Identity theft is usually a crime of opportunity, so you may become a victim simply because your information is available. Thieves target companies for a variety of reasons such as ease of accessibility or appealing customer demographics. If your information is stored in a database that is compromised, you may become a victim of identity theft.
You can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation or rummaging through your trash. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts or apply for loans. Most companies and other institutions store information about their clients in databases. If a thief can access that database, he or she can obtain information about many people at once rather than focus on one person at a time.
Attackers target weak passwords to gain access to any network. Although it can be tempting to use the same password (or a minor variation of it) multiple times, doing so gives hackers one key to many doors. The best way to manage your passwords is to find a balance between choosing a complex password that it difficult for hackers to guess and easy for you to remember.
Strong passwords contain the following:
- At least 8-10 characters
- Uppercase and lowercase characters
- Letters, numbers and special characters
- NOT: company names, pet names, common words, usernames, etc.
You should also change your password every 60 to 90 days, and avoid sharing your password with anyone. Read more tips for creating strong passwords.
Unfortunately, there is no way to guarantee that you will not be a victim of identity theft. However, there are ways to minimize your risk:
- Watch out for scams - Before providing any personal or financial information, make sure that you are interacting with a reputable, established company. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate. Verify their legitimacy before supplying any information. See Internet and Email Scams for more information.
- Check privacy policies - Take precautions when providing information and make sure to check published privacy policies to see how a company will use or distribute your information. Many companies allow customers to request that their information not be shared with other companies. You should be able to locate the details in your account literature or by contacting the company directly.
- Be careful what information you publicize - Attackers may be able to piece together information from a variety of sources, such as social networking sites. Avoid posting personal data in public forums. See Safe Social Networking for more information.
- Devote one credit card to online purchases - To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for online use only. Keep a minimum credit line on the account to limit the amount of charges an attacker can accumulate.
- Avoid using debit cards for online purchases - Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying. Debit cards, however, do not offer that protection. Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.
- Be aware of your account activity - Paying attention to your statements and checking your credit report yearly will lower the risk of identity theft happening unknowingly. You are entitled to a free copy of your credit report from each of the main credit reporting companies once every twelve months (see AnnualCreditReport.com for more information).
A credit (or security) freeze is designed to prevent the information in your credit file from being reported to others. This means that creditors will not be able to open new lines of credit in your name while the freeze is in place. This is the only sure way to protect yourself from identity theft. To place a credit freeze on your account, you will need to contact all three credit bureaus (Equifax, Experian, Transunion) to put a freeze on your credit. You may also need to pay a small fee to each bureau. http://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
A fraud alert can make it harder for an identity thief to open more accounts in your name. When you have an alert on your report, a business must verify your identity before it issues credit, so it may try to contact you. The initial alert stays on your report for at least 90 days. To set up a fraud alert you must call one of the three national credit reporting companies (Equifax, Experian, Transunion) and ask for a fraud alert to be placed on your credit report. A fraud alert is free, but you must provide proof of your identity. http://www.consumer.ftc.gov/articles/0275-place-fraud-alert
A withdrawal alert will notify you when money is removed from your bank account. Alerts are handled by your bank of choice. Many large banks offer this service, including WellsFargo, CitiBank, Chase and more. Visit your bank’s website to learn more about their alert service.
Companies have different policies for notifying customers when they discover that someone has accessed a customer database. However, you should be aware of changes in your normal account activity. The following are examples of changes that could indicate that someone has accessed your information:
- unusual or unexplainable charges on your bills
- phone calls or bills for accounts, products, or services that you do not have
- failure to receive regular bills or mail
- new, strange accounts appearing on your credit report
- unexpected denial of your credit card
Recovering from identity theft can be a long, stressful, and potentially costly process. Many credit card companies have adopted policies that try to minimize the amount of money you are liable for, but the implications can extend beyond your existing accounts. To minimize the extent of the damage, take action as soon as possible:
- Contact the main credit reporting companies (Equifax, Experian, TransUnion) - Check your credit report to see if there has been unexpected or unauthorized activity. Have a fraud alert placed on your credit reports to prevent new accounts being opened without verification.
- Contact companies, including banks, where you have accounts - Inform the companies where you have accounts that someone may be using your identity, and find out if there have been any unauthorized transactions. Close or suspend any accounts you know or believe have been tampered with or opened fraudulently. In addition to calling the company, send a letter so there is a written record of the problem.
- File a report - File a report with the local police so there is an official record of the incident. You can also file a complaint with the Federal Trade Commission.
- Consider other information that may be at risk - Depending what information was stolen, you may need to contact other agencies. For example, if a thief has access to your Social Security number, contact the Social Security Administration. You should also contact the Department of Motor Vehicles if your driver's license or car registration have been stolen.
The following sites offer additional information and resources for recovering from identity theft: