Types of Identity Theft

Understanding the 5 types of identity theft and how to protect against each.

On average, there are over 12 million victims of identity theft in the United States every year. Considering the amount of personal data we keep on our devices, this number becomes less shocking. But if it’s that common, why do most people know so little about it? Learning about different types of identity theft and how to combat them is the first step in keeping your identity safe.

This chart shows the 5 types of identity theft and their subcategories:

Malware

You’ve probably already been warned about malware. Short for “malicious software,” it’s one of the many types of identity theft. It downloads to your computer when you click suspicious links. You can also visit unverified websites or accidentally download something that has hidden malware attached.

General Malware

Even with a firewall or antivirus software installed, malware can sometimes get through. Criminals often attempt identity theft with bots, rootkits, and viruses. All of these techniques can steal personal information from your personal computer files. Bots can take control of your computer to distribute more malware right from your computer. Rootkits hide malware in files that seem secure to anti-virus software while actually hiding a virus inside. As the name implies, viruses infect your computer and can be transferred to other computers like a disease.

Spyware

Spyware is a type of malware that is made to do one thing: spy on you and all of your data. This includes things like tracking cookies and adware. Marketers use these to observe what kinds of products and services you are searching for online. They just make your computer slower, but there are more sinister forms of spyware to be wary of. System monitors and remote access tools allow identity thieves to spy on activity on your computer. Keyloggers, a type of system monitor, can record every single keystroke you type. That record is sent directly to the identity thief. Identity thieves can then gain access to passwords, personal information, and more.

Ransomware

Kidnappers hold their victims for ransom; ransomware kidnaps your data and asks you to pay a ransom to get it back. Identity thieves using ransomware will encrypt the information on your computer. They will then demand money to return it. According to Norton, an antivirus software company, thieves asked for $522 in ransom, on average, in 2017. Although it might be tempting, don’t pay the ransom. There’s no guarantee the identity thief will hold up their end of the deal.

Preventing Identity Theft by Malware:

  • Don’t click on unfamiliar links in emails.
  • Use antivirus and security software.
  • Don’t download suspicious documents or software.

Deception

You know the old saying, “Fool me once, shame on you; fool me twice, shame on me?” Well, with deceptive types of identity theft, criminals only have to fool you once to steal your data and personal information. It’s important to be aware of deceptive identity theft techniques, so you can never be fooled twice, and hopefully never even fooled once.

Phishing and Spear Phishing

Phishing works like the wordplay suggests: it’s trying to bait you. Identity thieves who use this method will send you emails, call you, or send you standard mail. They try to trick you into thinking they are a person or agency that they aren’t. Spear phishing gets even more personal. Thieves use personal information about you that is available online to make their communications seem even more real. If you aren’t skeptical enough, you may end up falling into their trap and sending your information directly to an identity thief.

Spoofing

“Spoofing” describes how identity thieves hide their identities from you. Thieves “spoof” before they actually start their phishing. For example, a thief wants to send you a fake email that contains a link to a virus. To look like a legitimate email, they will use email spoofing to mask their email with a more convincing one. Identity thieves also spoof phone numbers and websites, leading you into an identity theft trap.

Business Email Compromise

This type of identity theft combines phishing and spoofing to launch large cyberattacks on businesses. Cyberattackers implement organized processes that can span many months. The FBI divides the process into 4 steps: identifying a target, grooming, exchanging information, and wire transferring. Identity thieves groom company officials to trust them. Then they exchange secret personal and/or business account information. Next, they will wire transfer money from the accounts to themselves. This puts both your personal identity and your company in jeopardy. Be extra cautious with work emails.

Preventing Identity Theft by Deception:

  • Double-check email addresses to ensure they are legitimate.
  • Make sure website addresses have the proper names (ex. IRS.gov, never IRS.com).
  • Avoid giving away personal information over the phone.

Payment Methods

Your identity matters for many reasons. Protecting your money may be at the top of the list. Types of identity theft that target your payment methods are among the worst. They’re also the most common type of ID theft. Mitigating the risks is essential to secure your financial information. Identity thieves get creative when they want to get your money, so be on the lookout!

Debit & Credit Card Fraud

Both of these types of identity theft are terrible, but having your credit card information stolen is the lesser of two evils. You can report fraud to your credit card company as soon as you notice it. You also won’t lose any real cash from your account. When someone has your debit card information, you may not be able to recover the money they take directly from your accounts. There’s a time limit you need to follow to limit your liability. If you report the theft within 2 business days of the theft, the maximum you can be out is $50; within 3-60 days, the maximum is $500. If you report it any later, then once that cash is gone, it’s gone.

