T2022_03 Preventing and responding to Identity theft (7th March 2022)

What is Identity Theft?

When someone uses your personal information to impersonate you or steal from you, this is known as identity theft. Even if you never use a computer, you might become a victim of identity theft. By stealing your wallet, overhearing a phone conversation, searching through your trash, or picking up a receipt at a restaurant with your account number on it, malicious people may be able to collect sensitive information (like credit card numbers, phone numbers, account numbers, and addresses). Identity thieves may deplete your bank and investment accounts, create new credit lines, apply for loans in your name, obtain utility service, obtain medical care using your insurance information, purchase products, or provide authorities with your name and address when they are apprehended.

Malicious people can now easily get personal and financial information thanks to the internet. Most businesses and other organizations maintain client information in databases; if a thief gains access to that database, he or she can collect information on several people at once rather than concentrating on one person at a time. The internet has also made it easier for criminals to sell or trade personal information, making it increasingly difficult for law authorities to track down and apprehend them.

How identity theft happens

There are several ways identity theft may occur, some of these are:

  • Lost wallet- When your wallet is lost or stolen, thieves may gain access to your information.
  • Using public Wi-Fi- When using free public Wi-Fi hackers may be able to see your financial transactions.
  • Phishing or Spoofing- By sending an official-looking email, some fraudsters try to persuade you to reveal personal information such as credit card details, Social Security numbers, and banking information. Spoofing entails doing the same thing with caller ID, making the number appear to be from a reputable company or government agency.
  • Skimming- Skimming is a technique for collecting personal information from ATM, debit, or credit cards while they are being used at a merchant location or at an ATM machine. People can tamper with genuine ATM equipment to steal the magnetic strip data from the cards being used as well as the PINs issued to such cards.
  • Phone scams- You can be told you have won something or that you are about to be arrested. The caller claims that they require personal, banking, or credit information to verify your identification or determine where they can send money to you.
  • Malware- Malicious software, such as a keylogger, can be installed on your computer by opening an email attachment or visiting an infected website.

How victims are chosen for online identity theft

Because identity theft is typically a crime of opportunity, you could be a victim simply because your information is easily accessible. Thieves may target clients of certain organizations for a variety of reasons, including easy access to a company’s database, appealing demographics of customers, or a market for specific information. You may become a victim of identity theft if your information is kept in a database that has been hacked.

Preventing Identity Theft

There isn't a foolproof solution to avoid identity theft, and monitoring systems only notify you when anything goes wrong. However, there are things you can do to make it far more difficult for identity thieves to steal your identity.

  • Do business with reputable companies – Before providing any personal or financial information, make sure that you are interacting with a reputable, established company. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information.
  • Take advantage of security features – Passwords and other security features add layers of protection if used appropriately.
  • Check privacy policies – Take precautions when providing information, and make sure to check published privacy policies to see how a company will use or distribute your information. Many companies allow customers to request that their information not be shared with other companies; you should be able to locate the details in your account literature or by contacting the company directly.
  • Be careful what information you publicize – Attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums.
  • Use and maintain anti-virus software and a firewall – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus definitions up to date.
  • Be aware of your account activity – Read financial statements. Make sure you recognize every transaction. Know due dates and call to investigate if you do not receive an expected bill.
  • Shred, shred, shred- Any credit card, bank or investment statements that someone could fish out of your garbage shouldn’t be there in the first place. Shred junk mail, too, especially preapproved offers of credit.

How to tell your identity has been stolen

When a company discovers that someone has accessed a customer database, it has different policies for notifying customers. You should, however, be aware of any changes in your account's normal activities. The following are some examples of events that could suggest that your information has been accessed:

  • unusual or unexplainable charges on your bills
  • phone calls or bills for accounts, products, or services that you do not have
  • failure to receive regular bills or mail
  • new, strange accounts appearing on your credit report
  • unexpected denial of your credit card

What to do if your identity has been stolen

Recovering from identity theft can be a long, stressful, and potentially costly process. Act as quickly as possible to reduce the degree of damage. You may need to contact the relevant companies for each compromised account and file a police report.

The Guyana National CIRT recommends that users and administrators review these recommendations and implement where necessary.

PDF Download: Preventing and Responding to Identity theft.pdf

References