You wake up one day and find notices you can’t explain. As you login to your account, you find programs you didn’t sign up for: insurance, loans, other banks. People reach out to you with false claims on email and phone calls, and the money you saved is gone.
Yes, identity theft can be devastating. It only takes a few verification steps for someone to take control of your life. If you realize it too late, you won’t be able to do anything but watch how the thief does whatever he wants with you.
But that’s an extreme scenario. You don’t use to find out these intrusive actions because scammers want to stay invisible as long as possible. Sometimes, decades.
Right now, you could be a victim of identity theft without even knowing it. The con man may just be waiting for the best moment to catch you off guard and hit. Unless you take the right measures periodically, never assume you’re free from the identity theft risks.
- Why Identity Theft?
- Why You’re Less Protected Than You Think
- How Identity Scams Work
- Types Of Identity Theft
- 3 Unusual Cases Of Identity Fraud
- How To Detect Identity Fraud?
- Stop Identity Fraud
- Preventing Identity Fraud
- The Bottom Line
Why Identity Theft?
Scammers want your money, but confidence tricks can only go so far. Imagine the time you could save if you just controlled the victim like a puppet with no persuasion required.
You may be quite aware of online scams, but that doesn’t mean your identity couldn’t be involved in some of them. What’s the point of detecting a scam you can’t prevent or stop? Identity theft is about control, not just awareness.
If you could get into someone’s identity for one day, what would you do? Would you do whatever you want? Since it’s not you, would you act as if there were no consequences?
Victims do regain control of their identity, but sadly, once it’s too late. Scammers take everything (money, privileges, loans, accounts) and leave them with the problems (crime, debt, confusion). Even after a scam, you never know if that same criminal still controls your account.
Bad news. Identity theft cases increase day after day. No matter when you visit the BBB scam tracker, you’ll likely find the words “phishing” or “compromised account” on the first pages.
- Maximum Harm: If you wanted, you could steal everything the victim has. Ruin their whole life in a matter of days.
- Maximum Control: The con man controls what others do and don’t see. Control is an opportunity to refine the scheme before the victim can react.
- Maximum Privacy: If anything goes wrong, the scammer’s risk is slim to none. Anytime you can evade, leave the person with the problem, and find another victim.
- Hard To Report: Confidence tricks are the hardest scams to report. Although customer support can help in some way, the loss is your responsibility. Any money stolen is likely permanent.
Why You’re Less Protected Than You Think
Due to the many connections, a thief rarely needs your financial data to steal from you. Getting into your email is enough to access everything else.
Many of us use less than three passwords for every service we sign up. A scammer could steal, for example, your New York Times account, and get clues about your password on email.
Also, thieves can do more harm than stealing money:
- Impersonate you for crime
- Acquire medical benefits and reward programs
- Accrue debt or taxes
- Open new bank accounts under your name
- Buy subscriptions and steal from your contacts
The result? A system that rewards imposters and punishes innocent people, which is also hard to report.
Today, you’ll find identity scams everywhere because:
- Everything is online. Cyber-thieves have more power than ever.
- Security is underrated. People who think hackers aren’t interested in them won’t protect.
- Identity theft is easy to merge with any other scheme. It doesn’t matter the topic: hotel scams, ATM, HYIP, car rentals, romance.
Even identity thieves are at risk of identity theft. The question is: are you an easy target?
Nobody likes these problems, but we can’t do as if we didn’t expect it. Identity theft has been here since the 1960s and has evolved a lot since the Internet. They started with phone and traditional email, collecting people’s information with confidence tricks like the advance fee scam.
How Identity Scams Work
Today, your identity thief may be a hacker, a bot, or a malware program. With the right tools, anyone can automate a program to scam for them while they sleep.
- You start with a hook. The victim needs a reason to follow instructions. Perhaps it’s greed when signing for a get-rich-quick scheme. It could be an email posing as the government, imposing the fear of not paying your debt. Or romance: a person you trusted asked you for money to help a familiar.
- You have to hide the evidence to avoid suspicions. You fake the device’s ID and location (spoofing), create fake profiles, or cloned (phishing) websites.
- You fake your reputation with credibility markers. If you seem legit enough, the victim will overlook the red flags and rely on appearances. It could be in for of testimonials, (fake) money orders, impersonation, licenses, or friendship.
- Scams should consist of very few steps to reduce the chance of getting caught. Fraudsters can reduce it to a single step by asking (or misleading) for personal information. Once they follow your call-to-action, it’s up to you how to scam the victim.
