Somebody breaks into your e-mail account and sends phishing spam from your address to everyone in your contacts list. Somebody else steals your online bank ID and password and cleans out all the money in your accounts. And another crook swipes your Social Security number and opens credit card, cell phone, and other accounts in your name.
All three of these crimes fall under the umbrella of identity theft. Reports of declines in identity-theft incidents from such security research firms as Javelin Strategy & Research and government agencies, such as the Federal Trade Commission (FTC's consumer-complaint statistics for 2010--pdf), must be taken with a grain of salt.
According to Javelin, the average out-of-pocket expense for consumer victims of identity theft increased from $387 per incident in 2009 to $631 in 2010, as Michelle Singletary reported last February in the Washington Post's Color of Money blog.
Two noteworthy trends in identity theft are increases both in breaches at medical facilities and in children being targeted by ID thieves. Becker's Hospital Review provides details on 28 data breaches at health care facilities in the past six months.
In testimony earlier this month before the House Ways and Means Committee's Social Security Subcommittee, FTC Southwest Regional Director Deanya Kueckelhan cited a study that estimates 140,000 incidents of identity theft against children occur each year in the U.S.
The best ID theft defense is vigilance
Sunday morning I noticed a suspicious e-mail had arrived from an old friend of mine. When I called him to ask about it, he said others had mentioned receiving messages containing phishy links from his account. I recommended that he run Malwarebytes' free Anti-Malware software.
I also suggested he change the account password, and he admitted that he had never done so in many years of using it. In fact, he wasn't even sure how to change his password. I couldn't help but cringe.
As imperfect as they may be, passwords are the first line of defense against computer criminals. The easiest and most-effective way to avoid being a victim of computer-based identity theft is to change your password regularly and often, and to use a strong password, as CNET's Rob Lightner described last week in "How to improve your password strength."
Dozens of firms offer to protect your identity for a price, and depending on how vulnerable you and your family are and how much you have to lose, these services may be valuable to you. Credit Protection Pro compares four leading identity theft protection services and eight credit-monitoring services.
There's plenty of information available for those of us who prefer the DIY approach to ID-theft prevention. The Consumer Federation of America recently launched the IDTheftInfo.org site, which features news, resources for consumers and businesses, and a list of "Ten easy steps to protect your personal information and detect fraud" (pdf).
The FTC's Fight Back Against Identity Theft site provides instructions for filing an identity-theft complaint form with the agency. The Consumers Union offers a "Guide to security freeze protection," which includes information on state laws allowing you to prevent new credit accounts from being opened in your name.
Safeguard your Social Security number
An important component in preventing identity theft is restricting how government agencies and businesses can use your Social Security number. Late last year the federal government joined all 50 states in passing legislation aimed at safeguarding SSNs. The Social Security Protection Act of 2010 limits how federal agencies can use SSNs to identify people. Until reliance on SSNs for identification is eliminated entirely, the onus falls on consumers and businesses to keep SSNs safe.
The Privacy Rights Clearinghouse offers a fact sheet entitled "My Social Security Number: How secure is it?" that provides a comprehensive history of the use of SSNs to identify consumers. The fact sheet also discusses when government agencies and business can require that you provide them with your SSN, and how the organizations are allowed to use the number.
The Social Security Administration's identity theft page provides toll-free phone numbers for reporting incidents to the FTC and IRS, as well as links to the Internet Crime Complaint Center, FBI, and other law-enforcement agencies.
Resources for ID-theft victims
In addition to the victim resources provided on several of the sites mentioned previously, the FTC offers a "Guide for assisting identity theft victims" that includes a Victim's Statement of Rights. For example, you have the right to a 90-day initial fraud alert as well as an extended report that will stay on record for seven years. Potential creditors are then required to contact you or take other measures to verify your identity before opening a new account in your name.
Fox Business offers "Nine steps to take if your credit card data is hacked." The first is to ensure that there has actually been a breach; crooks may attempt to collect your personal information by claiming to be notifying you of a bogus crime. It's also important to find out from your bank (or other source of the breach) exactly what information has been stolen.
If you prefer to go all the way to the top, the U.S. Department of Justice's Identity Theft and Identity Fraud page includes preventive measures as well as links and toll-free telephone numbers for reporting ID-theft crimes to government agencies, credit-reporting services, and check-verification companies.