What is identity theft?
March 26, 2021
The information provided on this website does not, and is not intended to, act as legal, financial or credit advice. See Lexington Law’s editorial disclosure for more information.
What is identity theft? Though we’ve all heard of it, you might be wondering exactly what it is, how you can recognize when it’s happening to you and how you can recover from it. Identity theft is when a person steals your information to commit fraud. The types of fraud can include stealing money from your bank account, filing medical claims, taking out credit cards in your name and more.
The 2019 Identity Fraud Study from Javelin Strategy & Research found that 14.4 million consumers were victims of identity fraud in the United States in 2018. This works out to approximately one in 15 people. The United States has exceptionally high rates of identity fraud, with 33 percent of the population claiming they’ve been a victim of this crime at some point. To put it in context, that’s more than double the international average.
Consumers lost more than $1.9 billion to identity theft and fraud. These are expensive and emotionally exhausting things to experience, so it’s essential that you understand the warning signs of identity theft early on. That way, you can act quickly before more damage is done.
Identity theft: How it happens
There is a misconception that identity theft only happens when someone hacks into your email or your apps to steal your information. In reality, there are many ways someone can steal your identity, and you need to be aware of them.
Here are some of the most common ways attackers attempt to steal your identity:
Phishing scams are a typical type of identity theft attack. You receive an email that looks like it’s from a legitimate source. This email often asks you to input sensitive information or click on a link that will then expose your confidential information.
For example, a phishing scam may look like a regular email from your bank. When you select the link to log in, it takes you to a webpage that looks just like your bank’s website, so you input your banking information. As a result, the scammer now has your login information and can do with it what they want.
Shoulder surfing is when an individual stands close to you as you input your card information at a store. Or, they could be eavesdropping as you tell your account information to someone else. They listen, memorize the information and then attempt to steal your identity.
A data breach is when confidential information about users, customers or personnel is stolen from an organization. As more and more people use digital accounts in all areas of their lives, data breaches become more prevalent. In 2019, the United States had 1,473 data breaches, with over 164.68 million sensitive records exposed.
Often, hackers attack an organization in the hope they can ransom the company for money or sell the sensitive information on the dark web. Even if the company pays the ransom, there’s no guarantee the attacker won’t sell the information anyway.
When information is left unprotected, it can be used against you for identity theft. If you shop on a site that’s not secure, you’re exposing yourself to identity theft as you input your card information. Many browsers will warn you when you’re attempting to access an unsecured site. Additionally, most browsers include a little lock sign next to the URL. If you’re ever on a site and notice this lock is open, it means the site is not secure and you should exit it immediately.
This also applies to throwing out physical documents that contain your personal information without shredding them first. Everyone receives promotional offers for a new credit card or a new line of credit from their bank occasionally. It’s important to shred this type of document before throwing it away so someone else can’t attempt to cash in on that offer while pretending to be you.
Credit card theft
Credit card theft can happen in one of two ways. First, the person can sign up for a credit card under your name. This person can then rack up vast sums of debt without you ever knowing there’s another credit card out there under your name.
The other popular form of credit card theft is gaining access to one of your existing cards. The thief can then make purchases through your credit card. If you don’t check your card thoroughly, you may end up paying for their purchases without even realizing it.
Card skimming is the process of placing a digital reader on a point-of-sale device. The thief will place a tiny card skimmer on an ATM or at a gas pump without it even being noticeable. When customers use their card, the skimmer scans the card and picks up all the information needed for identity fraud.
Potential consequences of identity theft
When it comes to identity theft, the key is to catch it early and act quickly. The more time that passes without you noticing identity theft has happened, the worse the damage can be. Of course, if nothing physical was stolen (like your phone or your wallet), it can be that much harder to detect. However, the longer it goes undetected, the more time the thief has to continue to make purchases and wreak havoc.
Most importantly, the thief could ruin your credit score. They can open up credit cards in your name, make purchases, steal your tax refund and file health insurance claims in your name. Each action they take successfully will take a lot of time to undo on your part.
You’ll also probably be stressed and worried about the identity theft. It can be challenging to prove it wasn’t you who took those actions, but in the meantime, you have to watch as your credit score gets lower and your debts get higher.
Depending on the issue, it can take anywhere from a few days to a few months or years to recover, so you must get started immediately.
Know the warning signs of identity theft
The most important thing you can do is understand and recognize the warning signs of identity theft. Some of the most common signs are:
- You find unexplained charges and activity in your bank accounts and on your credit cards.
- You get calls from creditors about outstanding debts you weren’t aware of.
- You receive bills for accounts you didn’t sign up for.
- You seem to be missing important mail, such as checks.
- You’re denied credit, even though you have an excellent credit score.
- Your credit score is lowering significantly and you don’t know why.
- You receive a notice that a data breach may have impacted you.
- You receive a message from a company that your account was recently accessed and you didn’t do it. For example, many companies send out “your account was accessed from a new device or a new location” warning emails.
- You receive bills or notices in the mail about healthcare benefits you don’t need.
- Your healthcare provider denies your legitimate claim because your limit has been reached, but you haven’t used up your limit.
- A health plan won’t cover your expenses because your records indicate you have a medical condition you don’t really have.
