Identity Theft and How to Avoid It

What is "identity theft"?

"Identity theft" or ID theft is the common name given to the practice of pretending to be someone else without their consent, usually for illegal purposes. The practice can range from unauthorized use of someone's credit card to completely assuming their identity, buying goods or obtaining credit in their name, and even giving the victim's name when arrested. In spite of the fact that the Identity Theft & Assumption Deterrence Act of 1998 makes ID theft a federal crime, recent studies indicate that millions of people are victimized every year with damage in the billions of dollars. Businesses suffer the greatest losses, but consumers also lose countless dollars and hours trying to clear up the mess.

Note to businesses: the Texas Identity Theft Enforcement & Protection Act (2005) includes punishment for actions that expose others to risk. For example, employees at a Radio Shack store near Corpus Christi got in trouble for dumping sensitive customer records in the trash in April 2007.

What you can do to avoid trouble:

never give out your social security number, birthday, mother's maiden name, account numbers, or other private information to anyone who calls or e-mails you. Legitimate businesses already know that information if you are a customer. If you are not a customer but want to be, you should contact the company. E-mail scams asking for your personal information are very common and are called "phishing." They look like a legitimate message from your bank, but they aren't!
new threat: "pharming." This term refers to one of several techniques to re-direct your attempt to log in to a legitimate site (particularly a bank or other financial institution) to a fake site that looks like the real thing but isn't! If you fall for the scam, your account, password, and possibly other information will be harvested and used to log into the real site under your name--and steal your money! Most commonly, these occur when your computer is infected with a virus that modifies your browser favorites to direct you to the fake site. See the web page Tips for Avoiding Computer Viruses for the best prevention. There have also been cases of DNS (domain name system) servers being infected, resulting in re-direction of everyone whose browser accesses that server (even though their computers are not infected). Tip: if you aren't 100% sure whether the site you are entering is actually your financial institution, type in an incorrect account and password. If you are at a real site, it will tell you that your information is incorrect. If you are at a fake site, it will let you in (since it doesn't actually know your account and password).
avoid giving out the above personal information under any circumstances, although some will obviously be required to establish credit cards, bank accounts, etc.
avoid carrying your social security card or anything that has the number on it with you. Unfortunately, some businesses and government agencies use the SSNO for your account number, so this can be hard to do. More responsible organizations are shifting to non-SSNO ID numbers.
never pay credit card bills without closely checking the charges. A common technique is to charge a small amount that is easy to go unnoticed.
when you receive your annual Social Security statement, make sure that all the wages reported are for jobs you know about!
if you are denied credit, obtain a copy of the applicable credit report ASAP (see below). The report must be provided free if you have been denied credit.
even if you are not denied credit, obtain a copy of your credit reports occasionally (more often is better, of course).
don't let mail sit in your mailbox, and consider getting a post office box or other locked mailbox. Some identities are stolen by opening and checking mail.
sign up for the federal Do Not Call list at http://www.donotcall.gov and/or the equivalent state list for your state. The Texas signup is at http://www.texasnocall.com/ . Logic: if you get fewer calls, you are less likely to fall for a scam. And, if you do get a call while you are on the no call list, you know right away that it is suspicious.
have the Direct Marketing Association remove you from its mailing lists.
have the national credit reporting agencies block your account from providing information for pre-approved credit offers. You will still be able to get credit, but you will (eventually) stop receiving unsolicited offers for credit, which could be stolen from your mailbox. You can notify all of the agencies by filling in a form at one web site: https://www.optoutprescreen.com/
keep at least two credit cards but use only one of them routinely. That way, if an ID thief maxes out your card, you have something else you can use while you get the mess straightened out.
use credit cards, not debit cards, for most or all of your transactions. Two reasons: (1) if there is a dispute over the transaction, it is much easier to get your money back from a credit card transaction; and (2) if an ID thief steals your debit card, your checking account can be wiped out, thereby making all your checks bounce!
be careful what information you post on Facebook and similar web sites, blogs, etc., and be careful in responding to people who contact you via those sites. There are predators who use these sites to find victims for identity theft and other (sometimes more serious) crimes.

If you are a victim:

If you find an unauthorized charge or otherwise suspect ID theft, contact the affected financial institution(s) immediately. It's also a good idea to contact the three big credit reporting agencies and let them know you have been a target (see below). Update: the Fair and Accurate Credit Transactions Act (FACTA) of 2003 allows you to contact any one of the agencies, which must then contact the others for you. The act also allows a 90-day alert or a seven-year alert to be put on your records. If there is an alert on your records, financial institutions granting credit in your name must take reasonable steps to ensure that the credit is actually going to you and not to an imposter. And, there is a procedure to get a FREE credit report once a year so you can make sure that no unauthorized accounts have been opened in your name (see below).

Important places to contact:

Credit reporting agencies. If you are denied credit, the agency providing the credit report must give you a copy for free. Otherwise you may have to pay a small fee. However, the FACTA requires all credit reporting agencies to provide a free report once a year. You can place a "fraud alert" on your record if you suspect your identity has been compromised, thereby requiring anyone granting credit in your name to first contact you personally. The agencies are:

Equifax: 800-685-1111 or www.experian.com (call 800-525-6285 to place a fraud alert on your record)
Experian: 888-397-3742 or www.equifax.com
TransUnion: 800-888-4213 or www.transunion.com (call 800-680-7289 to place a fraud alert on your record)
Site to request your FREE annual credit report: 877-322-8228 or www.annualcreditreport.com

Consumers Union's Guide to State Security Freeze Laws: www.consumersunion.org/securityfreeze.htm This site has details on state laws allowing consumers to have a "freeze" put on credit records, which prevent identity thieves from opening accounts in the consumer's name.

Federal Trade Commission ID Theft hotline: 877-438-4338 or www.consumer.gov/idtheft

Identity Theft Resource Center: www.idtheftcenter.org

Note: our server is Unix-based, so all url's are case sensitive.

Send comments and corrections concerning this page to:

wfisher@sfasu.edu

Last updated January 16, 2008