- You take advantage of the stolen identity. As a con man, you want to anticipate and coordinate all the changes you want to take in as little time as possible. If you have a strategy to avoid getting caught, acting fast ensures the best way to profit from the victim.
Types Of Identity Theft
Once you steal an account, do you act fast and take everything, or you wait and subtly drain the victim’s funds? Depending on the purpose, thieves change their strategies. If the con man can afford the risk, they could run all the variations at the same time.
A. Criminal/Debit Identity
“If I have no money, why would they target me?”
Identity thieves might have no interest in what’s in your bank account. Just as he can take yours, he can assign you his identity. You’d be responsible for:
- His past criminal activity (such as money laundering)
- Any changes made on your account
- Paying the other person’s debt and taxes
If the con man wants to get rid of a problem, he makes you deal with it. Unlike financial scams where you instantly find out the loss, you won’t know until you start receiving messages and phone calls. By that time, the scammer is gone.
B. Financial Identity:
Here’s the most common reason for fraud. You steal someone’s account to use the money you don’t have, whether you send it to another account or buy stuff as if it were yours.
The moment you find a big charge, you’d report immediately. But instead of stealing the funds, con men can buy services with your ID: memberships, for example.
If you get a receipt from an (unrelated) 3rd party website, you might have thought of identity theft, but you’ll blame the company. Perhaps it’s a service you didn’t remember signing up for, and identity fraud becomes less evident.
If that’s not enough, scammers make money selling information after exploiting it themselves. You may never find out who scammed you in the first place!
C. Background Identity
A scammer uses your ID documents to:
- Apply for jobs and programs.
- Redirect your Benefit programs to him.
- Redirect any charges or negative notices to you.
These IDs create a second life where, ironically, the imposter is linked to all the benefits and you to the problems.
Identity theft is comfortable because it saves scammers time from faking documents and forgery. For example, you won’t need a fake degree for a job when the stolen account has a real one.
D. Synthetic ID
Although identity theft is hard to report, at least you know who’s the victim. But that’s not the case of synthetic IDs: both the fraudster and victims are unknown.
A scammer makes up an identity from scratch. But there’re some credentials you can’t fake, which thieves steal to finish their work.
If you rob enough, you can create dozens of fake accounts to coordinate for online scams. For authorities, they look as legit as anyone else. Even if you uncover the truth, you don’t know who’s behind.
Choose to prevent, not to stop. If you fall for this one, it’s a permanent loss.
3 Unusual Cases Of Identity Fraud
IRS Tax Fraud Scheme (2011): Taxpayers expect IRS workers to keep sensitive information confidential. But a group of employees, including Nakeisha Hall, stole over a million dollars from the US Treasury by falsifying tax returns with taxpayer’s credentials.
Murder Identity Theft (2010): The police linked 26 people to Mr al-Mabhouh’s murder in Dubai. The murderer stole the identity of Nicole McCabe, a young Australian who lived in Israel for years and was having her first child.
Six months after leaving the country, she receives this confusing notice. After the investigation, McCabe receives new passport numbers to recover her identity.
Forbes Identity Hacker (2001): Abraham Abdallah infiltrated in the financial accounts of the Forbes super-rich: Warren Buffet, Oprah Winfrey, George Soros, Michael Bloomberg, among others.
Abdallah used biographies and web data to gather all accounts, numbers, and email addresses. He got caught on a fraudulent transaction of $10 million.
How To Detect Identity Fraud?
It’s easy— also too late— to detect it when you start losing money. But even with the best protection, your account may be compromised. Who knows if a hacker is keeping you on hold until the next opportunity?
Before thinking of prevention, let’s check for potential scams and stop future problems.
#1 Order A Free Credit Report
Your credit score is a broad way to understand your finances as a whole. You get a good score by paying bills on time, carrying no debt, paying back loans, and making just enough inquiries.
After the report, you’ll know about your latest score changes. Your activity should be enough to explain these updates: if a report doesn’t match, someone may have stolen the account.
Your saved money isn’t enough to indicate fraud. But credit monitors all unusual activity, even if you didn’t lose anything (yet).
Frequent reports may cost you a fee, but it’s worth it upon the suspicion of fraud. One should consider putting up a credit alert.
#2 Monitor Incoherent Expenses
Scammers plan well ahead to reduce their risk. You can’t find a suspicious charge today, but unless you check your accounts daily, you’ll miss the long term patterns. They could charge you small weekly fees you’d normally overlook, which add up after months.
