How to avoid the most common identity theft scams: Internet Scambusters #736
Identity theft is costing millions of Americans billions of dollars every year.
You can guard against many of the tricks they use if you know what to look out for.
In our latest ID theft update, we'll outline the most common tricks ID thieves use to get your personal information and tell you how to sidestep most of them.
Let's get started...
7 Top Identity Theft Tactics
More than 13 million Americans fell victim to identity theft during 2015 -- the latest year for which numbers are available. Sadly, there's every reason to believe 2016 will turn out to have been even worse.
The total cost in 2015 -- to consumers, their credit card companies and others -- was an estimated $15 billion. And according to the 2016 Identity Fraud Study from Javelin
Strategy and Research, identity thieves have stolen $112 billion in the past six years.
Remarkably, nearly half (49.2%) of identity thefts are used to defraud government agencies, such as the IRS and Social Security, with credit card fraud in second place (15.8%), followed by phone or utilities fraud (9.9%).
To be successful, an identity thief usually needs to have at least your name and address plus, if he can get them, passwords, account and credit card numbers, and Social Security number.
They can steal these themselves or buy them on the so-called "Dark Web," where illicit items are often traded.
According to the business intelligence site Business Insider, a credit card number sells for just a few dollars, a health record costs $50 but bank account information can sell for up to $1,000, depending on how much money is actually in the account.
So, apart from buying on the Dark Web, how exactly do the crooks get hold of this information and what, if anything, can you do to protect yourself?
Most Common Tactics
Here are 7 of the most common tactics the scammers use:
1. Hacking into the computer systems of stores, dating sites, and many other organizations.
This can result in tens of thousands or even hundreds of thousands of records being stolen in a single incident, though they don't always include credit card details.
What you can do: Not a lot. But check the security policy of organizations you deal with and, in particular, if they store data in encrypted format (which means it's scrambled and more difficult for crooks to read).
Organizations that use two-step verification for account sign-on may be more secure too. Learn about two-step verification, and why you should use it, in How to Easily Enhance Your Password Security.
The most common trick is to take you to a web page that looks exactly like one you use, which then asks you to input your sign-on details or, in the case of banks and credit cards, your account number.
Crooks use emails and text messages to hook their victims. They may also use the phone, "spoofing" their number to make caller ID identify it as a legitimate number such as your bank or the IRS.
What you can do: First, note that banks and credit card companies don't ask for your account number, so that's a red flag.
Second, always check you're on exactly the right page when you sign on. All reputable sites use an address that starts with "https" (the "s" is the important letter) on any sign-on page.
Third, don't trust caller ID. So, don't give out confidential information to a caller without being able to verify they are who they say they are.
3. Trawling for information.
There's a remarkable amount of public information about you online -- sometimes stuff you're not even aware of. Data comes from local government sites, directories, law enforcement, and agencies that make a living collecting, packaging, and selling public data.
Scammers also monitor web search engines like Google, Bing and Safari, and social media sites, to gather info such as your age, address, job, family, and other snippets of information that can go into constructing a bogus identity.
What you can do: Think carefully about what personal information you post online. Does your birth date really need to be public? Do friends really want to know which doctor you're visiting?
You can also try to get your personal information removed from personal data agencies. This isn't easy, as we've previously reported in How to Remove Name Details and Other Personal Info Online, but there are some tactics you can use.
4. Scanning email address lists.
When you send out an email to multiple people, all of their addresses by default appear on everyone's copy of the email. Sometimes, especially when forwarding jokes, the message collects several groups of addresses as it circulates.
Ultimately, the email may land in the inbox of a scammer, who can harvest all the addresses and use them for phishing or spamming.
What you can do: Put multiple addresses in the BCC (blind carbon copy) field, which means they won't be seen by anyone else.
If you must forward jokes (and we don't recommend it), ask recipients to delete your name before they send it on to anyone else.
5. Tricking friends into revealing information about you.
Scammers send out emails or set up fake social media accounts, posing as you and building up your friends' confidence to the point where they can ask for information that helps with identity theft.
What you can do: Not a lot. But you can alert your friends to the risk (show them this report).
6. Hacking your personal computer.
Crooks use tricks like links to phony websites or email attachments, which contain malware that loads onto your computer and steals all your personal information.
What you can do: Install powerful Internet security software -- and keep it up to date.
7. Physical theft.
Yes, it's the simplest and most effective trick of them all. They steal your wallet or purse and immediately go on a spree, maxing out your credit cards and draining your bank account.
And if you have your Social Security and medical cards, they'll try to use those too.
What you can do: Take good care of your wallet, of course. But also don't carry medical cards unless you're going to a medical appointment, and only take a single credit or debit card on your shopping expedition.
We've written about identity theft many times before. And we always recommend checking out our Identity Theft Information Center for more useful information.
As we move into a New Year, why not make a resolution that 2017 will be the year you batten down the hatches and do all you can to prevent your identity from being stolen.
Alert of the Week
What would you do if you saw a USB thumb drive lying on the ground?
Pick it up? Pop it into your PC to see what's on it? Don't do it!
The price of these devices, also called flash drives, has fallen so low that criminals can easily afford to buy lots of them, fill them will malware and scatter them around.
Curious finders end up victims of identity theft, with compromised PCs under the control of scammers.
Instead, either hand the device in to the operators of the place you found it (for example, a coffee shop) or drop it off at your local police department and let them deal with it.
Remember what they say about curiosity!
That's it for today -- we hope you enjoy your week!