What is identity theft and how to prevent it

Increasing engagement in the digital space means people are at higher risk of identity theft. This is especially true because of technological developments, such as artificial intelligence (AI), which are making it easier than ever for cybercriminals to commit this crime.

But what is identity theft, what are some signs to look out for – and more importantly, how do you prevent identity theft?

What is identity theft?

Identity theft is a crime where a criminal steals someone’s personal details – without their consent – and uses these for their own benefit. The data – or combination of various data points – is unique to an individual, which is why the perpetrator can commit identity theft. Examples of the information that may be stolen include names and birthdays, passwords, Social Security numbers, credit card numbers, and bank account details, which can lead to banking fraud. With all this information, the criminal can make purchases on the stolen credit cards, open bank accounts, take out loans, and commit tax fraud, among numerous other crimes.

There are various types of identity theft – and the crime can be committed in different ways. While each form of identity theft can have different implications for the victim, all have negative consequences.

Identity theft and cybercrime

The highly sophisticated technology we have access to today has made our lives immeasurably easier, but it’s also given criminals ever-more powerful ways to steal people’s identities.

AI identity theft has become a particular concern in recent years. Criminals are using deepfake technology to impersonate their victims to perpetrate financial fraud or even damage reputations. In some cases, they’re even using AI-powered software to crack passwords and access accounts. Additionally, stolen information is being used to create illegal synthetic identities – and bypass biometric authentication - to open bank accounts, take out car loans and mortgages, and get new credit cards.

Types of identity theft

Understanding identity theft requires learning the different forms the crime can take. There are several types of identity theft, and these can be categorized by the victim, the type of data stolen, or the crimes perpetrated with the data. Some of the most common types of identity theft are:

• Child identity theft: this involves stealing a minor’s identity.
• Identity cloning: the thief impersonates the victim for unlawful activities.
• Financial identity theft: when the stolen data is used to apply for credit cards, loans, or other financial services.
• Medical identity theft: using a victim’s medical records to steal their insurance or other medical benefits.
• Tax identity theft: when the victim’s information is used to file fraudulent taxes and claim the return.
• Social media impersonation: a form of catfishing, occurs when the criminal pretends to be the victim on social media, either to embarrass them, extort them, or defraud others.

How can identity theft occur?

To prevent identity theft, users must first understand how this crime occurs. There’s a surprising array of methods that criminals can use to steal a target’s personal information – and their identity. Here are some of the methods to watch out for:

• Data breaches: the hacker steals personal data from databases or files held by a company or organization.
• Unsecured online activity: many hackers try to steal sensitive information by compromising websites creating fake websites and capturing details like credit card numbers as users enter them.
• Dark web: some criminal identity theft occurs when the perpetrators buy personal data on marketplaces hosted on the dark web.
• Malware: often, cyber attackers use phishing to execute malware on a victim’s device – this then transmits information to the attacker or gives them the ability to steal data from the device.
• Phishing: some cybercriminals execute phishing attacks with malicious links that direct targets to fake websites and force them to enter personal details – these emails often impersonate legitimate organizations like banks or e-commerce companies.
• Credit card theft: This is one of the easiest types of identity theft since as soon as they have the card – or card details – fraudsters can make purchases in the victim’s name or resell them on the dark web.
• Card skimming: this involves the use of compromised credit cards or point-of-sale machines to steal the card’s information when it’s swiped.
• Mail theft: it’s less common today, but attackers can sometimes steal mail to get account information and other personal details.
• Compromised Wi-Fi networks: attackers will often hack public Wi-Fi networks – or even create legitimate-looking public networks to try and steal data – so to prevent identity theft, it’s important to always use a VPN.
• Mobile phone theft: in some cases, a stolen mobile phone facilitates identity theft by giving criminals access to the owner’s accounts and personal information that is stored on the device.

What are the implications of identity theft

Having personal data stolen can have a significant impact on various parts of the victim’s life, which is why it’s crucial to prevent identity theft. By stealing sensitive personal information, attackers destroy lives financially, socially, and in other ways. Below are some of the biggest implications of criminal identity theft:

Stolen money and financial fraud

With bank account and credit card details, criminals can steal money or make purchases and run up huge charges. If they also have the victim’s personally identifiable information (PII), such as their name, address, and Social Security details – they may be able to open new bank accounts or take out new credit cards or loans.

Stolen benefits

Attackers could also use personal information to access any government or commercial benefits the victim has access to. For example, they may be able to cash Social Security checks, get food stamps, and take veteran benefits. They may also be able to take actions such as using airline miles or using any Amazon credit, among other things.

Data exposure

Some cybercriminals sell their victims’ personal data – like passwords, addresses, and account numbers - on the dark web. This is especially true in the case of data breaches when they can make a significant amount of cash by selling the data of thousands of people at once.

Impersonation

Criminals may also use the information taken in identity theft to impersonate their victims and claim the benefits. For example, they may set up social media accounts or even try to get a job or apartment.

Account takeovers

One of the most common implications of identity theft is account takeovers. In these situations, the criminals steal their victim’s personal accounts – on social media or email, for example – effectively locking the victim out.

