ID theft: It's still a problem
Identity theft is everywhere. Turn on your TV, and you'll see "special reports" on how to prevent it. Turn on the radio, and hear ads for services pledging to protect you from it. Search for it on Google, and you get 93 million results. You'd never know ID theft in the U.S. is declining and that a few easy steps could protect you from it.
A 2011 report by Javelin Research in Pleasanton, Calif., shows losses from fraud related to identity theft has declined from $56 billion in 2009 to $37 billion in 2010, which is the lowest level in eight years. Overall, 8.1 million adults in the U.S. were identity theft victims in 2010, a decrease of 28 percent over 2009.
The Javelin report also shows the stakes have risen for victims of identity theft. While most pay nothing to straighten things out, a minority paid enough in 2010 to push the average cost to consumers up 68 percent to $606. Identity theft victims also had to spend more time cleaning up the mess than in years past, taking an average of 33 hours to resolve identity theft issues, compared to just 21 in 2009.
Fortunately, there are some easy ways to lower your risk of becoming another ID theft victim.
Don't over-share on social networking websites
Thanks to social networking sites such as Facebook and LinkedIn, people are now putting unprecedented levels of personal information online, and many aren't doing enough to keep it away from would-be criminals. The Javelin report found longtime social networking users were almost twice as likely as those newer to social networking to become victims of ID theft.
"The Internet has turned into this place where the less-educated consumer will willingly give up information in places where they just shouldn't," says Sean Brady, director in the identity management protection group for RSA, an information security firm based in Bedford, Mass.
The good news is you can protect yourself, Brady says. He recommends setting your privacy settings at the highest level and not sharing facts like your exact birth date, including the year, or information that could be used to answer your security questions such as your mother's maiden name.
Ultimately, Brady says social media users will have to decide how much information they're willing to disclose and weigh it against the benefits of social networking.
Maintain anti-virus and anti-malware software
Increasingly, identity thieves are using viruses and harmful programs known as malware to steal Americans' financial information, says Michael McKeown, supervisory special agent, FBI Cyber Division.
These programs can enter your personal computer in several different ways, the most common being email with links or attachments that when clicked on, install malware on your machine. From there, they can record keystrokes to mine passwords, hijack online banking sessions and probe your PC for financial information.
Beside keeping anti-virus and anti-malware software up to date, another way to prevent yourself from being hurt by malware is to keep the financial information on your PC limited, Brady says. He advises consumers to decline every time you're asked to save your password when you're logging on to a financial site.
"Malware these days, that's one of the first areas that it goes to, the location where all that's kept," Brady says.
Handle financial documents with care
Physical documents aren't as much of a threat as they once were, simply because stealing them from a mailbox or the trash can be dangerous work for thieves, Brady says. Still, the key to minimizing the risk is storing needed documents carefully and destroying the ones you don't need.
"A shredder is your friend," says Steven Toporoff, attorney with the Federal Trade Commission's Division of Privacy and Identity Protection.
Certain documents need to be retained for tax and other purposes. "Short of that, you should be shredding documents regularly that you no longer need, especially those that have any kind of account number or identifying information," Toporoff says.
Also, shred any kind of financial solicitations you get in the mail, especially those credit card offers containing blank checks.
Create strong passwords
In a world where online banking is increasingly ubiquitous and access to large chunks of your net worth is just a username and password away, having a strong password is important.
That's because once thieves have zeroed in on your email address or account username, they'll often try to guess your password, either manually or using a computer program to try thousands of passwords until they find the correct one.
To keep from becoming a victim of ID theft, stay away from obvious passwords. "'12345' is just not a good password," Brady says. "Everybody has passwords that he can remember -- mnemonics or very personal things that are better passwords that aren't publicly known."
Incorporate spaces, special characters, and lowercase and uppercase letters. "Whatever your password is, (it) should not be a word that's found in the dictionary," he says.
McKeown says using multiple passwords also can limit the damage a thief can do, especially for your online banking accounts.
Be careful with unsecured Wi-Fi
It may be convenient to do online banking at a cafe or to keep your home Wi-Fi network unsecured to avoid typing a password, but criminals have become increasingly adept at intercepting unsecured Wi-Fi communications, Toporoff says.
"You don't want to do banking or to look up your financial accounts in a Wi-Fi situation where it's not secure," he says. "Others who are sitting there with you on the same network conceivably can get access to your information."
To protect yourself, Toporoff recommends putting a password on your home Wi-Fi network and waiting until you get home or to another secured network to make financial transactions.
Don't be reeled in by phishing scams
Phishing, or the practice of sending out fraudulent emails soliciting financial information or getting users to click on virus-laden links or attachments, is a growing identity theft threat, RSA's Brady says.
That's because phishing emails have grown increasingly convincing, thanks to growing information available to thieves about you to make the emails more persuasive. Brady says consumers are seeing emails, referring to them by name and containing their address, friends and family names or their job stolen from social networking sites and data breaches, known as "spear phishing."
Brady cites one example of spear phishing as the recent data breach at Dallas-based marketing firm Epsilon, where thieves accessed millions of Americans' email addresses and names.
"That gave the ability ... to send personalized emails that have a greater chance of success," he says.
To avoid becoming a victim, read emails carefully before clicking on links or attachments, especially if an email comes from out of the blue or asks for personal or financial information, Toporoff says.
Instead of clicking on such links, Toporoff recommends contacting the company directly, using contact information you know to be accurate.
Monitor credit and bank accounts closely
Checking your credit card and debit card statements online on a daily basis is a good way to limit the damage that fraudsters can do to your accounts, McKeown says.
That's especially true now. You may remember those ID theft commercials with a male actor talking in a dubbed female voice about the fraudulent purchase of a pricey $1,500 bustier, but many thieves are actually smarter than that these days, McKeown says. Instead of making a big, obvious purchase likely to trigger a fraud alert, thieves will charge small amounts under $20, hoping to remain undetected and keep the card number active as long as possible.
To be sure, ID thieves don't limit themselves to existing accounts. The Javelin's 2011 study found that although it's less common, when thieves are able to establish new accounts in a victim's name, the average loss per incident is a whopping $7,350 compared to just $4,197 for fraud committed using existing accounts. The report says new-account fraud is harder to detect.
To avoid being a victim of new-account fraud, get regular, free credit reports from AnnualCreditReport.com, Toporoff says. Staggering them so you can receive one every four months is the best strategy.