If you find out when the scam started, you also find what caused it. That program you signed up, that SMS, or that new website.
#3 Revise Your Session Locations
Ask your bank what devices used your account, at what time, and when. Most platforms send you an email when an unknown device logs in.
If the location isn’t yours, it could be a hacker. If it’s hidden, or appears in multiple far locations, it’s their software hiding the IP.
Another reason may be Internet scams on public wifi locations. Or letting your account open on a public device.
Stop Identity Fraud
If you’re risking a lot, it’s worth stopping all the movement until you’re safe. If the loss happened within 24 hours, you could still get it back.
- Prepare a report you can show your bank or the FTC. Include your personal information, what happened, and why.
- Use your report to undo the transactions with your bank. Cancel any transfers you planned for the immediate future. Freeze your account for a few days until you find a permanent solution.
- If possible, migrate everything to a new account. The platform will ask you for a new address where they will move everything from your first account. Instead of recovering what’s stolen, move to a new one.
- Destroy messages related to the recovery process. Once you’ve taken all the steps to stay safe, eliminate permanently all your messages (or write them on paper). It will prevent the thief from getting into your new account.
Preventing Identity Fraud
Identity theft is complex to solve: you can’t prove anything the scammer can’t. But with preventive security measures, you’ll save yourself from all the stress and confusion.
Where should you start?
#1 Simplify And Organize
Most people don’t know what’s going on with their finances. They have a bunch of credit cards, multiple Paypal and Venmo addresses, or accounts with different banks. Nobody could check dozens of sources daily, which would take hours, only to prevent a scam that may not be happening.
Do yourself a favor and simplify. One checking account, bank account, credit card, and one company. You can’t focus your security when fifty different things have locked your attention.
After you simplify, you can start checking those accounts based on a few metrics. A scammer won’t likely rob you everything overnight, so the more often you check, the less money you can lose.
If your bank account has a low amount— or the numbers don’t change much— it’s still worth the security check. Remember identity thieves have more reasons other than money to break in.
#3 Maximum Privacy
Do not assume your devices are safe from scammers’ tricks. With the right software, they get into your computer and phone, verify the identity, and steal the account. You don’t know if they’ve done it already, so the best advice is to remove any sensitive information.
- For security-related messages, eliminate them permanently after you use them. Rewrite codes on paper, do not trust your device.
- Use a private browser to keep the history empty and not store passwords on your device.
- Do the same with other messaging tools: SMS, email, social media.
The best way to double-check your protection is to go through it yourself every time you use the device.
#4 Periodical Security Revision
No system is 100% secure, so the more often you can update it, the better.
Some apps (like Dashlane) can help you set complicated one-time passwords for every platform you use. Like Google Authenticator, they update after X seconds.
Remember to run a credit report at least twice a year. It will prevent scams before they get complicated.
#5 Filter Messages
Now that you’ve protected, we’ll address the original problem. How did it all happen? A scammer reached out, usually by private messaging and email. With organization, you can filter/exclude these messages, or at least spot them easily.
Apply some minimalism: only keep in your inbox the messages you need. Erase everything else. If it’s irrelevant, mark spam and unsubscribe.
A phishing email can fly under the radar when you’re flooded with junk email. If it’s clean, you’ll notice immediately.
#6 Know The Online Scam Red Flags
Thieves use phishing to steal your information. You can recognize these messages by:
- Checking the real link direction
- Detecting the call-to-action
- Looking for email/domain misspellings
If they impersonate a company, visit the website directly to verify it. Learn more about phishing attacks here.
#7 Beware Identity Theft In Public Places
- Learn how to prevent ATM scams the next time you go to cash out.
- For day-to-day purchases, pay with cash instead of virtual money.
- On Wifi Spots, ask the worker about the Internet before connecting. Avoid banking platforms and using credentials when using a public network.
#8 Have A Recovery Plan in Place
You don’t want to find out too late that you have zero protection. If you fall for a scam, every second you spend trying to find help will give the thief the advantage.
It doesn’t hurt to have ready all the documents, reports, and phone numbers just in case. Without preparation, you could spend days stressing about the problem without really solving anything.
Having a plan be will keep your mental sanity and hopefully recover funds the same day you lost them.
The Bottom Line
You can do all the prevention and still get your identity stolen. The truth? Anybody can steal anyone’s identity with enough skills and motivation.
But scammers don’t take reckless risks. If you aren’t easy to scam, they will look for another victim or give up. Don’t look for the ultimate security tool: it doesn’t exist. Instead, become a tough target so they think twice the next time.