Identity theft is a growing problem and one that can devastate your life and deplete your finances. According to the Federal Trade Commission's Consumer Sentinel Network Report, 14.85 percent of fraud-related complaints in 2018 concerned identity theft. And of those complaints, 25 percent resulted in a financial loss.
How do fraudsters steal your identity?
The answer varies. Nearly 70 percent of identity theft victims report that thieves initially made contact and obtained crucial information from them by phone. Other victims said they were targeted via a website (12 percent) or email (10 percent).
Once criminals obtain your personal information, they can use it to drain your bank accounts, open credit cards in your name and even commit tax fraud.
The ways that fraudsters can obtain your personal information vary. Fortunately, there are things you can do to stop criminals from getting your sensitive personal information and using it to open new financial accounts or access your existing ones.
Your email contains a treasure trove of information if cybercriminals manage to hack into your account.
They can access and reset the password of any financial account you have associated with that email address to steal your money — a crime known as account takeover fraud.
To keep criminals out of your email account, reset your password every 60 to 90 days, and never use the same password for banking and email that you might use for other websites, recommend Chris Noles, president of Beyond Computer Solutions.
You'll also want to avoid sending sensitive data in emails unless there are some additional encryption protections used, said Briane Grey, manager of corporate security at City National Bank.
"Most banks put a lot of resources into securing their customers' accounts, while other sites, such as that forum you frequent or the account you created to try free software, may not be as secure. Having the same password for both leaves your most important online accounts at risk," said R.J. Weiss, a certified financial planner and founder of the personal finance site The Ways to Wealth.
Avoid issues by using different usernames and creating a complex and unique password for each site where you have an online account, recommended Grey.
"Fraudsters have massive lists of exposed passwords from other sites and are constantly checking those credentials for use elsewhere. There are password management tools, such as LastPass, 1Password, PasswordSafe and many others, that help you create and organize strong, unique passwords," he said.
When possible, set up two-factor or multi-factor authentication for your online accounts. This is vital because it requires identity thieves to have more than a password to access your account.
"Two-factor authentication requires you to verify who you are with an SMS text or email each time you sign in. Even if an attacker has your password, this would stop them from signing in, since you are the only one who can receive the verification," said Noles.
According to Idan Udi Edry, CEO of Trustifi, one way identity thieves get your information is by sending phishing emails or texts with links that look like they came from a familiar company.
These links may also contain malware that thieves use to access your electronic devices, warned Grey.
"Suspicious messages, voicemails and texts include those that contain terms like 'urgent' or 'account closing,'" said Paul Katzoff, the CEO of cybersecurity firm WhiteCanyon Software. "If you do get a phone call from what appears to be your bank or credit card, tell them that you will call them back. Then go to the company's website and use the phone number they publish on their website to contact them."
Erich Kron, security awareness advocate with KnowBe4, recommended signing up for the U.S. Postal Service's Informed Delivery program to track your incoming mail. Registering your address also blocks thieves from registering it themselves so they can track your mail.
Robert Siciliano, security awareness expert and CEO of Safr.Me, suggested switching all of your financial accounts to a paperless option. "At this point I rarely get any bills or invoices in the mail as most statements are also delivered electronically."
We share a lot of private information on our social media accounts that criminals can use to steal your identity. Things like your name, birth date, interests and names of your close friends and relatives are readily available for everyone to see.
Thieves can use the information available about you online to answer your security questions and break into your online financial accounts, warned Edry.
"Whatever you wouldn't feel comfortable publishing to the world, don't post online. Also, keep your social media accounts set to private."
One of the most common ways criminals get your sensitive personal information is through data breaches, according to Kron.
There were 1,579 breaches in 2017 alone, up 44.7 percent from the previous year, according to the 2017 Data Breach Year-End Review produced by the Identity Theft Resource Center and CyberScout.
"Cybercriminals can also steal payment card information directly from point-of-sale terminals, such gas pumps, and by modifying websites to send payment card information directly to the criminals," said Grey. That's why it's so important to monitor your bank statements and your credit reports. You can get a free report from each credit reporting agency every 12 months at AnnualCreditReport.com.
Sign up for text message updates to keep track of unusual activity on your accounts, including small charges you didn't authorize. Kron warned that criminals who obtain your debit card number may test it with minor charges before wiping out the account.
If you do notice any unusual charges on your accounts or new accounts being opened in your name, put a freeze on your credit with all major credit reporting agencies, recommended Edry. This blocks thieves from opening new accounts in your name.
Don't conduct any sensitive financial transactions while using free and public wifi. Hackers may be able to access your login information on those unsecured networks, said Grey.
Update all of your devices, including your computers, mobile devices and internet routers, to the latest software versions and secure them with strong, unique passwords, said Grey. And if you want to get rid of old hardware? "Be sure to securely wipe all personal data from any device before giving it away, recycling it or selling it to someone else," he said.
Once an identity thief obtains your information, they can destroy your credit, your finances and your reputation. Chris Griffin, a board member at the Institute for Security and Open Methodologies, recommended immediately contacting the police to file a report through their cybercrime unit.
Kron added that the nonprofit website fraudsupport.org can help victims recover from identity theft.
"You can visit IdentityTheft.gov to obtain streamlined checklists and sample letters to guide you on how to recover from a scam," said David X. Martin, founder of Cyber Risk Management as a Business Strategy. And, don't forget to advise your family members as well, because they could also be targeted by the same identity thieves who stole from you.
This article is for general information and education only. It is provided as a courtesy to the clients and friends of City National Bank (City National). City National does not warrant that it is accurate or complete. Opinions expressed and estimates or projections given are those of the authors or persons quoted as of the date of the article with no obligation to update or notify of inaccuracy or change. This article may not be reproduced, distributed or further published by any person without the written consent of City National. Please cite source when quoting.