There’s a war going on. On one side are the thieves trying to steal your identity – and your money. On the other side are government and private agencies doing their very best to protect you. But the key to staying protected is you. The only sure-fire way not be become a victim is to become your own educated advocate. We’ll show you how.
To start, you need to learn about identity theft. It’s one of the most pervasive crimes in the country. The federal government estimates that more than 17 million Americans were victims of some form of identity theft. That’s 7 percent of the country. Over the past six years, identity thieves have stolen more than $100 billion. How much is that? Enough to pay every single American $300. Why don’t more Americans know this and call for action? Probably because this is one crime where you don’t find out you’ve been a victim for a long time – or if ever. Let’s look at just what kinds of activities qualify as identity theft.
By far, the biggest headlines about identity theft involve data breaches. This happens when identity thieves break into the computers of big companies and gain access to the personal information of literally millions of Americans. In 2017, one of the biggest breaches was also the most ironic.
The hackers accessed names, SSN, birth dates, addresses and driver’s license numbers. They also stole credit card numbers from about 209,000 people. Equifax is one of the Big Three credit bureaus that help shape your credit score. And Equifax sells an identity-theft protection service called ID Patrol for $16.95 a month! Identity thieves can hit you almost anywhere and almost anytime.
We just mentioned one of the biggest data breaches ever, but smaller ones are happening all the time. USA Today reported in 2018, data breaches affected “765 people million in the months of April, May and June alone” at businesses as diverse as Dunkin Donuts and the website Quora. Marriott might have been hacked for 500 million records, although the final tally is still not known – and might never be.
Email offers don’t grab the same big headlines, but they’re also dangerous. You’ve probably seen these before. Emails that say you’ve won money, or you’ve been left money by someone you don’t know who lives in a foreign country. They ask you to wire them money to set up the transfer, and then they will deposit a much larger sum into your account.
ID thieves also send emails posing as a representative from a foreign government. They ask you to help move money from one account to another. Sounds fishy, right? Who falls for this stuff? Well. it’s been reported that this scam nets these criminals $100 million every year. These offers account for about 12% of the scams people say they’ve received, according to a National Consumers League poll. There are many versions of this scam, so it’s important to not respond to any email if you don’t know (or cannot verify) the sender.
Phishing is a type of email and website scam. The ID thief simply creates a website using the name of a legitimate company, but adds a word like “accounts” or “secure” in the domain name. This is supposed to fool you into thinking an email is coming from a reputable company you might do business with – Amazon, Bank of America, you name it. The ID thieves then send millions of emails asking consumers to verify their account information and Social Security Number. So instead of hacking your personal information, they compel you to just hand it over.
Ransomware is much like it sounds. It’s a malicious program that can lock up your computer or block your access to your computer. Once you inadvertently download it in an email or through other means, the ID thief threatens to publish your data or maybe just keep you from ever accessing it – unless you pay a ransom. That can be a few hundred dollars for an individual or thousands of dollars for a company.
Identity thieves have gotten so skilled at their evil craft, they’ve started to specialize. Besides the email scams we just talked about – which hit up to 100 million people every year – there are many others. This reviews the many ways thieves attack your credit and debit cards, your Social Security information, driver’s license information, your tax returns, medical information, and even your unemployment benefits. Let’s drill down on these and then review how to protect yourself from them all.
This theft can happen online or in person. If you use an ATM or insert your credit card into a gas pump, you might fall victim to skimmers. Instead of hacking the Internet, they hack machines. They take over the ATM or gas pump and read your card’s data.
With a credit card, you have excellent fraud protection. Simply call the number on the back of your card if you notice charges on your statement you didn’t make. Many times, your credit card issuer might call you to ask if you made suspicious charges.
Your debit card is protected as well, but not nearly as much. You need to act fast. Your loss is limited to $50 if you notify your financial institution within two business days after learning you lost your card or had its data hacked. If it’s outside that two-day window, you’re now responsible for up to $500 in damages. So if your ID is stolen on a Monday and $200 is spent, and you discover it and report it on a Tuesday, you’ll only be responsible for $50 of that damage. But if you don’t report it until Friday and the thieves spend an additional $200 on your card, you could be responsible for all $400 worth of charges!
