Rose are red, violets are blue,
You bought flowers for Valentine’s Day,
and because I stole your credentials,
I can pretend to be you!
Cupid, Identity Thief
While Cupid’s poem isn’t going to win the Pulitzer Prize for Poetry, he brings up a great point about identity theft. Cybercriminals capitalize on human nature and organizational vulnerabilities during seasonal events. This time of year, Valentine’s Day and tax season are two opportunities when consumers are at a higher risk of having their identities stolen.
In 2017, 16 million Americans were victims of identity theft, and cybercriminals stole $16.8 million. To prevent becoming a part of this statistic, let’s explore five ways identity thieves try to steal personal information and what to look out for.
Phone calls claiming to be the Internal Revenue Service (IRS) seem to plague most people between January and May. These attempts claim that “you” need to “PAY NOW” or provide the caller with copious amounts of personal information to avoid arrest. The practice of obtaining personal information in this way is called pretexting.
What should you do? Hang up and report the number to the IRS impersonation scam reporting website. This way, the IRS can track these calls and hopefully arrest the cyber pests.
- Insecure Websites
Online retailers are a very popular means to purchase and send Valentine’s Day gifts. However, they are also a prime platform for identity theft. Whether it’s flowers, chocolate, or giant stuffed animals, make sure reputable websites are used when making these purchases.
To identify the difference between a secure and insecure website, look for and use websites with the “https:” prefix and not “http:”. The “s” indicates that the website has added an encryption layer to help protect personal information from hacking attempts.
Using phishing, cybercriminals try to trick consumers into disclosing personal information, such as financial data. A popular phishing attempt is an email that looks as though it comes from a bank. This email asks a bank customer to click a link and login with their user credentials. If the link is clicked and credentials are entered, the malicious actor can use the information obtained to actually login and access their victim’s bank account.
These emails often look very authentic. To avoid falling for a phishing attempt, do not click links embedded in emails. Instead, it is best practice to exit the potentially malicious email and log into your account on the bank’s official website.
- Dumpster Diving
Dumpster diving feels ultra-intrusive as identity thieves sort through personal garbage in the hopes of finding documentation containing personal information. If successful, this information can be used to steal an identity. Documents most sought after are those containing the most sensitive data, such as medical and financial information.
To prevent dumpster diving success, be sure to shred documentation containing personal information before throwing it in the trash. If a personal shredder is not an option, inquire into community sponsored shredding events. These events provide on-site destruction services to protect community members from identity theft.
Finally, a breach of personal information may lead to identity left. While a breach may be caused by human error, cybercriminals work long and hard to expose hundreds and thousands of consumer records containing personal information. Once personal data is breached, the potential for identity theft sets in.
The risk of identity theft is why it’s so important to report a breach as soon as possible. Early breach reporting allows consumers to lookout for irregularities. Consumers can proactively monitor for suspicious activity by taking advantage of free annual credit reports available from TransUnion, Equifax, and Experian. It’s also a good idea to keep a pulse on the latest breaches – if a store where you’ve recently shopped or a bank that you use was recently hacked, you may stand a better chance of protecting yourself by being in-the-know.
Report Identity Theft
Identity theft is no joke as it’s very costly and time consuming to correct. Reporting identity theft starts with filing a report with the Federal Trade Commission (FTC). The FTC also provides guidance for filing a police report and how dispute fraudulent activity.
Remember, stealing hearts is not a crime, but stealing an identity is!
LEAD PRIVACY ANALYST