Identity theft: What it is, how it’s changing, and how to protect yourself

Practically everything’s wrapped up in your identity, including your personal reputation and your hard-earned financial assets. That’s why criminals want to steal it – and according to Javelin Research, more than 14 million Americans were victimized by identity theft in 2018 alone. This article explains what identity theft is, how it happens, how it’s changing, and how to reduce your risk.

What is identity theft?

Identity theft occurs when someone steals personal information that can be used to impersonate you. In addition to your easily-stolen name and address, they might steal your Social Security or driver’s license number, credit card, bank account, or medical insurance account numbers, birth date, social media names and passwords, or other identifiers they can use to access your accounts online or in person. Often, criminals buy stolen personal information online from other criminals who sell it in bulk.

People typically discover that they’ve been victimized by identity theft when they’re asked to pay for transactions they knew nothing about. They might discover mysterious transactions on a monthly credit card bill, or unexpected withdrawals from a checking or savings account.

These days, however, identity thieves don’t settle for draining accounts you already own. Increasingly, they use your information to create new accounts in your name – accounts that you might still be held responsible for. While overall identity theft fraud dropped a bit in 2018 – partly because credit card companies finally transitioned to chip cards – new account fraud is way up. That includes personal loans, car loans, student loans, mortgages, home equity lines of credit, store-branded credit cards, and even Amazon and eBay online accounts.

In recent years, identity thieves have also used stolen social security numbers to file fake tax returns and intercept tax refunds. They’re even hitting airline and credit card rewards programs – you’ve been saving for a trip and suddenly all your miles are gone. Infuriating!

How to safeguard yourself against identity fraud

In an era where breaches at huge companies compromise millions of customer records at once, you can’t be perfectly safe. Still, many independent personal finance experts don’t think expensive identity fraud monitoring services are worth the money. Fortunately, you can take many basic identity theft precautions on your own, for free – and they do significantly reduce your risk.

It’s like many other things related to security: you want to reduce your attack surface. If you expose less information, you’re a more difficult target. And that goes for all the ways you live your life, both online and off.

Let’s start with “offline” safeguards:

• Never carry your Social Security card or anything that includes your Social Security Number, and don’t share it with companies just because they ask you for it.
• Don’t carry credit cards you don’t intend to use, such as store-branded cards for stores where you rarely shop. Keep them secure at home until you need them.
• Try never to let your credit card out of your sight at restaurants or other retailers.
• If someone you don’t know contacts you unexpectedly – whether by phone, email, text message, or social media -- don’t give them personal information. Only do so if you’ve initiated the contact yourself, or if you personally know them. If you’re not sure, find the company’s official contact information and call them yourself.
• Review statements as soon as you get them, so you can catch fraud early and stop it. That includes credit card and bank statements, but also your annual Social Security earnings statement and even rewards program statements.
• Don’t print personal information when you don’t need to. When it’s necessary to print it, keep it safe. When you don’t need it anymore, shred it.
• Make sure nobody can watch over your shoulder as you enter your PIN at an ATM.
• Consider setting up alerts so you receive a text message whenever your credit card is used (or whenever a charge exceeds a certain amount).
• If you don’t plan to request credit soon, freeze your credit reports with the top three credit bureaus. If they won’t report on you, creditors won’t open new accounts in your name. Thanks to new federal law, credit freezes and unfreezes are now free. (Tip: Experian, Equifax, and TransUnion also must give you one free credit report every year now, if you ask. Get yours – there’s no need to pay for it.)

Now, let’s talk about protecting your devices. We completely agree with the IRS when they tell you: “Protect your personal computers by using firewalls and anti-spam/virus software, updating security patches, and changing passwords for Internet accounts.” But we’ll go further:

• Use strong passwords, and create separate passwords for each account. (Consider using a password manager to help you manage them.)
• Password protect your mobile devices.
• Don’t use insecure public Wi-Fi.
• Strictly limit the personal information you share on Facebook, Instagram, and other social media sites.
• Since you might not always know what everyone in your household is doing on their computers, make sure they’re all protected. Sophos Home Premium lets you protect up to 10 Windows and Mac computers from a single dashboard that you control.

Beyond world-class anti-malware protection, your Sophos Home Premium subscription includes additional features to help you resist identity theft. For example, it can block you from visiting or shopping online at millions of websites created or compromised by cybercriminals. It can also prevent your banking and credit card information from being intercepted by third parties or malware that tracks your keystrokes; stop apps from secretly sharing your personal data; and safeguard your usernames and passwords against malware. No single precaution can make you invulnerable, but Sophos Home Premium contributes powerfully to the layered set of safeguards you need.