Home Advice & How-ToIdentity 8 Types of Identity Theft and How To Protect Against Them
Home Advice & How-ToIdentity 8 Types of Identity Theft and How To Protect Against Them

8 Types of Identity Theft and How To Protect Against Them

by Fred Decker

Identity theft didn’t begin with the digital era — con artists have impersonated others for centuries — but the computer age, especially the rise of the internet, has created a number of new ways for criminals to steal your identity and profit from it. 

There are more types of identity theft than you might think, using methods from sophisticated hacking to old-fashioned physical thievery.  This quick reference guide breaks down the most common forms of identity theft, how to recognize them and what you can do about them. 

1. The Big Data Breach

These are the kind of hacks that garner the most headlines because they can affect thousands or even millions of users at once.  Notorious hacks at Yahoo, Target, Equifax, and even the federal government’s own Office of Personnel Management exposed millions of Americans’ personal information. 

What To Do About It: 

  • Watch for news stories about data breaches, especially those involving companies you deal with.  Setting up a Google alert for phrases such as “data breach” and “major hack” can help. 
  • Change any passwords, PINs, or usernames you’d used with that company.  If you have reused the same credentials on other sites, change them there as well. 
  • Reach out to the company that was breached and find out what services (if any) they’re providing to victims.  The OPM, for example, offered a pretty good range of them. 
  • Limit the number of sites used where you sign up for an account/membership to gain access or use disposable email addresses for that purpose. 

2. Address Fraud and Mail Theft

Good old-fashioned physical “snail mail” is a rich source of raw material for criminals.  If your home has an exterior mailbox, thieves can simply take the actual envelopes.  Those with a lower tolerance for risk can also put in a bogus change of address with the USPS and have your mail delivered right to them.  Once they’ve gotten your bank or credit card statements, preapproved credit offers, or perhaps even credit cards you’ve legitimately ordered, they can loot your good name for all it’s worth. 

What To Do About It: 

  • If you own your home, consider having a mail slot in the door rather than using an outside mailbox.  If that’s not a practical option, get yourself a post office box and have your mail delivered there. 
  • Be vigilant.  If a bill or statement doesn’t arrive when you expect it, reach out to the company and see if there’s a problem.  If they show you at a new address, or if it was mailed but didn’t reach you, that’s a big red flag.  Change your passwords and PINs immediately, and have a new card issued. 
  • Get electronic bills or statements.  They can’t be physically stolen, and — as a bonus — you’ll be reducing paper waste. 
  • Check your mail every day and place a hold on mail delivery if you’ll be away for a while. 

3. Tax-Related Identity Theft

One of the particularly sneaky ways criminals can misuse your identity is within the taxation system.  Most people use their credit and debit cards daily but only interact with the IRS once a year.  That means scammers with your social security number can use it to file a bogus return (and claim your refund!) or to claim your dependents for a deduction on their return.  You often won’t know until you file your return and are refused. 

What To Do About It: 

File an Identity Theft Affidavit, Form 14039, with the IRS.  Work through the IRS victim assistance process to establish your identity and verify that you are, in fact who you say you are.  You may need to go to a Taxpayer Assistance Center in person.

4. Medical/Insurance Identity Theft

A similar form of identity theft takes advantage of your medical coverage to cover the cost of treatment, medications, medical devices and other benefits.  This can happen if thieves manage to secure your SSN, steal mail containing your benefits information, or breach your provider’s computer system.  Again, you won’t know until you submit a claim and learn that your benefits are mysteriously maxed out. 

What To Do About It: 

Immediately query any refused claims with your insurance company.  Have receipts or bank records ready when you call, so you can immediately identify which claims are (and are not) legitimate. 

If you’re on Medicare, submit a fraud complaint to the HHS’ Office of the Inspector General

5. Child/Dependent Identity Theft

This is another subtle form of identity theft that can “fly under the radar” for extended periods.  Criminals steal (or buy) your minor child’s SSN and then use it to create a synthetic identity.  In this scenario, the fraudster uses a real person’s SSN to create a fake persona that can be used to launder money, apply for benefits or open up new credit accounts.  Aside from those of children, SSNs belonging to elderly relatives or those living in care for other reasons can also be misused in this way. 

What To Do About It: 

Until your children reach the age of needing credit in their names, the single biggest step you can take is to place a credit freeze in their name with the three credit reporting agencies.  The same holds for adult dependents under your care, as long as:  a) You hold a power of attorney, and b) their existing credit is adequate to their needs.  Most new credit requires a credit report, and a freeze blocks those.  It can later be lifted as or when necessary. 

