If you caught someone nonchalantly copying all of the details from your checkbook, from the account number to your transaction history, you’d be outraged (and rightly so). There’s no legitimate reason for someone to do that, so the person’s motives would obviously be suspect.
Unfortunately, life is not that simple anymore. Much of your life (including banking) takes place online, which means that you’re leaving behind a digital footprint of your personal activity, including financial details. If any of that personal information should fall into the wrong hands — even something as innocuous as your login credentials for an utterly non-essential site — the effect could be surprisingly disruptive to you.
Identity theft at its simplest level occurs when someone acquires a meaningful portion of your personal data, and uses it for his or her own gain, or to your detriment.
How Identity Theft Happens, and What Happens Next
Your personal information can fall into the wrong hands in any number of ways. The really high-profile, headline-grabbing cases involve breaches of major sites or retailers (as happened with Experian and Target), which compromised millions of users’ personal information. Aside from those “home runs” of hacking, a lot of your ordinary activities – visiting the wrong websites or installing shady apps – can infect your devices with spyware or keyloggers, and phishing attacks do the same by sending you malicious links in emails, texts and social media messages. Vulnerable Wi-Fi networks and hotspots are another fruitful source of targets for scammers.
However criminals get your information, there are two ways they can exploit it. One is to use it fraudulently themselves, to acquire credit, merchandise or less-obvious things like your tax refund or medical coverage under your name. They may even use your identity to commit, or conceal, crimes.
Almost invariably, whether they use it first or not, they’ll also turn to a second source of profit from your information: selling it on the “dark web.”
Once your information hits the dark web, criminals can buy it – and that of hundreds of thousands of people like you – for pennies on the dollar, then use automated software to raid your accounts. At that kind of scale, even a small amount from each account adds up quickly.
Signs Your Identity Has Been Stolen
The dark web is an essential source of profit for the criminal community but how will you know if you’re the victim of identity theft? The Federal Trade Commission has compiled a useful list of some of the most common “red flags.”
- Unexplained withdrawals from your accounts, or unfamiliar charges on your credit cards
- Merchants suddenly refusing your checks
- Surprise medical bills for services you haven’t used
- An insurer refusing you over a condition you don’t have
- The IRS telling you more than one return was filed in your name
- Debt collectors calling about debts that aren’t yours.
These are just a handful of the most obvious signs, and of course there are many others. Any unexplained changes in your credit report, or charges or withdrawals on any of your accounts, should ring a warning bell.
Monitor Your Identity Proactively
Dark web monitoring provides your earliest and best warning against identity theft and helps break the cycle before it gets started. This type of service sniffs out identity theft at one of its few points of vulnerability: those marketplaces on the dark web where buyers and sellers meet to exploit personal information for commercial gain. It’s a shady corner of the internet where users are anonymous, sites appear and disappear without warning, and criminals abound. At some point buyers and sellers have to make a connection, and when they do your information becomes visible and detectable.
Best Practices for Identity Theft Prevention
Proverbially, an ounce of prevention is better than a pound of cure. That’s especially valid in the case of identity theft, where the “cure” involves you spending months of your time, and potentially a lot of money, restoring your credit and your good name. There are several ways you can limit your vulnerability to identity theft.
A good starting point is to simply avoid reusing the same usernames and passwords across multiple sites. This all-too-common practice means scammers can simply have a program try these passwords on millions of other sites (it’s called “credential-stuffing”) and find where else they work. These additional sites yield more information, which can also then be resold at a profit on the dark web.
Don’t visit shady sites or install dubious apps, and — above all — don’t click random links when they show up in your messages or emails. Install security apps on your mobile devices, so you can track, lock or erase them if they go missing. You might even consider using a VPN to protect yourself online.
Offline security works in much the same way. Buy a cross-cut shredder, and use it before you discard bills, bank statements or any other documents that contain personally identifying information. Where possible, get e-statements instead of paper ones. If you live in an area with outdoor mailboxes, consider renting an inexpensive P.O. box to receive physical mail.
What to Do if You Are a Victim of Identity Theft
When identity monitoring shows that your information has been captured and sold, act fast. You’re entitled to one free credit check per year from each of the three main credit reporting agencies, Experian, Equifax and TransUnion, so take advantage of this service. Make a note of any questionable or fraudulent activity, and then go to the federal IdentityTheft.gov website to file a report.
The site will help you craft a recovery plan to thwart the scammers as much as possible, and minimize the impact on your life, finances and reputation. Some common steps include:
- Filing a police report and fraud affidavit
- Contacting creditors, and speaking to their fraud departments. If your credit report shows new, fraudulent applications, speak to the “new applications” department, as well, to have those nipped in the bud.
- Obtaining letters from your creditors affirming that the fraudulent charges have been wiped from your account
- Placing an “extended fraud alert” on your credit file.
Once it’s out “in the wild,” your information can and will be passed around for years, and problems can recur at any time. An extended fraud alert tells financial services to actively verify your information before granting new credit, for a full seven years. It also allows you two free credit reports each year instead of one, and bars you from (easily misappropriated) pre-approved credit offers for five years, unless you request otherwise.
The Bottom Line
While there are measures you can take to proactively deter identity theft, the unfortunate reality is that there is no silver bullet. Along with some of the measures we’ve discussed, it’s important to bolster your security with a trusted partner who will be your eyes and ears on the dark web.
The first step in a rigorous identity protection is searching the entire Web, including the dark web, to see if your personal information has been compromised. Since most law-abiding people don’t know how to access the dark web, let Spokeo be your partner in searching and monitoring the dark web.
We are gradually rolling out the new features of our identity protection service in phases to target exactly this type of criminal activity on the dark web. As part of your Spokeo membership, the first phase will allow you to set up monitoring alerts in your user dashboard for personal and financial data, including email addresses, phone numbers, bank accounts and credit cards. Armed with that knowledge, you can move quickly to alert your banks, insurers or credit providers that you and they are at risk of potential fraud.
Spokeo can alert you that your identity is at risk, helping you minimize the costs and time involved in protecting your identity from fraud before too much damage is done. You’ll even have access to Certified Identity Resolution Specialists who can help guide you through the recovery process. Contact us today to learn more about our Identity Protection services.