- The IRS notifies you that you successfully filed your tax return (even though you haven’t filed yet).
- Your electronic tax filing is denied.
- You notice that your tax return includes income from an employer you don’t have.
- You receive random unauthorized authentication emails or texts.
What to do if you think you’ve been a victim of identity theft
If you believe you’re a victim of identity theft, it’s essential to act quickly. Follow these steps:
- File a report with the FTC: Your first step is to file a report with the Federal Trade Commission (FTC). The FTC will take down the details and help you understand the next steps you should take, including how to file a police report. Your FTC report will be shared with over 3,000 law enforcers.
- File a police report: The next step is to file a police report with your local police department. Remember that identity theft is a serious crime. When you file your police report, keep records of everything. You may need to provide these records later to financial institutions and credit bureaus as you try to clear the fraud activity from your record.
- Contact any other relevant companies: Next, you’ll immediately want to contact your bank and financial institutions to let them know you’ve been a victim of fraud. If there are businesses where fraudulent purchases were made, you may want to let them know the situation, too. You should also consider letting the IRS and the Social Security Office know if you believe your Social Security number has been compromised. Additionally, if you believe the thief has changed your mailing address on important items, you can reach out to the post office to correct it.
- Check your credit reports and consider freezing your credit or setting up fraud alerts: Most banking and financial institutions will allow you to freeze your account because they want to protect themselves from any more exposure. Note that if you freeze your accounts, you won’t be able to use them either (until you unfreeze them). You can also set up fraud alerts on your accounts, including your credit report.
How you can protect yourself from identity theft
You can take these proactive steps to protect yourself from identity theft:
Update the security on your devices
First, it’s essential to update the security on all your devices. Any time a device prompts you for a system upgrade, do so immediately. System upgrades are meant to protect devices from known security issues, so it’s important to follow through with these upgrades quickly.
Next, make sure you have a secure password. It shouldn’t include any easy giveaways, like your birthday or the street where you live. Never use the same password for all your accounts. If an account has been compromised, change the password on all your accounts.
Make sure you always lock your phone, especially when you’re in public. Consider having an auto-lock feature that locks your phone as soon as you haven’t used it for more than 30 seconds.
Only use public Wi-Fi networks if you have updated firewall settings on your device. If you’re accessing sensitive information remotely, consider using a Virtual Private Network (VPN). This is a security measure that helps reduce the chances of someone accessing your data because a password is required.
Sign up for account alerts
Ensure that you sign up for account alerts on all types of accounts. These alerts will send you email notifications when:
- There is suspicious activity on your account
- Your account is accessed in a new location
- Your account is accessed from a new device
You can also sign up for fraud alerts on your credit report, which means you’ll receive a notice if you may have been exposed to fraud.
If an account offers it, always sign up for two-factor authentication. There are many ways a hacker can get access to your password. With two-factor authentication, even if they gain access to your password, they’ll likely be locked out of your account because they don’t have your mobile phone.
Keep information secure
It’s important to keep your information secure as much as possible. Don’t add personal information, such as your workplace, your birthday or your address, to your social media accounts. Always shred documents that have your private information on them, such as your SSN. Some people look through mail that’s been thrown away to find personal information.
Check your bank statements and credit reports
Make it a habit to review your bank statements regularly. Check them at least once a week for suspicious activity that you don’t recognize.
You get access to a free credit report from each of the three credit bureaus once a year. Make sure to access this report annually—more often if you suspect you’ve been compromised.
Consider using an identity theft protection service
You can pay for an identity theft protection service, which will alert you as soon as it suspects you’ve been compromised. If you know you won’t check your accounts as regularly as you should, an identity theft protection service essentially does the work for you.
Identity theft and credit repair
If you’ve been a victim of identity theft, your credit has likely been negatively impacted. If this is the case, you probably want to look for credit repair identity theft services. A credit repair service can help you sort through any fraudulent items on your credit report and work with the credit reporting agencies to have these items removed.
Credit reporting agencies are notoriously challenging when it comes to submitting disputes. A credit repair service can help speed up this process and ensure you have the best chance to fully repair your credit after identity theft.
Lexington Law can help victims of identity theft with credit repair services. Additionally, we offer comprehensive credit monitoring services to help protect people going forward. With credit monitoring services, we’ll alert you whenever there’s a change on your credit report. This means you (and we) can act quickly to get incorrect items fixed.
Being a victim of identity theft is a horrible situation that can be challenging to get through. However, if you know the warning signs and act quickly, you can contain the damage. With time and patience, you can survive identity theft or stop it from happening in the first place.
Kenton Arbon is an Associate Attorney in the Arizona office. Mr. Arbon was born in Bakersfield, California, and grew up in the Northwest. He earned his B.A. in Business Administration, Human Resources Management, while working as an Oregon State Trooper. His interest in the law lead him to relocate to Arizona, attend law school, and graduate from Arizona State College of Law in 2017. Since graduating from law school, Mr. Arbon has worked in multiple compliance domains including anti-money laundering, Medicare Part D, contracts, and debt negotiation. Mr. Arbon is licensed to practice law in Arizona.
Note: Articles have only been reviewed by the indicated attorney, not written by them. The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, reviewers, contributors, contributing firms, or their respective agents or employers.