And if you don’t report an unauthorized transfer that appears on your statement within 60 days after the statement is mailed to you, you risk unlimited loss on transfers made after that 60-day period. That means you could lose all the money in your account, plus your maximum overdraft line of credit. So if you lose your debit card, call and cancel it immediately!
One thing to remember: If you report an ATM or debit card missing before someone uses it, you’re not responsible for any unauthorized transactions. Even if your card isn’t stolen and you think you lost it, report it the moment you realize it’s gone. You can prevent any damage simply by calling your bank. Check your statements regularly to see if there are any mysterious charges and report them.
A Social Security Number is coveted by identity thieves because it’s a portal to discovering all other kinds of information. That means thieves will go to great lengths to get your number.
Thieves use your SSN to gain employment or to report income under your name. They’ll use the tried-and-true tactics like phishing, but they’ll also call you unsolicited with various stories to get you to give up your Social Security Number. The most insidious scheme involves calling as hospital employees and saying a relative has been in an accident and is near death. They need your SSN to guarantee treatment.
Your number is so valuable, thieves aren’t beyond going old-school to get it. They’ll steal mail from your mailbox, lift your purse or wallet when you’re not looking, and even rifle through your trash in search of personal records. They’re relentless, which means you need to be, too. Shred your personal info before throwing it in the trash, guard your personal possessions, and never respond to email offers or threats from people you don’t know.
A tax return is a lucrative prize for an identity thief – because they literally file a tax return in your name and redirect any refunds to themselves! To get this, they’ll use your Social Security number, so you can already see how these scams fit together.
Generally, an identity thief will use your SSN to file a false return early in the year. You might not even be aware you’re a victim until you try to file your taxes a little later and learn one already has been filed using your SSN.
Another popular scam involves phone phishing. Sophisticated-sounding agents call you or leave “urgent messages” giving fake badge numbers. They mention real IRS center locations to sound as legitimate as possible. Then they insist you owe money to the IRS – and they demand an immediate wire transfer. If you hesitate, they threaten you with big fines or even arrest.
Avoiding these scams is easy if you know just one crucial fact: The IRS will NEVER contact you by phone, only through certified mail. If anyone calls you saying they are with the IRS, hang up immediately! You can also file a report with the local police and a complaint with the Federal Trade Commission. The IRS also has a page on its website that explains what you can do.
This should come as no surprise, but identity thieves are usually career criminals, which means they might have a record preventing them from getting their own driver’s license. So what do they do? Simple. Steal yours. How?
If the thief looks like you and has some skill at fake IDs, that’s easier. Or they could simply steal yours and use it outright. But what if the thief has now pretended to be you at either a traffic stop or during a criminal arrest? You now have a court date to appear for a crime you didn’t commit. When you don’t show up to the court date that you were completely unaware of, a warrant is issued for your arrest. You can see why this is one of the most serious and traumatic forms of identity theft.
If this happens to you, hopefully you’ll figure out that your license has been stolen soon enough to prevent these terrible situations. You’re first call needs to be to your local law enforcement. By filing a report, you create a paper trail. That way, if crimes are committed in your name, they know you called it in. Next, go to the DMV immediately to get a new license.
If someone can steal your driver’s license and mimic you, why stop there? Identity thieves also use your driver’s license and Social Security Number in conjunction with your health insurance information. They can either seek medical care themselves or sell the privilege to others who stick you with the bill.
This can include everything from ordinary checkups to prescription drugs to expensive surgery. It can also happen in the workplace if an employee creates fake records to submit false bills to an insurance company. Medical fraud has gone up by over 20% due to so many medical records becoming digital.
Check for these warning signs: Being billed for medical services you didn’t get, getting called by a debt collector about medical bills you had nothing to do with, and reaching the limits of your benefits when you know you didn’t have that many expenses.
How do you prevent medical fraud? Get copies of your medical records and check them for errors. It’s no different than checking your credit card statements for the same thing. If you think you’ve been a victim, contact each doctor, clinic, hospital, pharmacy, laboratory, health plan, and location where a thief may have used your information. For example, if a thief got a prescription in your name, ask for records from the health care provider who wrote the prescription and the pharmacy that filled it.
