Note: When based in any part upon state law, BCA Consumer Resource Guides are based upon California law. Consumers in states other than California should refer to the laws of their state.

Identity Theft

Identity thieves are on the prowl more than ever before.  Identity theft occurs when someone steals your personal information and uses it without your permission. Unscrupulous characters utilize various means to obtain information, including rummaging through trash, taking mail from mailboxes, posing as trusted individuals or businesses to obtain personal information, and through phishing emails or Internet schemes.  Identity theft can have devastating consequences and may harm your finances, credit, and reputation.

Taking the time to identify what identity theft is, recognizing the warning signs, learning preventative measures to guard your information, and knowing what you can do if you have been victimized may help ward off thieves and or recover from the act.

Warning Signs

Thieves who have gained access to your personal and financial information can drain your bank account, open accounts, obtain credit cards, and order services in your name, or even get medical treatment or insurance.  Recognizing the signs indicating that your information is being used without your authorization may help you stop criminals in their tracks and limit the damage I.D. theft can cause.

Some signs to look out for:

  • Unauthorized withdrawals from bank accounts or unknown charges on credit cards
  • Mysterious charges that show up on phone bills
  • Debt collection calls and notices that are unfamiliar
  • Missing mail and bills
  • Merchants refuse your checks
  • You notice new accounts or charges on your credit report
  • Fake profiles for you on social media
  • Medical providers bill you for services you didn’t receive or use
  • Your medical records show conditions you don’t have or inaccurate information
  • IRS notifies you that more than one tax return has been filed in your name or reports of income from an employer you never worked for
  • You receive notification that your information has been compromised by a data or security breach at a company you have done business with or where you hold an account

Protect Your Information

Keeping your information safeguarded is the main way to help reduce the possibility of identity theft. While there are various ways to protect your information, for the purpose of this article we will focus on four main ways to do so:  (1) keeping your information secure offline, (2) protecting your information online, (3) securing your social security number, and (4) keeping devices secure.

Keeping your information secure when offline

It is important to keep financial documents and personal records in a safe place at home.  This includes birth certificates, medical records, applications, etc.

When you are working, at school, or at the gym, keep your wallet or purse in a secure place where others cannot gain access.  Safeguard your belongings.

Limit what you carry with you when you go out.  Take only the identification and form of payment you will need.  Persons with Medicare cards should make a copy of the card and black out everything except the last four digits of your card number on the copy.  Carry the copy with you instead of the actual card on days when you don’t have a doctor’s visit.

Shred any receipts, credit offers or applications, insurance information, medical and financial statements, expired credit cards, and similar documents when you no longer need them.

Destroy the labels on any prescription bottles before discarding them.  Never provide your healthcare coverage information to anyone offering free medical treatment, equipment, or prescriptions.

Don’t share information with anyone you have not initiated contact with or simply because they request it.  Ask them why they need the information, how it’ll be used, and the consequences of denying the request.  The decision to share your information is yours alone.

Instead of leaving outgoing mail in your mailbox, take it to a local post office or postal collection box.   Never allow mail to pile up in your mailbox.  If you will be away for a while, request a vacation hold from your postal carrier.

Keeping your information secure when online

Watch out for imposters on the Internet.  Fraudsters are known to spoof websites and impersonate legitimate businesses and individuals.  Double check that any websites you frequent are secure.  Look for misspellings or web addresses with slight variations.

When shopping or banking online, stick to sites that use encryption to protect your information.  To determine if a website is encrypted, look for https at the beginning of the web address.  If any part of your session isn’t encrypted, the entire account could be vulnerable, so look for https on every page of the site you’re on, not just where you sign in.

Keep your browser secure by using encryption software that scrambles information you send over the Internet.  Look for a “lock” symbol on the status bar of your internet browser before sending information online.  This symbol means your information will be transmitted safely.

Passwords should remain private and carefully chosen.  Some tips to use when creating a password include:

  • Selecting a password that is at least 10 characters.  The longer the password, the tougher it is to crack.
  • Mix letters, numbers, and special characters.
  • Be unpredictable—don’t use your name, child’s name, birth date, or common words or number sequences like PASSWORD or 123456789.
  • Don’t use the same password for many accounts.  If it’s stolen from you—or from one of the companies with which you do business—it can be used on your other accounts.
  • Don’t share passwords on the phone, in texts, or by email.  Legitimate companies will not send you messages asking for your password.
  • Keep your passwords in a secure place, out of plain sight.

Be cautious of what you share over social media.  Identity thieves can find information about your life on social networking sites and use it to scam you or gain access to your personal information.  Consider limiting access to your page to a small group.  Never post your phone number, address, identification or social security number in publicly accessible places.

