity Theft and Assumption Deterrence Act 

In the US, “identity theft” wasn’t legally defined until 1998. It was then Congress passed the Identity Theft and Assumption Deterrence Act, which, as mentioned, made identity theft a prosecutable offense in and of itself. Prior to this, identity theft was prosecuted under a hodgepodge of state and federal fraud statutes designed with old-timey grifters and con-artists in mind (think Leonardo DiCaprio in the 2002 film Catch Me if You Can).

General Data Protection Regulation (GDPR) 

International laws vary from one country to the next. Of note, EU citizens are protected under the General Data Protection Regulation (GDPR). The UK followed suit with the Data Protection Act 2018.

“Thanks to the miracle of modern technology, today’s cyber criminals don’t have to work nearly as hard to invade your privacy, but they stand to gain so much more. Big businesses and the large caches of data contained on their networks present a much more lucrative target than piecemeal attacks on individual consumers.”

Identity theft protection tips: How to prevent identity theft

If all of this talk about identity theft and data breaches upsets you, you’re in good company. A data privacy survey conducted by Malwarebytes Labs found the majority of respondents want to take steps to protect their data online and distrust search engines and social media with their data.

Before you resign yourself to victimhood, take heart. There are steps you can take to safeguard the privacy of your data and protect your identity from would-be identity thieves. Even if the bad guys already have your personal information, you can make your information entirely useless to them.

Let’s take a deeper dive into the sordid world of identity theft, the signs, the causes, how to protect yourself, and what to do if your identity has already been stolen.

“This is a familiar narrative within the world of cybercrime—you place your trust in an organization, the organization is hacked, your data is stolen, cybercriminals sell your data on the Dark Web, buyers use your data to commit fraud.”

As we’ve established, you probably don’t need to pay for identity theft protection services that don’t actually protect you against anything. Instead, follow our completely free, DIY tips below for how to avoid identity theft.

Tip 1: Claim your three free credit reports 

Everyone should get in the habit of checking their credit file regularly. Every consumer gets one free credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) at annualcreditreport.com.  You don’t have to take them all at once—nor should you. By spreading your free reports over the course of a year, you can check your credit file three times a year, on your own, without paying a dime to the so-called “credit monitoring” services.

Tip 2: Consistently review your financial reports and statements 

Regularly checking your bank statements, credit card statements, and credit reports can help you identify any suspicious activity or unauthorized transactions. If you notice anything unusual, such as unfamiliar charges or accounts that you did not open, report it immediately to your financial institution. In addition, please set up alerts for any changes or activity on your financial accounts. Many banks and credit card companies offer this service, allowing you to receive notifications whenever there are significant transactions or changes to your account information.

Tip 3: Shred documentation 

Properly disposing of sensitive documents is important in the fight against identity theft. It may sound like an extreme step, but you should consider investing in a document shredder and shred any documents that contain personal information before throwing them away. Examples of documents you should shred before throwing them in the trash, include: 

  1. Bank statements.
  2. Credit reports.
  3. Credit card offers.
  4. Phone, electricity, and other bills.
  5. Medical records.

Tip 4: Put a free freeze on your credit file 

As of 2018, credit freezes are free for everyone, no matter what state or country you live in. With a freeze in place, no one (including you) can look at your credit file, let alone open a line of credit. As long as you don’t anticipate applying for a loan or a credit card anytime soon this is a great option. In the event that you need to open a line of credit, you can contact the credit bureaus and stop the freeze at any time with the PIN you received when you froze your account. The only hassle is that you must contact each credit bureau individually to enact or remove a freeze. You should submit a freeze for your children while you’re at it. Yes, the credit bureaus maintain credit files for your underage children. Unlike an adult credit freeze, where you might have to turn it on and off over time to buy a car or apply for a loan, you can freeze your kid’s credit and forget about it until they turn 18.

Tip 5: Opt-out of prescreened credit offers 

If you have good to excellent credit, you likely receive several credit card offers in the mail every week. Pre-screened offers don’t hurt your credit score and they often include big sign up bonuses, but they also leave you exposed to credit card fraud. Criminals can steal these offers out of your mailbox and open a credit account under your name. It’s a decidedly low-tech form of identity theft, but it works. You can limit your exposure by visiting optoutprescreen.com and opt-out of pre-screened credit cards. This stops the credit bureaus from sharing your credit file with creditors and insurers. Plus, you’ll be saving some trees and reducing the glut of junk mail that fills your mailbox every month.