More than anything, protect your medical information like you would your Social Security Number. Be wary if someone offers you “free” health services or products but requires you to provide your health plan ID number. Medical identity thieves may pretend to work for an insurance company, doctors’ office, clinic, or pharmacy to try to trick you into revealing sensitive information. Instead, thank them and say you’ll call back your provider directly.
And of course, shred outdated health insurance forms, prescription and physician statements, and the labels from prescription bottles before you throw them out.
Unemployment fraud is becoming a huge trend, and even though it’s been growing for the past few years, everyone hasn’t caught onto it yet. Thieves are filing for unemployment benefits and being awarded government money. Over $4 billion was paid out to unemployment fraud back in 2014 – and oddly, a very large majority of victims are actually still employed. Despite its name, this isn’t a crime that typically targets Americans actually receiving unemployment.
Why? Because the thief simply files for unemployment benefits in your name and starts collecting checks from your employer. It’s clever because you might not realize it for a long time, since the money isn’t coming out of your pocket. But it’s still very dangerous, because these thieves need a lot of your personal information to pull this off – like your Social Security Number and address. If you think they won’t use that personal information for the other kinds of theft mentioned here, you don’t know how greedy these thieves are.
If you suspect this has happened to you, call the unemployment office in your state as soon as you find out. This can put a quick end to the problem. Even if your HR department tells you they’ve contacted the unemployment office, it’s important that the office receives a verbal statement from you as the victim. That greatly helps their investigation.
Before we talk about solutions, let’s discuss the warning signs that apply to almost every kind of fraud we’ve discussed today. One big tip off is getting denied for new credit if you know you have a decent credit score – because someone else has already abused it. Ditto if you’re getting calls from bill collectors for bills that aren’t yours.
Another easy red flag to spot are errors on your bank or credit card statements, which is why it’s so important to spend a few minutes reviewing them each month.
Harder to spot are mistakes on your credit reports. But there’s a free and easy way to do that, which we cover next.
Now that we’ve scared you to death, let’s talk about solutions. We’ve mentioned a few as we’ve gone along, but you have some powerful, blanket weapons at your disposal.
You might already know that your credit reports can get saddled with accidental mistakes that can drag down your credit score. But those reports can also tip you off to suspicious activity. Federal law mandates that you can check your credit reports FREE once a year – and not just one, but three. That’s because there are three major credit bureaus: Equifax, Experian, and TransUnion. You get one free report from each. Here’s a tip: request one from each bureau every four months. That way, you can spot fraud much sooner than just once a year.
These three national credit reporting companies also offer free fraud alerts. What’s that? It’s a layer of protection that comes in two levels.
An initial fraud alert can make it harder for an identity thief to open more accounts in your name. When you have this alert on your report, a business must verify your identity before it issues credit, so it may try to contact you. Be sure the credit reporting companies have your current contact information so they can get in touch with you.
An initial alert stays on your credit report for at least 90 days and can be renewed. An initial alert is appropriate if your wallet has been stolen or if you’ve been taken in by a phishing scam. When you place an initial fraud alert on your credit report, you’re entitled to one free credit report from each of the three nationwide consumer reporting companies.
An extended fraud alert stays on your credit report for seven years. When you place an extended alert on your credit report, you’re entitled to two free credit reports within twelve months from each of the three credit bureaus. Potential creditors must contact you in person or by phone or other methods you have provided before they issue credit in your name. The consumer reporting companies must remove your name from marketing lists for pre-screened credit offers for five years unless you ask them to put your name back on the list.
Unlike requesting your credit report, you don’t need to contact all three bureaus to initiate a fraud alert. Contacting just one is enough, because they’re all legally obligated to notify the others.
A credit freeze allows you to restrict access to all your credit reports. Potential creditors can’t get access to your credit information unless you lift the freeze temporarily or permanently. Your current creditors can still access your records, though.
These freezes are also free. Unlike a fraud alert, you need to contact all three credit bureaus if you want them each to freeze your credit. The biggest drawback of a credit freeze is the sheer hassle you’ll endure. When you want to “thaw” your credit, you’ll have a PIN from each bureau that will be required by phone or mail. But it might just be worth it for the protection and peace of mind.