6. Identity Theft From Phishing

As scams go, this is one of the all-time classics.  It’s a simple concept:  Someone sends you an email (or text or social media message) with a link in it.  Once you click the link, you’re taken to a malicious site where many things can happen, none of them good for you.  Malicious software might be loaded to your computer or phone, for example, or you might see what looks like a legit login screen asking for your username and password (or a “verification” page asking for your personal information or banking information). 

What To Do About It: 

  • First and foremost, don’t click on a link in an email!  Even if it appears to come from a company you legitimately deal with, go to the company’s site instead and look for the corresponding page.  Alternatively, just call them to confirm that they’ve sent this particular email (this works with friends, too). 
  • Learn to view the sender’s actual email address.  Depending on your email software, it may already be visible, or you may have to hover over the sender’s name or choose a menu option that says “show original” or “view headers” or something like that.  If the email comes from a Gmail account, an account that appears to be a random collection of letters, or from a different country, don’t open it. 
  • If the email address doesn’t look right, use Spokeo’s Reverse Email Search to look up who owns it.  Alternatively, use the Reverse Phone Lookup if the message came by text or chat app. 

7. Identity Theft Through Wallet/Phone Access

This one can really hurt because it means someone close to you has taken advantage of that proximity.  It may be a complete stranger, not someone who’s part of your circle, but it’s still a pretty major violation.  It basically means that someone either steals or accesses your wallet, your ID, or your personal devices and steals the personally identifying information they find there. 

Even worse, many sites verify your identity through a code sent to your phone.  With hands-on your phone, even briefly, someone can use it to gain entry to your accounts, receive a verification code and then use it to change the passwords and lock you out of your own accounts. 

What To Do About It: 

  • Keep your wallet and devices secure.  Don’t leave a wallet, purse, phone, tablet, or laptop unattended with people around, or, at the very least, password protect your devices. 
  • Use biometric tools — fingerprint unlock or face unlock — if your device offers them.  It’s not foolproof, but it’s safer than a password (or not locking the device at all). 
  • Instead of using a text message for verifications, buy a hardware key.  It’s a small USB device you can keep on your keychain and — once it’s set up — sites can use that as a second form of authentication when you log in. 

8. Bluetooth and Network Vulnerabilities

Sometimes physical access to your devices isn’t even necessary.  Most devices now can connect through Wi-Fi or Bluetooth, and criminals haven’t been slow to exploit vulnerabilities in those wireless connections.  The same Bluetooth connection you use for your wireless headphones can be used to pillage your phone, for example, and there are many well-established vulnerabilities in Wi-Fi as well. 

What To Do About It: 

  • Turn off your Bluetooth when you’re in crowded public places.  It’s inconvenient but a lot less so than identity theft. 
  • Don’t use public Wi-Fi networks for anything sensitive, like your banking website.  Wait until you’re home or use your cellular data instead. 
  • Learn to secure your home network against external threats (it’s easier than you think). 
  • If you’re at least moderately tech-savvy, consider using a VPN to protect your online activities. 

Some Final Identity Theft Tips

No matter how identity theft occurs, there are some universal steps you can (and should!) take to limit its potential impact on your life and improve the likelihood of the criminals being caught.  In no particular order, here are several of the most important: 

  • Regularly check your bank and credit card statements for suspicious activity, and also check your credit reports (you’re entitled to a free one every year from each of the three reporting agencies, so if you stagger them, you can have a fresh report every four months).  
  • Take advantage of Spokeo Protect’s dark web monitoring feature to receive alerts if your personal information is mentioned, bought or sold on the dark web.
  • Educate yourself.  Government sites, including the FTC and USA.gov offer excellent information about identity theft in general. A variety of internet security sites (including this humble blog) contain a wealth of advice about current scams and identity theft prevention.  Forewarned is forearmed, right?
  • If you discover that you have been the victim of identity theft, report it online at IdentityTheft.gov or by telephone at 1-877-438-4338.  You can create an account on the website to create a recovery plan, which walks you through the process of notifying your creditors of the theft and reestablishing your good name. 
  • Report the incident to local law enforcement, if appropriate, or to the FBI’s Internet Crime Complaint Center (IC3) if the identity theft happened online. 

Don’t Fall Victim

Identity theft is a legitimate threat, but it tends to seek easy targets like any other form of criminal activity.  If you’re familiar with the most common forms of identity theft and take steps to both minimize your risk and maximize the chances of detecting it, congratulations!  You’re no longer the “low-hanging fruit” criminals seek out. 

You may still be victimized — it’s almost impossible to protect yourself completely — but you’ll have reduced the odds sharply.  That’s a solid win by any standard.