Tip 6: File your taxes early 

The IRS will only accept one tax return per SSN. Beat scammers to the punch and file your taxes before they can do it for you.

Tip 7: Get an identity protection PIN from the IRS 

If you’re willing to jump through an extra hoop when tax season comes around, consider obtaining an identity protection PIN. Anyone who tries to file a tax return using your SSN, including you and your accountant, will need to provide the special number assigned to you by the IRS. The number changes every year and can be obtained online or sent to you in the mail.

Tip 9: Watch out for IRS scam calls and phishing emails 

The IRS will generally send several notices via snail mail before trying to call or email you. If you receive a threatening call from the IRS demanding immediate payment of back taxes or else, you should hang up, because it’s probably a scam. Similarly, be wary of any emails purporting to be from the IRS, and definitely don’t click any links or open any attachments. Keep in mind, the IRS will never demand immediate payment without a chance to appeal, arrest you (unless you’re committing tax fraud or evasion), or demand payment using weird methods like wire transfer or iTunes gift cards. Moreover, taxes owed are always payable to the US Treasury—without exception.

Tip 10: Use a reliable cyber security software

As we covered earlier, identity theft often starts with some sort of malware. Granted, there’s not much we can do when some business loses our information in a data breach. We are, on the other hand, empowered to stop cybercriminals from attacking us personally by adopting some form of cybersecurity. Malwarebytes, for instance, has the goods for Windows, Mac, Android, iOS and Chromebook. Malwarebytes blocks malware like keyloggers, spyware, and Trojans from getting on your computer or opening up a backdoor and stealing your data. For iPhone fans, Malwarebytes for iOS screens out phone scams and robocalls.

Tip 11: Avoid oversharing on social media 

An effective way to mitigate the risk of identity theft is to avoid oversharing personal information on social media platforms. Many people unknowingly provide valuable sensitive information to potential identity thieves. Examples of such information include your full name, date of birth, or even your home address.

Additionally, accept friend requests with caution. Scammers often create fake profiles to gain access to personal information or engage in phishing attempts.

If you’re in the UK: 

First, consider opting out of the open electoral register—it won’t hurt your credit score. Second, consider getting a Royal Mail PO box. Both will make it much harder for criminals to get their hands on your personal info by taking your name and address off those huge public lists. And UK readers should still check their credit reports with the three UK bureaus, but keep in mind, you don’t get the free annual reports like US consumers.

What to do if you suspect identity theft 

Identity theft poses a significant risk in our increasingly digital world. If you suspect identity theft, act fast to prevent becoming the victim of a serious crime. Start by beefing up your cybersecurity with newer, stronger passwords, multi-factor authentication, and a malware scan. Monitor your credit reports and watch out for alerts from your financial institutions and social media and email accounts. Check the next section to learn how to respond to identity theft.

How should you respond to the theft of your identity: step-by-step

You did everything right. You took every measure possible to keep and protect your identity and then the worst thing happened. You start receiving calls from debt collectors for accounts you never opened, and you see delinquent lines of credit on your credit report.

Here’s our identity theft response checklist. Print it out and stick it to your fridge or save it to your desktop as a sobering reminder that identity theft has become a sad fact of life.

Step 1: Clean up your computer 

 It may not be immediately obvious how your identity was stolen (e.g., malware, scam call, data breach, etc.) so you may want to take a scorched earth approach to the recovery process. Start with a good cybersecurity program and scan your system for any potential threats. The free versions of Malwarebytes for Mac and Malwarebytes for Windows are a good place to start. Both use advanced detection technology to root out hidden threats on your system.

Step 2: Reset your passwords 

Reset your passwords for compromised accounts and any other accounts sharing the same passwords. Really though, you shouldn’t reuse passwords across sites. Granted, remembering a unique alphanumeric password for all of your online accounts and services is impossible. Consider using a password manager like 1Password. Password managers have the added benefit of alerting you when you land on a spoofed website. While that login page for Google or Facebook might look real, your password manager won’t recognize the URL and won’t fill in your username and password for you.

Step 3: File an identity theft report with the FTC 

Some businesses and organizations require an FTC identity theft report as the first step towards documenting your identity theft. You’ll also need the report to obtain an extended seven-year fraud alert from the credit bureaus and to remove fraudulent accounts from your credit file. Fun fact—the FTC is a federal law enforcement agency. This means you don’t have to file another report with your local law enforcement agency, unless you know the identity thief personally or your creditors demand it as proof that you’re the victim.