We’ve talked a lot about protecting your Social Security information. If you think your information has been compromised, you can contact the Social Security Administration’s fraud hotline. You have several methods of reaching the SSA.
Once it’s out there, it may not be possible to retrieve or erase it. Don’t post your address, Social Security Number, or other very personal information on social networking sites. Use the privacy settings on social networks to limit who you want to be able to see the information you post and be wary of strangers who want to be your friends, since they may be fraudsters instead. Only provide your personal information when it is absolutely necessary for something – if you’re not sure why someone wants it, ask. Shred all of your old documents.
Using passwords can be annoying, but any barriers you put in front of ID thieves make you a less attractive target. Can’t remember your passwords? It’s OK to write them down as long as you store them somewhere safe. Create passwords that aren’t easy to guess – not your birthday or your pet’s name! And not words that are in the dictionary, since crooks can use programs to run through the dictionary in minutes.
They may contain malware. If you receive something like that out of the blue and it looks like it’s from someone you know, contact that person to check whether it’s legitimate. If you don’t recognize the sender, just delete it.
Downloading “free” games or toolbars that you are not familiar with can install spyware or keyloggers on your computer. These programs can track what you do and what you type, including passwords, Social Security Numbers, and the like.
If a company unexpectedly asks you for personal information unprovoked by phone or email, odds are it is a phishing attempt. Scammers have gotten very good at disguising their emails to look like they are major corporations. If it seems suspicious, it probably is. If you are a customer of the company it is best to contact them immediately to find out if they are really trying to reach you.
Many computers and smartphones come with them built in, and you can also find this software for free or for sale on the Internet. Look for reviews from tech magazines and other independent sources.
It’s convenient, but public Wi-Fi is usually not secure. Crooks can use various high-tech means to “eavesdrop” on your email or communications on social networks and read what you’re typing. If you’re banking or shopping with your device, your account numbers could be exposed.
Before we dive deeper into governmental protections, let’s look at a nonprofit’s offerings. Consolidated Credit offers financial education tools that can help you prevent fraud. Consolidated Credit makes learning about your money painless and fun. Whether you prefer to learn from printed booklets or through interactive calculators, we can help you learn the basics that can help protect you.
While it’s up to you to protect yourself, you don’t have to go it alone. You have allies. The federal government, has two agencies that really have your back. The newer one is called the Consumer Financial Protection Bureau, or CFPB. The one that’s been around a lot longer is called the Federal Trade Commission. How are they different? Let’s take a quick look.
The CFPB was created in 2011. It’s not focused on identity thieves and that kind of crime. Instead, it focuses on protecting Americans from shady business practices of the providers of mortgages, credit cards, and student loans. Its mission is to “promote fairness and transparency” in these financial products and services. If you feel you’ve been taken advantage of in any of these areas, you can file a complaint with the CFPB. Based on those complains, the CFPB has sent warning letters to some of these providers. The agency has also filed court documents and even issued new regulations that businesses must follow.
The Federal Trade Commission’s mission is less controversial than the CFPB. First, it’s been around since 1914. Because this is the government, it can get confusing to tell the difference between the CFPB and the FTC. Why? Because the FTC has a wing called the Bureau of Consumer Protection – which sounds a lot like the Consumer Financial Protection Bureau. But they’re actually very different things. The FTC’s bureau safeguards consumers by telling businesses what they can and can’t do. For instance, it enforces the nation’s truth-in-advertising laws. The FTC can actually enforce civil contempt actions and collect financial penalties from companies who do bad things.
While many Americans of all political persuasions like to make jokes about Congress, the truth is, there have been some bipartisan bills that have passed to protect consumers over the years. They also have some confusing, similar-sounding names, but it’s worth quickly reviewing them.
Let’s look at one of those good laws. CROA regulates credit repair companies. Credit repair is a legitimate tool for fixing errors on your credit report which, left unchecked, could drag down your credit score. But like everything else in the world, a few bad actors hurt the entire industry. So CROA protects you from unscrupulous credit repair agencies that try to steal from you. Just one example: CROA prevents credit repair companies from making you pay in advance for their services, and it gives you a chance to cancel the service without any penalty within three days.
