Cyber Safe NJ

New Jersey Division of Consumer Affairs

PREVENTING IDENTITY THEFT

Identity theft is the fraudulent acquisition of another person's personally identifiable information, usually for financial gain such as applying for credit cards and loans, or to provide false information to police or healthcare providers.

In 2012 approximately 16.6 million individuals, or 7 percent of all U.S. residents age 16 or older, experienced at least one incident of identity theft, according to the U.S. Justice Department's Bureau of Justice Statistics.

Financial losses due to personal identity theft in 2012 totaled $24.7 billion – $10 billion more than the losses attributed to all other property crimes measured in the Bureau's National Crime Victimization Survey.

Fortunately, the Bureau of Justice Statistics findings contain positive information even for those who have fallen victim to identity theft. It is possible to successfully resolve the financial and credit problems that result from this crime. The majority of victims were even able to resolve these issues in less than one day, once they became aware of the crime and took concrete action.

By knowing how to prevent identity theft – and knowing what to do if it happens to you – you can save yourself financial difficulty and emotional distress.

How does identity theft happen?

You can be exposed to identity theft when your personal information – such as a credit card number, Social Security number, or password – falls into the wrong hands.

This can happen through a variety of methods including:

Physical Theft: Physical theft of a credit card, insurance card, driver's license, or other document with sensitive personal information.
Phishing: Phishing and social engineering scams seek to fool you into giving away your sensitive information, or fool you into clicking a link that will download spyware onto your computer. Never act on any email, text message, pop-up window, or other electronic communication that asks you to provide your personal information, click on a link, or open an attachment. Scams like these often mimic the legitimate emails that might be sent by a bank, utility company, or a government agency.
Malware: Spyware and other forms of "malicious software" silently invade victims' computers in order to gather personal data such as passwords, bank account information, or credit card numbers. Malware may spread across computer networks, through emails, or via phishing scams that fool their victims into clicking on innocent-seeming links or attachments. You can protect your computer by installing virus protection software, and keeping it up to date. Many virus protection programs offer automatic updates. You should also use a firewall to block unwanted data from entering your computer. It is also a good idea to use a variety of smart passwords that a hacker cannot easily guess. Finally, if you use a wireless router or file-sharing system, be aware that they may leave your computer vulnerable to hackers. Refer to your user's manual or ask your Internet service provider for information on how to secure these systems.
Unsecured Websites: If you must provide personal information over the Internet, such as when making a purchase online, first make sure the website is legitimate and make sure it is secure. A secure website uses encryption to protect the information you will transmit online. The two elements that indicate a website uses encryption are the image of a closed padlock, and a URL that begins with "https" rather than "http." Beware that hackers may be able to create malicious websites with fake padlock icons. The best way to make sure a website is trustworthy, is to call the company directly and ask questions.
Fraudulent Websites: Fraudulent or "spoof" websites are designed to look like legitimate websites for shopping, obtaining information from a utility company, or some other purpose, in order to trick you into entering your credit card number or other sensitive information. The best way to know whether a website is legitimate is to call the company or government entity with which you intend to do business, and ask about the website in question. One sign that a website may be a "spoof" is an inaccurate web address, such as a slight misspelling of the actual company's business name. If a link to the website appears in an email, hover your mouse over the link to make the web address appear. "Spoof" websites also may include poor spelling and grammar, and poor-quality graphics with low resolution.
Improperly Discarded Devices: When disposing of an old computer, whether you recycle it, donate it, or give it to a friend, you must take extra steps to permanently wipe all information form the hard drive. Your computer may include insurance and banking information, tax records, health records, account numbers, and passwords. Simply deleting this data or moving it to the "trash" will not make it permanently disappear. Use a "wipe" utility program to overwrite the computer's memory. Smart phones, tablets, and other devices also may contain sensitive data; be sure to follow the manufacturers' instructions on how to permanently wipe their memories. Some manufacturers may provide information about how to properly dispose of hard drives, or provide free services to dispose of them for you. (The New Jersey Department of Environmental Protection's New Jersey E-Cycle site offers information on the State's free, environmentally sound recycling program for computers and other devices).
Data Breaches: This refers to the theft or accidental release of personal information – for example, when hackers invade a company's computer system to steal credit card information from its customers. Businesses are required to promptly inform affected customers and law enforcement if a data breach takes place.

If You Become the Victim of Identity Theft

The good news is that you can regain control of your identity, credit, and finances, even if you have become the victim of identity theft.

The Division of Consumer Affairs recommends the following actions if you know or suspect that you have been exposed to identity theft:

If you are exposed to Identity Theft

  1. File a complaint with the Federal Trade Commission at www.ftc.gov/complaint or 877-438-4338. Your completed complaint is called an "FTC Affidavit." You will want to bring a copy of the FTC Affidavit to your local police department; see Step 2.
  2. File a report with your local police department, and bring the police a copy of your FTC Affidavit. Once your police report has been filed, request a copy so it will be available to send to credit reporting agencies and creditors.
  3. Obtain a copy of your credit report from all three credit reporting agencies.

    Contact them at:

    Equifax Credit Information Services
    Consumer Fraud Division
    (800) 525-6285
    equifax.com

    Experian
    (888) 397-3742
    experian.com/consumer

    Trans Union
    Fraud Victim Assistance Department
    (800) 680-7289
    tuc.com

    Tell these credit reporting agencies that you suspect your were exposed to identity theft, and ask that all of your accounts be flagged with a fraud alert.

  4. Keep a close watch on the activity on your credit or debit cards. Many card issuers offer online account access. If you can, check the accounts daily. If you are unable to access this information online, call the numbers on the back of the affected cards.
  5. Contact all credit card companies, creditors, banks, and any financial institutions with which you do business. Close the affected credit card and bank accounts, and get replacement cards with new account numbers. Change any passwords on the accounts, including PINs. Follow up all telephone contact with a written confirmation.
  6. Contact the United States Social Security Administration at:
    Social Security Administration
    Social Security Fraud Hotline
    P.O. Box 17768
    Baltimore, MD 21235
    (800) 269-0271
    TTX: (866) 501-2101
    ssa.gov/oig/hotline
  7. Keep a complete set of records. Keep a log with notes on all telephone conversations with credit reporting bureaus, creditors, or debt collection agencies. Confirm all telephone conversations in writing. Keep copies of all paper or electronic correspondence you send and receive related to the suspected identity theft. Send correspondence by certified mail, return receipt requested. Keep a record of the time spent and any expenses you incurred, in case it one day becomes possible to claim restitution in a judgment against the identity thief.
  8. You can also contact nongovernmental nonprofit groups established to provide assistance to victims of identity theft. For example:
    Identity Theft Resource Center
    (888) 400-5530
    www.idtheftcenter.org