Don't Fall for These 5 Notable Identity Theft Myths
Updated: Feb 9
Identity theft occurs when someone steals another individual's personal information, usually for financial gain. Examples include taking over accounts and opening new accounts with the victim's information. Fraudsters can facilitate these crimes by gaining access to a person's Social Security number, birthdate, and mailing address, and are using more sophisticated ways in which to acquire such information.
Americans are especially susceptible to identity theft. According to the National Council on Identity Theft Protection, there were 5.7 million reported instances of identity theft and fraud in 2021, representing an increase of 1 million from the year before. Some experts suggest identity theft is so prevalent in the US that there is a new case every 22 seconds.
There are certain products and software, including virtual private networks (VPNs), that can help protect against identity theft, but individuals should be informed and educated about the risks to decrease the likelihood that they become victims.
Myth # 1-As Long as You're Careful, You'll Be Protected
While it's beneficial to use security software to protect your data and stay abreast of the latest trends in identity theft, it's impossible to ensure you won't become a victim. Cybercriminals are increasingly finding new ways in which to infiltrate accounts and steal personal information, whether by infecting devices with malware or launching complex cyberattacks on companies to steal consumer data from vulnerable servers.
For instance, more than 700 million LinkedIn users had their data compromised by hackers and posted on a dark web forum in 2021. Similarly, in 2018, hackers stole the personal information of as many as 500 million people in a data breach of Marriott and other hotel brands.
To mitigate financial loss and detect identity theft as soon as possible, regularly check your credit card statements and perform credit reports. US residents can run one free credit report from each of the three reporting agencies (TransUnion, Experian, and Equifax) per year.
Myth # 2 - Only Adults Are Affected
Cybercriminals aren't just interested in stealing information from adults. In fact, children are 35 times more likely to be victims because it usually takes a significantly longer period of time for identity theft involving kids to be discovered. Obviously, children don't have credit, so parents can't check bank statements or run credit reports to determine if there has been any suspicious activity. Thieves can take advantage of this and, among other forms of theft, open up new credit card accounts or purchase homes and vehicles.
A child's personal information can be stolen in data breaches involving schools and doctor's offices. Oftentimes, parents will also share too much personal information about their child online without even knowing the risks. Notably, parents should avoid posting back-to-school photos in which their child holds up a board with information such as their name, age, school, and teacher, etc.
Myth # 3-You'll Know Immediately if You've Had Your Identity Stolen
As long as you regularly check your bank accounts, you can detect identity theft early and mitigate financial loss. Despite this, the average fraud case isn't detected for more than 30 days, whereas fraud that doesn't involve bank or credit cards can take upwards of two months, on average, to detect.
Myth # 4- It's Easy to Notice Phishing Scams
Until recently, email phishing scams were relatively easy to detect as they usually contained poor grammar, misspelled words, and linked to web pages that clearly appeared fraudulent. However, scammers have become much more adept at making these emails seem as though they're from real sources.
For instance, a recent phishing campaign, uncovered by the cybersecurity firm Armorblox, targeted American Express customers with an urgent message prompting them to open a malicious attachment. The email subject, "Important Notification About Your Account," piques readers’ curiosity and encourages them to open the email, while the attachment has the American Express logo and includes the text, "This is a secure, encrypted message."
The attachment included a link that redirects users to a fraudulent American Express login page, where they unknowingly handed over their user ID and password. The email was sent via a valid domain and Google even marked it as safe, allowing it to be delivered to more than 16,000 accounts.
While phishing emails increasingly seem more realistic in design and have fewer grammar flaws, individuals should be wary of urgent messages or threats to close or suspend accounts. Call the bank or company in question first before clicking any links or opening attachments.
Myth # 5 -Email Breaches Are No Big Deal
By simply knowing your email address, especially if it contains your name, hackers can gain access to a lot of your personal information and use it to commit fraud.
"At a minimum, a search on Facebook can get a public name and, unless privacy protections are in place, the names of friends and possibly pictures," notes Allan Buxton, a director at Secure Forensics. "Throw that email address into LinkedIn, and they'll know where you work, who your colleagues are, your responsibilities, plus everywhere you worked or went to school previously."
You might not think it's a big deal if your email account is compromised, but this couldn't be further from the truth. Once they are in your account, hackers can go through old emails and potentially find your birthdate, address, and even Social Security number on tax returns or other stored documents. Be sure to change your email password often.