ATM and Point of Sale (POS) Skimming

Skimming is a common way to steal credit and debit card information. It’s difficult to look out for, as it can be very subtle. Thieves insert skimming devices into ATMs. The devices that go into ATMs are small and not usually noticeable from the outside. However, you will notice if you put your debit card into the ATM and it seems difficult to insert or gets stuck. This is how you know a skimming device may be inside. Don’t use the ATM if this happens. Report it to the manager of the location if you can. Cashiers, waiters, and other customer service representatives can also use skimming devices when they take your card for payment. Always make sure you can see your card as they process your purchase; don’t let them take it somewhere that you can’t keep eyes on it.

Card-Present and Card-Not-Present

Anytime you make a purchase, whether online or in person, your credit and debit cards and your identity are at risk. Two common types of card fraud are card-present and card-not-present fraud. Card-present fraud occurs when a thief uses your information on a fake or stolen card to buy things for themselves. Card-not-present fraud happens online and over the phone. It works because no one has to look at the physical card to verify the information.

Preventing Identity Theft By Payment Method:

  • If a purchase on your account doesn’t make sense, call your credit card company.
  • Be mindful of ATMs that seem to “stick” when you insert your card.
  • Make sure a website is real and secure before making an online purchase.
  • Don’t let clerks or service workers take your card where you can’t see it.

Social Security Number

You’ve locked your physical Social Security card somewhere safe (hopefully). If only that were enough to keep your number from the hands of identity thieves. Yet, because so many of your documents require this number, a criminal gaining access to your SSN is definitely a possibility. It allows them to commit multiple types of identity theft.

Medical Identity Theft

When a criminal has your personal information, they can use it for medical purposes. They can receive medical care, file health insurance claims, and get prescription drugs, all under your name. This can majorly affect your credit report. If they don’t pay out-of-pocket costs and deductibles (which they won’t) then these bills turn into medical collection accounts on your report.

Tax Identity Theft

Using your Social Security number, thieves can file for tax refunds in an attempt to get a fraudulent refund. Also, if your IRS records are incorrect or there is more than one tax return filed under your name, someone may have used your stolen Social Security number to file taxes.

Criminal Identity Theft

Stealing someone’s identity is already a crime, but mix that in with using the identity with law enforcement and you have an even bigger problem. Criminals can use your Social Security number when they are ticketed or arrested. This means that those arrests can show up on your record down the road. Those records will make it difficult to get jobs and can even lead to an active warrant for your arrest.

Preventing Identity Theft by Social Security Number:

  • Avoid taking your Social Security card outside of your home, and always put it back in its safe place when you are done.
  • Shred all files with personal information.
  • Always ask companies or service providers if your SSN is required for filling out forms.
  • File your taxes early and check your IRS records.

Your Personal Data

Online, your data is what defines you. In the real world, that data can be exploited by identity thieves in some scary ways. Seemingly harmless information, like your employer’s name or your email address, can be used for different types of identity theft.

Wire Transfer Scams

Wire-wire transfers happen between bank accounts every day. Not all of these transfers are meant to happen. If an identity thief has your account information, they can use it to transfer your money to themselves or others. Scammers that use this tactic to pose as someone they are not, like Nigerian royalty, a distant relative, a vendor, or your boss. They email or call you asking you to transfer money right away. You can dispute the loss but the money can be difficult to recover. It’s important to stay skeptical of requests for a money transfer.

Bank Account Fraud

This type of identity theft goes straight to the source. Using your bank account information, identity thieves can take money directly from your account. Additionally, they can use the account and routing numbers on your checks. Thieves can also steal the information from your computer through phishing, malware, or spyware. Unfortunately, they can also get into your bank accounts if there are massive data breaches. This is something largely out of your control.

Social Media Identity Theft

The bits of information you post about yourself on social media can be used to find out even more about you. Criminals can get very far with very little information. Even just your name and birthdate can be enough. In addition, scammers can create fake accounts. They boast about fake sweepstakes or money giveaways, then they require your personal information to enter.

Preventing Identity Theft by Personal Data:

  • Verify any request for money that you are unsure of, especially if all interaction is through email.
  • Only use checks when you have to, and freeze your accounts after large data breaches.
  • Set your social media privacy settings high.

Article last modified on February 25, 2019. Published by Debt.com, LLC .