Identity theft definition

Identity theft is a term that covers a variety of crimes in which someone steals another person’s personal information, such as their Social Security number or bank account number, typically for the purpose of exploiting it for financial gain.

How identity theft happens

There are many ways in which a person might have their identity stolen. The Identity Theft Resource Center (ITRC), a national nonprofit, identifies three basic avenues that ID thieves use: cyberattacks, human and system errors and physical attacks.

Cyberattacks include tactics such as “phishing,” where emails are made to look as if they come from your bank, credit card company or other legitimate source, and lure the recipient into opening a malicious attachment or link.

A related scam called “smishing” uses SMS (Short Message Service) text messages to steal data.

Identity thieves also take advantage of human errors: losing a computer or smartphone, leaving a restaurant without retrieving your credit card off the table, using weak passwords, failing to properly secure or dispose of physical documents, using public Wi-Fi to handle banking or other sensitive business, visiting unsecure websites and providing personal data to unsolicited telephone callers. Examples of system errors are failing to properly configure firewalls or cloud security and not securing your home network.

Stealing people’s physical mail, computers or important documents, and installing skimming devices on gas pumps to extract customers’ payment information are examples of physical attacks.

Types of identity theft

1. Fraudulent account access

Identity thieves often hack into personal accounts, whether it’s a bank or credit card account, online shopping account or an online magazine subscription. Hackers know that people tend to reuse usernames and passwords, says Eva Velasquez, president and CEO of ITRC, and they have tools to take advantage of that.

“If information is compromised in one manner, there are automated programs that can take that username and password and then hit all of these online portals,” she says, thereby discovering other accounts where you use that same username and password.

2. Government-issued ID theft

Any form of identification issued by the government — Social Security number, driver’s license or state ID, passport, taxpayer identification number (TIN), Medicare ID number — is a plum pick for ID thieves.

A criminal can use stolen government credentials to commit a variety of frauds, such as getting a credit card, filing a fraudulent tax return to get a refund or filing for unemployment benefits. A stolen driver’s license or passport can help a criminal avoid arrest. Your name and reputation can be ruined if someone is arrested while carrying your identification material.

3. Phishing, smishing and vishing

Phishing and smishing are cheap, easy methods for ID thieves to send emails and texts that contain malware or a link that takes the recipient to a fake landing page.

“Vishing” is when a thief calls you on the phone and pretends to be someone from the IRS or other legitimate source, in hopes of inducing you to give out personal information. Senior citizens are common targets of vishing.

4. Medical ID theft

When someone fraudulently obtains your health insurance member ID number or Medicare ID number, they can use it to get health care in your name or to send fraudulent bills to an insurer and try to collect money.

5. Biometric ID theft

Biometric authenticators include fingerprints, voice and facial recognition and eye patterns. These are often used to secure smartphones or workplaces.

Biometrics add another layer of security to identification data, but they are not invincible. Biometric data is stored and if the storage is not secure, highly sophisticated thieves can breach and use it to access digital wallets and a lot more.

6. Physical mail theft

ID thieves who swipe physical mail might intercept checks, forge them and cash them; steal debit cards or credit cards and activate them; or steal prescreened credit card offers and apply for credit in someone else’s name.

With a name and address, a thief can submit a change of address to the U.S. Postal Service and redirect someone’s mail.

7. Mortgage and home title fraud

ID thieves may use mortgage account numbers and Social Security numbers to take out a home equity line of credit or other second mortgage in your name and flee with the money.

Title fraud is when someone forges a deed to your home, changes the owner’s name and takes out equity loans or even tries to sell the house.

8. Unemployment ID theft

The U.S. Department of Labor reports that there has been a big increase in fraudulent filing for jobless benefits by organized crime rings that are using personal credentials stolen in earlier data breaches.

This scam is being used to collect unemployment benefits across multiple states.

9. Child ID theft

A child’s Social Security number and other personal information can be used to take out loans, apply for benefits, rent a place to live, open a bank account or sign up for a utility service. This crime is often committed by a family member and can hurt the child later in life when they are old enough to apply for credit.

10. Synthetic ID

Synthetic identity fraud entails the blending of personal data from real people, such as Social Security numbers, birth dates, addresses and names, with fake data to create new identities.

These fake composite identities are then used to defraud financial institutions, the government or other people.

How to check for identity theft

It’s critical to keep a watchful eye on your personal information. Here are steps to take:

  • Carefully check monthly financial statements for charges, purchases or withdrawals you don’t recognize.
  • Review your annual credit reports from the three major credit-reporting agencies and look for accounts you didn’t open.
  • Review the explanations of benefits, or EOBs, on your insurance plan for services you didn’t receive or unfamiliar charges.
  • Be suspicious if you stop getting mail, especially bills or financial statements.
  • Check the three major credit bureaus to see if your child has a credit report.
  • Sign up for the ITRC’s free Notified service to learn of the latest data breaches and do custom breach searches.
  • Consider signing up for a credit-monitoring or ID protection service.
  • Some social media platforms and internet services like Google let you see a list of devices that have logged into your accounts. Check for suspicious activity.

What to do if you think you’re an identity theft victim

If you know or suspect your personal information has been breached, don’t hesitate to act. Even if you’re not sure your data has been compromised, report it anyway.

Report identity theft to the Federal Trade Commission, which will use your information to devise a personal recovery plan. The FTC provides checklists and sample letters to help guide you through the process.

The ITRC is another resource. ID theft victims can live-chat with experts on the website who provide them with a detailed recovery plan. “That advisor is assigned to them throughout the whole process,” Velasquez says.

Other steps to take, depending on your circumstances:

  • Contact the bank or credit card company that has your breached account.
  • File a report with your local police department.
  • Put a freeze on your credit by contacting the three major credit-reporting agencies: Visit Equifax or call (800) 685-1111; visit TransUnion or call (888) 909-8872; visit Experian or call (888) 397-3742. Freezing your credit prevents anyone from applying for new credit in your name.
  • Report a lost or stolen driver’s license to your local police and your state Department of Motor Vehicles.
  • If you suspect tax fraud, visit the IRS identity theft central page. You may need to fill out a Form 14039, which is an ID theft affidavit.
  • Change usernames and passwords.
  • Set up multifactor authentication for accounts.
  • For ID theft involving jobless benefits, visit this Department of Labor page and call the fraud hotline listed for the state that issued the fraudulent benefits.
  • Report stolen mail to the U.S. Postal Inspection Service.