Ruined credit scores

In some cases, victims of identity theft may find that their credit history has been critically damaged because attackers who stole their identity accumulated debts and made numerous bad financial transactions.

Mortgage or deed fraud

Criminal identity theft can be used to illegally transfer home ownership to the criminal’s name in a crime known as deed fraud or title fraud. They can then profit by selling or renting the property, or stealing any equity, leaving the real homeowners homeless.

Tax fraud

This is becoming a growing concern for victims of identity theft. Criminals can use information such as Social Security numbers, names, and birthdates to file fraudulent taxes in their victims’ names and claim any refunds. The victim may then find that their legitimate tax filing is marked as fraudulent, causing problems with the IRS.

Psychological harm and emotional distress

The stress and financial implications of identity theft can create a wealth of mental and emotional problems for victims. This is especially true if the criminals start making public attacks, such as posting embarrassing or incriminating images and videos on social media.

Spam calls and emails

If the victims’ stolen data – particularly emails and phone numbers – are sold on to scammers (or even telemarketers), they may suddenly start receiving more spam, phishing emails, or robocalls.

8 signs of identity theft

It's not always easy to recognize when someone has stolen your identity – cybercriminals have become incredibly sophisticated. But there are certain signs of identity theft to watch out for. If you suddenly see any of the following red flags, you may have fallen victim to identity theft:

1. Unusual or suspicious activity in your bank accounts or credit card statements.
2. Unexpected calls from debt collectors, especially for charges you didn’t initiative.
3. Letters from the IRS indicating multiple tax returns.
4. Unexpected medical bills, especially if you didn’t make any hospital or clinic visits.
5. You suddenly stop receiving account statements or utility bills.
6. Your loan application is rejected, though you believe you have good credit.
7. Your credit score is lower than you’d expect.
8. You receive statements or bills for accounts you didn’t set up.

How to prevent identity theft: 16 expert tips

If the best offense is a good defense, then the best way to avoid ID theft is to prevent it from happening in the first place. There are numerous safeguards that users can implement to protect themselves and keep their personal data safe. If you want to prevent identity theft as far as possible, try these measures:

1. Remember password hygiene: use complex, unique passwords across all accounts and change them frequently – use a program like Kaspersky Password Manager to help.
2. Enable multi-factor authentication (MFA) on any apps, websites, or accounts that offer this.
3. Never provide any personal information over the phone, by email, or by text to someone you don’t know – if necessary, such as for a bank, call the official number directly.
4. Never click links in suspicious emails, such as PDFs, even if you think they come from a legitimate source – always verify the sender and never provide information or login details if you’re directed to a website.
5. Shred all documents (or cut up all bank or credit cards) before putting them in the bin.
6. Switch to paperless billing and statements to prevent account numbers and other information from being stolen.
7. Store all sensitive personal documents, such as bank records, medical information, birth certificates, passports, and Social Security information, in a secure place.
8. Regularly check bank accounts and credit cards for suspicious activity – check with the provider if you find something you’re unsure about.
9. Enable automatic alerts for banking and credit card transactions.
10. Check website security before entering sensitive data – for example, the URL should begin with https: and have a padlock icon next to it.
11. Try to ensure a website’s legitimacy before providing any important details.
12. Never make sensitive transactions or share personal data over a public Wi-Fi network.
13. Always use a secure VPN to protect online activity.
14. Be careful about what information you share on social media – for example, sharing the barcode of a flight boarding pass could reveal information like passport details.
15. Ensure the security of your devices by keeping all software up to date and installing trustworthy antivirus software.
16. Use an identity theft monitoring solution – it will alert you when personal data has been exposed.

What to do if you think your identity has been stolen

Despite implementing the strictest security measures and unwavering vigilance, it’s not always possible to avoid ID theft. In this situation, it’s important to act immediately to minimize the impact on your life and finances. Here’s what to do if you’ve been a victim of identity theft:

• Document all evidence of the situation – take photos, record phone calls, and copy emails or letters.
• File a police report and keep copies of the paperwork.
• Immediately tell all your financial institutions – banks and credit card providers, for example – about the criminal identity theft so they can watch for any unauthorized transactions.
• Close any bank accounts or credit cards that have been compromised.
• It may be helpful to report the crime to one of the major local credit bureaus to protect your credit score – some examples include Experian, Equifax, TransUnion, CreditInfo Group, Credit Bureau Singapore, and Banque Nationale de Belgique.
• If there are services or software involved, report the incident directly to the provider – for example, most Microsoft programs have a “Report Abuse” function.
• If you use an identity theft protection solution – such as the one included in Kaspersky Premium – alert the provider and ask them to guide, you through finding solutions and restoring your identity.
• If your phone number has been stolen in the theft, alert your mobile service provider.
• If your email(s) have been compromised, alert your service provider and quickly change your passwords.

Related Articles:

• Tips for creating a strong and unique password
• Identity theft prevention tips for Facebook users
• Identity theft and identity fraud: What to do if your identity is stolen

Related Products:

• Kaspersky Premium
• Kaspersky Password Manager
• Kaspersky VPN Secure Connection