In its 2019 Identity Fraud Study, Javelin Strategy & Research found that 14.4 million Americans were victims of identity fraud in 2018. While this was down from a record 16.7 million the year prior, victims experienced a substantially larger financial burden at a combined $1.7 billion in out-of-pocket costs. Moreover, experts predict a rise in identity theft during the COVID-19 pandemic as more and more people are working from home, likely using vulnerable computers and networks. To protect yourself from identity theft, it’s important to know some of the most common methods and techniques utilized by criminals.
Skimming is an identity theft technique in which fraudsters attach a special storage device to an ATM or card reader. This device collects and transfers credit card information from the magnetic strip on the card to another device, which allows criminals to make a copy of the card. They then make unauthorized purchases in the cardholder’s name. Skimming can also be performed by fraudulent salespeople who swipe your card onto a personal digital card reader.
To protect against skimming, consider using the SCAN checklist. This includes scanning surroundings for hidden cameras, comparing the keypad and card reader to the rest of the ATM, assessing for signs of tampering, and nudging the keypad and card reader (skimmers and fraudulent keypads can be removed to collect the cardholder’s information, so avoid using the ATM or machines with loose-fitting components). Meanwhile, frequently checking your credit reports can alert you to potential skimming activity.
Phishing is the most common form of online identity theft. It generally involves the victim being tricked into giving out their personal information by fraudsters alleging to be financial institutions or other companies that require such information. It can occur via text message, e-mail, standard mail, or social media.
Generally, fraudsters will ask prospective victims to click a link or open an attachment that allows them to steal personal information. For instance, the fraudster sending the phishing e-mail might say they’re with Netflix and they’ve noticed suspicious activity on your account and ask you to confirm personal information. In 2019 the FBI’s Internet Crime Complaint Center received more than 465,000 complaints, and phishing and other similar tactics were the reason behind most.
Fortunately, there is security software for personal computers and smartphones that can protect against phishing and other security threats. Backing up data to the cloud or an external hard drive presents an additional layer of security. Meanwhile, phishing e-mails can be forwarded to firstname.lastname@example.org, and texts can be forwarded to SPAM (7726).
Fraudsters don’t need technology to steal your identity. Dumpster diving involves someone literally digging through garbage to obtain personal information listed on credit card and utility bills or other pieces of mail. There isn’t any trickery involved in this scheme, but protecting against it is relatively easy. Simply shred all of your important documents before disposing of them. Many companies, utilities, and banks also provide the option of paperless billing, which eliminates the possibility of dumpster diving altogether.
Pretexting is a form of social engineering that is similar to phishing but occurs when the fraudster has already done background research on the victim’s personal information. He or she will then leverage this information to obtain more sensitive information such as a Social Security or credit card number. These criminals often present themselves as a business or utility and, because they already have your personal information, come off as more believable than other phishing scammers.
If you have any suspicions, question the reasoning for the call and ask for a call back number. If they are reluctant to give a call back number, chances are it’s a pretexting scam. If they do provide a call back number, look it up online to match it against the company they’re claiming to work for.
Shoulder surfing typically occurs when you are using an ATM or digital card reader that requires you to enter a PIN. The fraudster will peek over your shoulder or get close enough to see the PIN. They might even target you elsewhere to pick up additional information such as your card number or home address. They can then use this information to make unauthorized purchases. This is another scheme that can be easily prevented so long as you are aware of your surroundings and make an effort to hide your PIN.
Pharming is a web-based scheme that involves a hacker tampering with the domain name system or host file of a website to reroute visitors to a similar-looking but fraudulent website designed to steal personal information. However, these websites will display an unlocked padlock symbol in the computer taskbar or bottom of the browser. Only enter personal information on websites with a locked padlock or key.