Identity theft, where a criminal impersonates a victim and uses their identity to obtain their financial information, is a highly personal and terrifying crime. What’s more, its impact can last for years after the initial incident has been resolved.
It’s also a crime that many people probably expect wouldn’t happen to them. Therefore, many of us do not take the necessary identity theft protection measures. As a cybersecurity blogger, I certainly take enough precautions that I don’t expect to become a victim. But the truth is, it could happen to any one of us.
Back in 2010, I was a victim of debit card fraud. I have no idea how the criminals obtained my card information, and that left me feeling exposed. I tried to use cash wherever possible for weeks afterward, but these days, that’s becoming less feasible.
Well, recently, one of our colleagues here at VPNOverview, was a victim of identity theft herself. She’s one of the most clued-up people I know when it comes to personal data security. This just highlights the extent of the risk – and in her case, it also highlights how no matter how careful you are, it’s not always enough.
When Cybercrime Goes Offline
Even if your cybersecurity skills are strong, cybercrime often starts offline. That is, a criminal finds a way to intercept your data in the real world. Armed with all of your personal information, they can begin applying for various credit cards, loans, and other financial products – or even ordering high-value items in your name.
About a decade ago, I was a fraud investigator for a major credit company. I saw a lot of cases of identity fraud, and many of the victims’ had their data compromised in the same way. Unfortunately for our colleague, we suspect that the same tactic was used against her.
This crime, in my experience, often begins with the mail. Much of the U.S. has external mailboxes. Couple this with households where most people work full time, and criminals have hours to scour neighborhoods and steal mail directly from your mailbox before it ever reaches the recipient – you.
All it takes is for a criminal to intercept a government-issued letter or other official documents. Then, they’ll have enough personal information to submit successful applications in your name. From here, it’s simply a case of intercepting the mail again when your new – and unexpected – credit card or other mail arrives. You may never even know that it’s happening behind your back.
Interviewing a Victim of Identity Theft
I could sit here and tell you about the risks of id theft all day. Instead, I think it’s worth hearing a real-life example of this devastating crime. My coworker and I sat down to discuss what happened. Here’s her experience in her own words:
Do you know how your identity was compromised?
“I honestly can’t say for certain. But we had an issue with people going through the mail in our neighborhood, so we believe the person planned to simply grab it before I got it. They could have gotten something like a social security statement or other government documents that were sent in the mail without us knowing.”
How did you find out, and what did you do immediately afterward?
“I found out when an Amex credit card came in the mail. Normally, I would get home late from work and not be outside when the mail came. But the day I found that my identity was compromised, I left work a little early, and the mail was a little late.
I saw the mail carrier put the mail in our mailbox on the street, and I was able to get our mail as soon as it was delivered. I was really lucky. When I discovered the credit card (with a massive limit), I immediately called Amex and started the process of closing the account and reporting it.
I then ran my credit report (with all three U.S. credit reporting bureaus) and ChexSystems report (bank account system) and found that other accounts were also opened (or they were attempting to open them) with my information.“
I have lost count of the hours spent dealing with this id theft issue. It has been over eight years and I still have to take additional steps to open accounts, apply for things like apartments or mortgages, and even apply for jobs.
“I took that information to my local police department and filed a police report. In the days that followed, I filed a report with the FTC and the IRS, as well as putting an identity theft alert on my credit and froze it. This meant that if someone ran my credit report, they would see that I was a victim of identity theft and call me directly or deny the request since they could not gain access to my credit report.
Another thing I did within the days that followed the id theft incident was sign up for credit report monitoring. I also changed all of my passwords and put additional security in place for things like my bank account. Many banks give you the option to add a password or passcode to your account so that someone cannot just call with your information and gain access to your account. I recommend taking advantage of this option whenever possible.”
How did you feel about becoming a victim of cybercrime yourself?
“To be honest, I felt mad, scared, and violated. It has changed how I look at people in general, which is kind of sad.”
How much time and effort did you spend on resolving the problem?
“I have lost count of the hours spent dealing with this id theft issue. It has been over eight years, and I still have to take additional steps to open accounts, apply for things like apartments or mortgages, and even apply for jobs. I have to explain the situation repeatedly and go through additional steps to secure my information. Although, I think everyone should take the steps I take regardless of if their information has been compromised.”
Were there any longer-lasting consequences for you?
“Like I mentioned before, I was VERY LUCKY. I found out before too much damage was done. I only had one account go into collections (a cell phone account), but once I sent them the FTC report and police report, they had to stop collections and remove it from my credit.
Other than that, the long-term consequences are just the additional steps I have to take to unfreeze or provide temporary access to my credit report depending on the accounts I am opening or applying for.
Also, I am paying for credit monitoring, which is an ongoing expense, but one I recommend for anyone.”
8 Tips From an Identity Theft Victim
Be very cautious about what is mailed to you. If at all possible, get a padlocked mailbox or some other more secure way of receiving mail.
Freeze your credit report (and your child’s report as well). This is free to anyone, although freezing your child’s report will require you to physically mail a form. Make sure to keep your PIN codes or passwords for your credit report in a secure location so that you can unfreeze them or access them when needed.
Invest in a credit monitoring service.
Check your credit reports (all three in the U.S.) and ChexSystems report (bank account system) once a year (at least).
Be careful when giving out your personal information, especially your social security number, driver’s license number, or other government-issued identification. Most businesses really don’t need this information in the U.S. For example, your doctor or dentist does not really need this information to file a claim with your insurance. It is just sometimes easier, but not really required. I recommend pushing back on these requests and making sure it is truly required.
Change your passwords often.
Use two-factor authentication (2FA) whenever possible. Especially on your financial accounts, emails, and government accounts (i.e., your IRS account).
Ask your bank to add a password or passcode to your account for access via the telephone or even in person. Scammers are creating fake identification documents to gain access to accounts.
Of course, the best way to avoid identity theft is to get an identity theft monitoring service. Aura sends alerts when your information ever becomes compromised. It even scours the dark web for data breaches. You can protect the whole family with a single Aura subscription, which automatically comes with up to $5 million insurance.
Experian says that the effects of identity theft can last anywhere from days to several years, depending on the severity of the crimes. You could face consequences including:
Difficulty opening new lines of credit
Increased checks and delayed processing times on new lines of credit
Higher insurance premiums
But there’s more. Norton has highlighted how large numbers of people reported increased stress, anxiety, fear for personal safety, and more in the wake of becoming a victim of id theft. Again, from past experiences and speaking to victims, I’ve always found that emotional consequences are worse when you can’t figure out how your identity was compromised in the first place.
Keep Your Personal Information Safe
When it comes to sensitive information, it is all about being proactive by using the right tools and services to safeguard your personal data and afford yourself enhanced online security.
And while you can’t install an antivirus on your mailbox, you can be proactive about keeping tabs on your accounts. As many as 38% of people reported that they might expect to find they’ve been a victim of identity fraud when checking their bank account, while around 23% may expect their bank to tell them.
But don’t simply wait to find out that you’ve been targeted before you take identity theft protection measures. Instead, get into the habit of checking your bank account and credit report regularly. Consider installing a PIN-protected or padlocked mailbox. And think about setting up credit report alerts for additional protection.
Have you been a victim of identity theft or know someone who has? Share your experience in the comments below.
Key Takeaways
Get a locked mailbox if possible
Watch out for unusual applications that you haven’t made
Consider using a credit monitoring service
Change your passwords often, and use multi-factor authentication
Consider password-protecting your credit and bank accounts
Chris is a tech journalist with many years’ experience covering online privacy and cybersecurity. He’s also a published author and works as a Product Manager for some of the most innovative software development companies.