How Does Identity Theft Happen?

1. Data Breach

It's not uncommon to see headlines about the latest data breach affecting millions of consumers. Maybe you've even received a letter from your alma mater, doctor or favorite retailer saying your data was compromised.

When a data breach occurs, thieves gain access to electronic records containing sensitive information about individuals. While you can't control the security measures companies put in place, you can choose whom you do business with. Working with organizations that take security seriously and being selective about the information you share can help reduce the risk of identity theft.

2. Theft

Many types of theft can put your information at risk. Here are some of the most common types and tips for minimizing the damage if theft occurs.

Wallet or Purse

Many people don't leave home without their driver's license or state ID, debit card and credit card. After all, you need these items to manage your daily life. Unfortunately, they also provide thieves with valuable information they can use to access your accounts, apply for credit in your name or take over your identity. To minimize the damage from a lost or stolen wallet or purse, take only what's necessary. Leave the rest at home, and never carry your Social Security card with you.

Electronic Device

Cellphones, laptops and tablets are a treasure trove of demographic and financial information fraudsters can use to their advantage. Many people store sensitive information and access financial accounts on their devices. If your device falls into the wrong hands, thieves may be able to access everything on it.

The first line of defense is enabling auto-lock and creating strong passwords for your devices and online accounts. Don't store passwords in your browser, and consider using a password manager to keep track of them. Make sure "Find My Device" is active. You can use it to remotely delete information on your device in case of theft or loss.

Mail

If you receive bank, credit card and other financial statements through the mail, consider switching to e-statements. Thieves can steal hard copies from your mailbox to access your current accounts and respond to preapproved credit offers to open new accounts in your name.

To help prevent mail theft, bring your mail inside every day. If you're going on vacation, place a hold on it until you return. Shred all documents you receive that contain sensitive data, and if you need to mail a check or bill with your account information on it, take it to the post office—don't leave it in your mailbox for the mail carrier. Someone could steal it before the postal carrier arrives.

Home Burglary

If someone burglarizes your home and your financial statements are in plain view, it's easy for thieves to swipe them and use the information to access your accounts. Keep sensitive information in a locked safe in your home or safe deposit box at your local bank or credit union.

3. Smishing

Smishing is the practice of using text messages to get users to send money or divulge personal information. Smishers may pretend to be someone from your bank investigating a suspicious purchase, the U.S. Postal Service letting you know a package couldn't be delivered or a charitable organization asking for a donation after the latest natural disaster. To protect against these types of attacks, don't respond to or click links in suspicious text messages. Download an antimalware app on your devices and enable multifactor authentication on your accounts. If you're unsure whether a message is legitimate, contact the business directly.

4. Phishing

Similar to smishing, phishing scams use email messages to trick you into providing money or sensitive data or to download malware on your device. To spot phishing attempts before it's too late, look for emails that are threatening, have suspicious email addresses, include misspellings or have grammatical errors. Never open an attachment or click a link in an email from someone you don't know.

5. Vishing

When fraudsters take to the phone lines to scam you, it's called vishing. The best way to avoid this scam is not to answer if you don't recognize the number. However, that may not prevent all vishing attempts because scammers can spoof phone numbers of people and businesses you have an existing relationship with. Be wary if something seems suspicious, and never give personal details to an unsolicited caller, even if they already have some of your information.

6. Skimming

Your credit or debit card could be at risk at point-of-sale terminals or when getting cash from the ATM. Scammers install a device called a skimmer or shimmer over the card reader that can read your credit or debit card information. Then, they create a fake card and use it to steal from your accounts. If you're using a credit or debit card to make a purchase or withdraw cash, check the card reader to see if anything looks off. If it does, don't use your card and alert an employee.

7. Wi-Fi Hacking

If you're using an unsecured network or your network password is weak, identity thieves can join the network you're on and access your data. Ensure your network is encrypted with WPA security, and update your router software regularly.

Never use the manufacturer's password or wireless network name. Create a unique network name, use complex passwords and change your password every few months. Avoiding public Wi-Fi when possible and using a virtual private network if you must access the internet through a public network can also help keep your information safe.

8. Unsecure Browsing

While shopping online is a convenient, time-saving alternative to heading to the store, it could leave you vulnerable. If you enter your name, address, phone number, email address and credit card information on an unsecured site, thieves may be able to access it.

Checking for "https" at the beginning of a web address and a lock icon in your browser bar is no longer enough. Cybercriminals are including these elements on dangerous websites, making it more important than ever to stick with sites you know.

9. Dark Web Marketplaces

Not all identity thieves use the information they steal for themselves. Some sell it on the dark web instead. Dark web monitoring services can help prevent your information from being sold. Services like Experian Identity Works℠ regularly check the dark web for your Social Security number, phone number and email address to ensure they're not being misused.

10. Social Media Accounts

If you have enough information on your social media accounts, fraudsters may be able to piece it together to steal your identity. Be careful what you share online, adjust your privacy settings, don't add location tags to your posts and think twice about completing online quizzes and surveys. These can all provide small nuggets of information criminals may be able to use to commit identity theft.

11. Shoulder Surfing

Shoulder surfing occurs when fraudsters steal your identity by watching as you input PINs and passwords on your device in public. Whether you're using an ATM, mobile phone, laptop or tablet, block the view of anyone who might be watching. Consider using a screen protector, or wait until you get home to access sensitive data.

What to Do if Your Information Has Been Compromised

In 2022, the Federal Trade Commission (FTC) received more than 1.1 million reports of identity theft through its identity theft website. If you believe your personal information has been compromised, take steps to help you repair the damage.

1. Contact providers where there was fraud. This may include your bank, credit union, credit card company, utility company, phone company or other source. Cancel affected credit and debit cards, and close or freeze compromised accounts.
2. Review your credit reports regularly. Checking your credit reports with all three consumer credit bureaus (Experian, TransUnion and Equifax) frequently will alert you to any potentially fraudulent activity so you can take care of it right away. You can check your Experian credit report for free anytime; you can also check your credit reports with all three bureaus at AnnualCreditReport.com.
3. You have the right to place a fraud alert on your credit reports. With a fraud alert in place, companies must verify your identity before opening credit in your name. You also have the right to freeze your credit, which means no one—including you—can open new accounts in your name.
4. Report the theft to the FTC. You can report identity theft to the FTC at IdentityTheft.gov. They will help you create a recovery plan and provide you with a report that you can use to prove your identity if necessary.
5. File a police report. You may need a copy of a report from your local police department to repair any damage the identity thieves caused.
6. Begin repairing the damage. Contact businesses where someone opened a fraudulent account in your name to have the accounts closed. Request that your providers remove fraudulent charges from your legitimate accounts. You also have the right to dispute information on your credit reports that you believe to be fraudulent to have the inaccurate information removed.

For more information on what to do after identity theft occurs, check out IdentityTheft.gov.

The Bottom Line

Identity theft can happen to anyone at any time, but there are steps you can take to protect yourself from identity theft. If you believe you've been the victim of identity theft, it's important to act quickly to minimize the damage. Experian's free credit monitoring alerts you to changes in your credit report to help you discover and correct inaccurate information as soon as possible.