It can be tough enough to get credit at a decent interest rate – or at all. The Equal Credit Opportunity Act makes it illegal to discriminate against anyone applying for credit based on their race, their religion, their age, their marital status, and even if they receive public assistance. It also dictates that your creditors notify you about actions they take on your credit applications.
Dating all the way back to 1970, the Fair Credit Reporting Act regulates the way credit reporting agencies use the information they receive about your credit history. FCRA is mostly aimed at what are called the Big Three credit bureaus: Equifax, Experian, and TransUnion. It keeps misinformation from being used against you. FCRA has very specific guidelines for how your personal information can be gathered and released.
Not to get too confusing, but the FACT Act is actually an amendment to the Fair Credit Reporting Act we just covered. It dates back to 2003 and it allows you to pull your credit report for FREE from AnnualCreditReport.com. Given how many mistakes are on credit reports, this is something you should do every year. Take advantage of the power you now have.
The FCBA has two provisions that are pretty powerful. First, you have 60 days from the time you receive your credit card bill to dispute a charge with your card issuer. And if your card is lost or stolen, you have the right to dispute charges on the phone, instead of sending a letter.
Debt collectors aren’t beloved by many people. They have a job to do like everyone else, and let’s face it, theirs is not a pleasant career. Because of that, Congress wanted to make sure debt collectors didn’t go to extremes to collect money that’s owed to them and others. So the FDCPA sets strict limits on debt collectors. For example, they can’t call you before 8 a.m. or after 9 p.m., and they can’t call you at your workplace. If debt collectors violate these rules, you can file a complaint with the FTC.
Remember how the Equal Credit Opportunity Act outlawed discrimination in credit transactions? This does the same for housing. No one can use your race, age, gender, marital status, disability, religion or other factors against you – and not only when it comes to buying a house. This applies to renting, too.
It sounds awful, but in the past, some unscrupulous creditors would take advantage of our military personnel when they were serving our country. This act prevents that. It regulates how active duty personnel can be charged credit card interest rates, how their auto and apartment leases can be terminated, and even how evictions are proceeded. It can get a little complicated, but it’s something every military member needs to know.
Anyone with a smartphone knows how annoying it is to get sales calls you never wanted or asked for. Well, it could be worse if not for this act – which predates smartphones. It passed in 1991 and bans solicitors from calling your home before 8 am or after 9 pm, and they must maintain a Do Not Call list. Of course, these days, technology has poked holes in this act, so consumer groups are lobbying Congress to tighten the rules for this new era.
This act very specifically bans telemarketers from collecting fees for services until a debt has been settled and sets time limits on when they can call you, among other things. While it might never apply to you, it’s just another example of how the government is aware of these financial problems and tries to deal with them.
Think of the Truth in Lending Act as a comparison-shopping act. Ever try to figure out if a can of soup is a better deal than another can of soup? One is cheaper, but the other is bigger. It can be draining to figure out which is more economical. Well, the same thing happens when you apply for credit. TILA requires lenders to offer clear, uniform disclosures. That’s one reason why when you apply for a credit card, the terms, fees, and condition are all listed roughly the same way so you can comparison-shop more intelligently.
This act, passed in 2005, changed how an individual can declare bankruptcy. For example, it requires a pre-filing and pre-discharge credit counseling course – which is a good change, since the last thing you want is to keep the bad habits that drove you into bankruptcy in the first place. But the act also limits how often you can declare bankruptcy and uses what’s called a “means test” to determine if you’re even eligible.
The debt management and debt settlement industries need to register, and they must disclose their services and their fees so you can make sure you’re getting the right service at the right price. Again, it gets kind of technical – it’s the government, after all – but the philosophy is the same. Namely, that transparency helps you make the right choice, and it keeps businesses honest and competitive.
Besides these government actions, you can also get help from private nonprofit agencies like Consolidated Credit.
Thank you very much for listening today. I hope this helps you protect yourself, and gives you peace of mind that you have allies in this fight.