ID theft is running rampant, with increasingly disturbing reports of credit and debit card data being stolen from major department stores, and continuing attempts by the bad guys to defraud consumers by illicitly obtaining personal data from various online sources, telephone scams, and other means.
In the interest of helping consumers avoid being lulled or tricked into giving away personal information, and to lessen the chance of ID theft, we present the top ways identities are stolen. Avoid these scenarios to decrease your chances of being the next ID theft victim.
Mining social media sites for personal info
Social media sites are a great way to connect with friends, to stay up to date with family and colleagues, and to share photos, stories and anecdotes. Avoid revealing too much about yourself, however, since astute scammers can mine data from your public site information to build a valuable personal data profile that can be used to steal your identity.
For example, common security questions you may find on banking, credit card or other financial sites can include things like the street where you grew up, your first car, your first pet's name, your favorite teacher's name, the name of your elementary school, the city where you got married, and so on. You may have seen these "challenge" questions as part of a financial system log in security process.
When you think about your social media information, much of this information is freely offered up, either in the "about you" section or in your comments and page participation. Back off on volunteering such information on social media sites and think about editing out anything similar that's already in place. Be "sociably smart" online.
For more information, additional sample situations, and further help in preventing social media fraudulent data gathering, visit theIdentity Theft Resource Center.
Grabbing your discarded paperwork
Once your sensitive account statements or other paperwork hits the sidewalk inside your trash bin, it becomes fair game to any midnight stalkers. Invest in a quality crosscut shredder and shred anything with identifiable information, especially driver license information, anything with full account numbers and of course, anything with your social security number on it.
The Washington State Attorney General's Office website offers good information on why to shred, and what to shred, including a suggested items list.
Using insecure payment or registration sites online
Always look for the URL prefix "https" and/or a secure "lock" symbol online before ordering anything with a credit card or providing personal information to an online site. Most sites are "secure" but a few are not. Always check.
For more information on insecure websites and using credit cards online, check out Credit Card Protection Basics from About.com.
Sending e-mails with personal or account data
Sending an open e-mail to your bank with personal or account information is like getting on the radio and sharing it with the world. Never send personal information in an open e-mail. Always use a secure message service that's offered after you log in to your bank or financial institution site. Sending personal information, passwords or other sensitive data on any open e-mail to anyone can be just as foolish.
Opening fraudulent e-mails
Another potentially lucrative e-mail scam is to trick you into opening e-mails that appear to be legitimate, but if you click on provided links in response, you could end up loading malware or a virus on your computer without knowing it. Wells Fargo explains common fraudulent e-mail attacks on their consumer site. Some of this software is designed to capture your keystrokes and personal data. These fraudulent e-mails can be disguised by using actual bank or company names in the return address. This is called phishing. The intent is to get you to click on a link to a site that may look familiar, but is actually designed to capture your data.
Here's a tip: Hover your mouse over the inbound e-mail address. A small bar should appear showing the actual sender content. If that information is not consistent with what you expect to see, do not open the e-mail; delete it. Scammers also grab the name of someone you know, a friend perhaps, and show that on the e-mail name in an e-mail you may open without a second thought, but when you hover your mouse, you will see something totally different. Delete it.
Another tactic is to send you an e-mail that in the subject line, "confirms" an unexpected money transaction, hoping you will open the e-mail and click on their "dispute" link to correct it. The sender may even have spoofed the return e-mail address to make it look legitimate. If you click the link provided in the e-mail, you may be downloading a virus or you may be asked to fill in sensitive data to confirm your identity or account. Run the other way.
It's not uncommon to see fraudulent inbound e-mails every day, so be alert. Use your e-mail system spam filter but remember that it won't catch everything.
Volunteering information on the phone
Scammers love to trap unsuspecting victims on the phone, especially as people age and become more vulnerable to confusing offers or overly aggressive scammers. Remember, a bank or financial institution will never call you asking you to confirm personal information. When you call them, they may ask you to confirm personal information to establish you as the account owner. That's OK, as long as you initiated the call to the company's approved number.
When fraudsters call you and attempt to gather private information, it's called Vishing, or Voice Phishing. They may even have manipulated caller ID to appear to be legitimate. Rule of thumb... if you didn't initiate the call, don't offer personal data.
In another variation on the phishing term, you may receive text messages attempting to obtain personal information, too. This is called Smishing. To read more about these various types of fraud attempts, click on Intuit's security page on the subject.
Job hunting fraud
Be careful when applying for jobs online or during phone interviews. If you responded to a job ad on a free online site or non-company service, look for signs that it could be part of a scam. If you've never heard of the company or if anything seems suspicious, especially if you are asked to provide social security or banking information up front, be especially careful. That information is only required when you are a finalist (for background checks) or to establish payroll.
Some bad guys try to grab debit card and ATM card data by affixing a small device in front of an ATM card reader. If you see anything that appears to be out of place or wasn't there the last time you used an ATM, avoid using it and report it to the bank or provider, and/or law enforcement.
Pickpockets and lost wallets
That sinking, punch in the gut feeling when you lose a wallet or worse, it's stolen, is a product of knowing that you've probably lost cash and credit cards, but that other sensitive information may be gone, too. If you are lucky enough to have a lost wallet returned by an honest citizen, that's great. If it was stolen, then you need to plan on having ID theft issues.
Consider what you carry and if you really need it. Never carry your social security card and leave your voter registration card in a safe place, too. If you have credit or debit cards that are seldom used, lock them up. The less you have to lose, the less you'll have to recover in the event of a lost or stolen wallet.
For more information
ID theft is an ongoing problem and not every situation is under your control, but with some diligence on your part, you can avoid being the next victim. For more information about these and other ID theft issues, how to prepare, and how to respond, click on the Federal Trade Commission's Consumer Information site.