If you receive unsolicited or suspicious looking emails asking for sensitive information, even if the email looks like it is coming from a financial institution, government authority, or business, think twice before responding or opening any links or attachments.  It’s best to locate the customer service contact for the entity that is contacting you and contact them directly to confirm the request.  Don’t open files, click on links, or download programs sent by strangers.  Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type.

Before you dispose of a computer, mobile device, or other multimedia device where your personal information is stored, delete all of your information.  Utilize a wipe utility program to overwrite the hard drive of computers.  Consult your owner’s manual, or contact the manufacturer of the device for information on how to delete contacts, texts, emails, messages, notes, folders, photos, voicemails, etc. from the device before disposal.  Don’t forget to remove any memory cards or subscriber identity module (SIM) card from your device.

Guarding your social security number

Before you provide your social security information to anyone, make sure you know why the information is being requested and how it’ll be used.  Ask to use a different form of identification, if possible.  Avoid keeping your social security card in your wallet, purse, or on your person.

Keeping Your Devices Secure

Install protections like anti-virus and anti-spyware software and a firewall on your computer or other applicable devices.  Set your preferences to update these protections often.  Installing security patches for your operating system and other software programs help protect against intrusions and infections that can compromise your computer files or passwords.

Wisely choose where to use Wi-Fi service.  Many public outlets such as coffee shops, restaurants, public transportation, libraries, airports, and hotels offer public wireless networks.  Before sending information over these networks, check to make sure your information will be protected.  If you use an encrypted website, it protects only the information you send to and from that site.  If you use a secure wireless network, all the information you send on that network is protected.

Keep financial information on your laptop only when necessary.  Lock it when not in use.  Avoid using automatic login features that save your user names and passwords, and always log off when you’re finished.  Doing so will make it harder for someone to gain access to your personal information if your laptop is lost or stolen.

Always read the privacy policy on websites.  These policies may be lengthy and complex, but they tell you how the site maintains accuracy, access, security, and control of the personal information it collects; how it uses the information; and, whether it provides information to third parties.  If you don’t see or understand a site’s privacy policy, consider doing business elsewhere.

What If Your Information Has Been Stolen

If you find that your identity has been compromised or your identity is stolen, time is not on your side.  You need to act immediately and continually monitor your information.  Acting right away may stop the thief from doing more damage and could aid authorities in catching him/her.

Contact your creditors promptly if your identification or credit cards are lost or stolen.  Contact one of the three major credit bureaus, Equifax, Experian, or Transunion, and initiate a fraud alert on your credit files.  You only need to contact one of the credit bureaus; they must inform the other two bureaus.  This can make it more difficult for someone to open more fraudulent accounts in your name.  Placing a fraud alert is free and lasts 90 days, but you can renew it.  When you have an alert on your report, a business must verify your identity before it issues credit, so it may try to contact you.  Be sure the credit reporting companies have your current contact information so they can get in touch with you.

A fraud alert also allows you to order one free copy of your credit report from each of the three credit reporting companies.  Order your credit report to check for inaccuracies and unauthorized activity.  If you realize your accounts have been tampered with or accounts have been opened without your authorization, contact the business immediately.  Speak with someone in the fraud division, keep records of your contact, and follow up.  Dispute any errors on your credit report.

Create an Identity Theft Report (“ITR”) by filing a complaint with the Federal Trade Commission and printing a copy of your “Identity Theft Affidavit”.  The report can help you get fraudulent information removed from your credit record, stop a company from collecting debts resulting from identity theft, assist in helping place an extended fraud report on your credit record, and get information from companies about the fraudulent accounts opened in your name or existing accounts that have been misused due to the theft.

Write to any business that has a record of the fraudulent transaction or consent to allow law enforcement to contact them.  Ask for copies of documents that were used to open the account or charge purchases in your name.  Send details about where and when the fraudulent transaction took place.  Include a copy of your ITR or other proof the business requests, along with proof of your identity.  Businesses must send you free copies of the records within 30 days of receiving your request.

You might also want to place a credit freeze on your credit file which generally stops all access to your credit report.  Credit freezes are different from fraud alerts and depend on state law or consumer reporting company policies.  Some states charge a fee for placing or removing a credit freeze, as do some credit reporting companies.

Are You At Risk?

Unfortunately, even the most common activities in your daily routine can put you at risk for identity theft.  It is important that you treat your personal and financial information like cash—don’t just hand it over to anyone.  Taking steps to protect yourself can save you time, money, and help maintain your sense of security.

For more information, sample letters and forms for victims of identity theft, visit the FTC’s website.