Most people have already been victims of the most basic forms of identity theft — having fraudulent charges on your credit card. Those even less lucky have been victimized in more aggressive ways, with criminals obtaining medical care, working, and flying in our names.
Unwinding that mess can take years and thousands of dollars. The effect is exacerbated by the fact that the crime doesn’t generally stop with the one person who stole your information. Credit card numbers, Social Security numbers, and other data gets packaged and sold on the underground Internet so that different people all over the world could be impersonating you at the same time.
“It’s a pain. It does cause a lot of stress,” said Lindsay Bartsh, of San Rafael, California, who said that straightening out a web of fraudulent medical bills, flights, job applications, and credit applications took every minute of her free time for a year.
How does it happen? Here’s a look at both the most common ways thieves steal our data, as well as some of the newest ploys to watch out for.
1. Mail Theft
Bartsh believes this time-honored tactic is how her personal information got out into the criminal underworld. An expected W-2 tax form never arrived. Assuming it was stolen, it would have given thieves a wealth of information, such as Social Security number and workplace.
2. Database Hacks
When a large corporation gets hacked, the effect can be widespread. When the U.S. government’s Office of Personnel Management was breached, some 22 million people had their personal information exposed. (I was one of the many who received a warning about this, because I had a writing contract with a government agency.)
3. Malicious Software
If you have a virus on your computer, you may suffer more than a slowdown or a system crash. Some malicious programs that spread as viruses record every keystroke you type, allowing thieves to find out your online banking username and password. These programs can infect your mobile phone as well as your computer.
4. Search Engine Poisoning
This is a sneaky way of tricking people into giving up their own personal data, or getting malicious software onto a person’s computer. The criminals create a fake website similar to a real one, or that could plausibly be a real one.
One tactic is for you to click through to the fake site and try to buy a product, entering your credit card or debit card number. Another way they try to get you is for you to unknowingly download information-stealing software onto your computer.
Where does the search engine part come in? These criminals manipulate Google and other search engines’ algorithms to get their phony sites ranked high in search listings, leading users to believe they must be legit. Fortunately, Google has made progress in preventing this in recent years, but it still happens.
Phishing is a term that broadly means “fishing” for personal information through a variety of common social interactions — so-called “social engineering.” The most common phishing attack happens when you get an email that looks like it came from your bank or another legitimate company. It may come with an alarming subject line, such as “overdraft warning” or “your order has shipped.” When you click a link in the email, you may see a login screen identical to your normal login, which will trick you into entering your username and password. You could also be asked for more identifying details, such as Social Security number and account number.
Fortunately, banks have put some countermeasures into place to fight phishing. You can also protect yourself by not responding directly to incoming messages. If you get an email that looks like it’s from your bank, type your bank address into your browser instead of clicking the link, sign in, and check your account’s message center. Or just call your bank’s customer service number.
6. Phone Attacks
The Internal Revenue Service has been warning for several years that scammers are calling people claiming to be the…