Like it or not, some of your personal data is probably on the Internet. And even if you diligently try to protect the information about you that’s “out there,” it could still end up in the hands of an identity thief. Whether it’s on a compromised company server, or on a laptop left on a bus, or a USB drive dropped in a parking lot, your data isn’t entirely under your control. But if an identity thief finds it, don’t panic. There are steps you can take to fight back.
The first line of defense is prevention.
Begin, at the very least, with some type of current anti-malware and anti-virus tools, as well as the latest security patches for your operating system. What identity thieves are unable to get off Internet servers, they will try to get directly from victims through phishing attacks, said Jeff Blyskal, Consumer Reports’ Senior Editor in California.
Unwary Internet surfers landing on a malicious website could end up with malware on their computers, as can users inadvertently downloading something, or opening an unsolicited email attachment that looks legitimate but is in fact loaded with malware.
“The ‘success’ of malware depends on it remaining undetected, so malware writers take great care to make sure that there are few, if any, obvious indicators that a PC has been compromised,” said Andy Browne, Malware Labs Director at Lavasoft. “Even if you can identify that an infection has taken place, it’s often too late – the damage may [have] already been done.”
Identity Theft Resources
Over time, the infected PC can yield a treasure trove of user names, passwords, addresses, credit card numbers, bank account details and other critical information that is “surreptitiously siphoned off the compromised computer as they are typed in,” he explained.
Don’t open unsolicited email and attachments or click on attached links from people you don’t know, advised Blyskal, especially if the sender claims to be your financial institution requesting key information.
“Even if it looks like it’s from your bank or from your credit card company or somebody who looks official, don’t click on the links in there because sometimes when you do that it links to a crook’s or a hacker’s … website,” he said. “And then when you go punching in your name and your password, you’re giving it to the bad guys basically, so don’t click on those things.”
In the United States, that could mean giving away your social security number. A stolen social security number could allow the thief to take out a loan or earn income, taxable to the victim, or use medical services, which are in your name.
“That’s more insidious,” he added, “but it’s very rare. It’s only about … 0.25 percent of the population … that happens to in a given year.”
If an identity thief gets away with critical information, it is important to act quickly, said Browne.
“If someone believes they are a victim of identity fraud involving credit or debit cards, they must report it to their bank as soon as possible,” he advised. “The bank will investigate and report any criminal activity to the police. If someone is victim to another type of identity fraud, they must report the matter to the relevant organization.”
That also includes alerting all other related parties, filing a fraud alert, and freezing your credit report, said Blyskal.
“Put a security freeze on your credit report,” he added. A security freeze “basically shuts down access to anybody getting your credit report who doesn’t already have a business relationship with you.”
Once a security freeze is in place, a new lender trying to give the identity thief the credit information he might be asking for will not be able to access your credit reports. And if you decide to take out a loan, you’ll need to temporarily lift the freeze.
Don’t wait to be victimized. If you hear that your department store or health insurance company or bank has been compromised, get on the phone. Ask for a replacement card, especially if it is a debit card, which is more risky and troublesome, since the crooks can take the money out of your bank account.
You’ll get your money back eventually, said Blyskal, because “the bank is not supposed to give your money to people who are not authorized to have it.”
That might take a couple of days, though. But don’t panic, he advised. Take the matter seriously and take action.
“If you see unauthorized charges, jump on it and protect yourself,” he said.