"Identity theft" is the term that describes the illicit discovery, theft or misuse of data that uniquely identifies a person, and links that person to financial or social resources. Identity theft has been described as an "epidemic," and the widespread use of computer systems that can hold the data of thousands of people has proliferated the opportunities for such theft. Citizens and law enforcement will remain locked in a move-countermove match with identity thieves for the foreseeable future.
The Goal of Identity Theft
An identity thief can seek any piece of information that allows him to impersonate an individual for purposes of financial gain or criminal activity. Identity thieves may seek a one-time transaction (like filling up gas on a fraudulent credit card), or can impersonate a theft victim for years, conducting long-term real estate or other transactions under someone else's name.
Type of Data that Is Useful to an Identity Thief
Any information that can be used to link a specific person to a financial resource is potentially advantageous. Credit card and bank account numbers and PINs, social security numbers (SSNs), passwords, addresses and phone numbers are all pieces of data that can be exploited by an intelligent criminal.
Most identity thieves focus on getting the most information, in the shortest time, that can generate a good balance of high financial gain and a low risk of being caught. This is why credit card numbers have been such a common target of theft.
Methods Used to Obtain Information
The techniques employed by identity thieves are as diverse as those used by any combination of house burglars, con men, sabotage artists or spies.
"Dumpster diving" is when a thief looks through trash for discarded papers bearing identifying data (e.g. bank account numbers, loan records, etc.).
Skimming is when a "skimmer" is attached to a legitimate ATM or credit card terminal. When your card is swiped, the device captures the data.
Wireless eavesdropping occurs when the wireless networks used by many stores and datacenters to transmit data aren't well-encrypted. The data is transmitted in the clear, and can be recorded by somebody who isn't even in the building.
Another common technique is to "pretext" or "socially engineer" a target into voluntarily (though unknowingly) relinquishing information. One method is "phishing" e-mails that ask recipients to visit a (fake) website and enter their bank account information. Some of these e-mails and websites try to infect target computers with a covert program that captures data on the system--including PINs and passwords.
Other techniques involve phone calls pretending to be from a company, requesting "confirmation" of certain sensitive data.
A thief can also employ a "mosaic" approach: starting from a single piece of data and slowly acquiring enough to put together a convincing imposter portrait of a target. This can take place slowly, over weeks or months, and is usually undetectable.
The U.S. Federal Trade Commission (FTC) estimates that about 9 million Americans are victims of identity theft annually. Javelin Strategy and Research estimates that identifying information has been stolen from one in 10 American citizens--though most aren't aware of it, and the data may not have been exploited.
The ID Theft Resource Center found that in some groups of survey respondents, over half reported that their identity had been misused to gain medical services. Mortgages and loans under stolen names are also a trophy of identity thieves.
Some identity theft outcomes are mild--a thief opens a fraudulent credit card account which is quickly detected and voided.
Sometimes the consequences are more serious. An identity thief can rack up thousands of dollars in bills under the name of "Robert Doe," and then skip town. Because "Robert's" name and SSN are on file, responsibility falls on him. An identity thief can file for bankruptcy under "Robert's" name, and ensnare his credit for years, or withdraw money from a bank account. The financial and other damage to a victim isn't always resolvable.
Don't give out sensitive information to people who don't need it, or should already have it if they do. The credit card representative doesn't need to know your PIN, and the company already has the card's security code on file.
Tear up or shred papers bearing personal information before throwing them away; and protect actual credit cards and ID documents from being accessed or stolen.
Respond immediately if you find odd charges or entries on your bills or personal records. Shut down any theft attempt early, before more serious damage can be done.
Don't enter sensitive information on the Internet, unless you can confirm a website's authenticity and security practices.
- 20 of the funniest online reviews ever
- 14 Biggest lies people tell in online dating sites
- Hilarious things Google thinks you're trying to search for