Step 4: Contact your bank and creditors 

You can be liable for some or all fraudulent charges and stolen funds if you don’t report lost or stolen debit and credit cards immediately. If your checking account number and routing number have been compromised, you’ll likely have to close the account and open a new one. And don’t forget to update any auto-payments tied to those account numbers.

Step 5: Monitor your credit file 

Remember, you get a free credit report, one from each of the three major credit bureaus every year, annualcreditreport.com. This is the only US Federal Trade Commission (FTC) authorized site for obtaining free credit reports. Watch it closely.

Step 6: Submit a fraud alert with the credit bureaus 

With a fraud alert in place, no one can open a line of credit under your name without first verifying your identity. This usually means calling you and asking identifying questions that only you would know. Unlike a credit freeze, you only have to notify one credit bureau and that bureau must notify the other two. Fraud alerts last one year (up from 90 days as of 2018) so you may want to set a calendar alert to remind you to renew the alert in a year’s time. As a victim of identity theft, you can request a seven-year fraud alert. A fraud alert also entitles you to a free credit report from each credit bureau, in addition to the three you already get every year.

Step 7: Submit a credit freeze 

Doing so will mostly stop cybercriminals from continuing to open credit accounts under your name. Is a freeze foolproof? Not entirely. In a disturbing report, Brian Krebs found a workaround that could potentially allow criminals to lift a freeze on your credit with only your name, Social Security number and birthday. And in the case of most Americans, all three are readily available for sale on the Dark Web.

Step 8: Watch your inbox carefully 

Opportunistic cybercriminals know that millions of victims of any given data breach are expecting some kind of communication regarding hacked accounts. These scammers will take the opportunity to send out phishing emails spoofed to look like they’re coming from those hacked accounts in an attempt to get you to give up personal information.

Step 9: Consider credit monitoring services 

As mentioned previously, if the service is free, go ahead and sign up. Otherwise, consider monitoring your own credit.

Step 10: Contact the Consumer Financial Protection Bureau (CFPB) 

You have a legal right under the Fair Credit Reporting Act to dispute any incorrect information on your credit report. The reporting agency has 30 days to investigate your dispute and let you know the results. If the reporting agency doesn’t fix or remove the fraudulent activity, you can turn to the CFPB and file a complaint. Hopefully, you won’t have to take this step, but it’s nice to know there’s a government agency looking out for consumers.

Step 11: Use multi-factor authentication (MFA) 

Two-factor authentication is the simplest form of MFA, meaning you need your password and one other form of authentication to prove that you are who you say you are and not a cybercriminal attempting to hack your account. For example, a website might ask you to enter your login credentials and enter a separate authentication code sent via text to your phone.

FAQs

What is considered identity theft?

Identity theft is a serious crime that occurs when someone uses another person's personal information without their consent to commit fraud or other illegal activities. The stolen data can include a person's name, Social Security number, credit card details, medical records, or other identifying data.

How common is identity theft?

Data suggests that millions of people fall victim to identity theft each year. In fact, identity theft is one of the fastest-growing crimes worldwide. The rise in identity theft can be attributed to the increasing reliance on technology and the ease with which personal information can be obtained and misused.

What is the most common form of identity theft?

Financial identity theft is probably the most common type of identity theft. Financial identity theft is any type of identity theft where a cybercriminal steals credit card details, bank account numbers, or other data for financial crimes. Victims of financial identity theft can suffer from monetary losses, lower credit scores, and other challenges.

What to do about identity theft?

Discovering that you’re the victim of identity theft can be distressing. However, it is critical to act swiftly to mitigate the damage.

Here are some important steps to take if you become a victim of identity theft:

  • Notify your financial institutions: Contact your bank, credit card companies, and other financial institutions to inform them of the theft. They will advise you about the steps you need to take.
  • Contact the authorities: Report the incident to your local law enforcement agency and provide them with all the relevant details.
  • Monitor your accounts: Regularly review your bank statements, credit reports, and other financial records to detect any suspicious activity.
  • File a report with the Federal Trade Commission (FTC): File a report with the FTC through their website or hotline.
  • Update your passwords and security measures: Change all your passwords to long and complex ones. Enable multi-factor authentication wherever possible to enhance your online security. Run an anti-malware scan to ensure your system isn’t carrying spyware, Trojans, and other privacy-invading malicious software.