Latest Ways to Prevent the New ID Theft

Identity theft continues to be the fastest-growing crime in the U.S. It also is among the most devastating. Credit records are ruined – which can affect employment and other opportunities. Also, significant time and money must be expended to correct the record and other consequences.

You can protect yourself from ID theft, as we’ve discussed in the past. But you must keep on top of things, because ID thieves frequently change their tactics.

ID thieves used to focus on stealing Social Security numbers so that they could apply for loans and credit cards at a new address. Or they would open new bank accounts in the victim’s name and write bad checks. Then, they would disappear with the proceeds. More recently, ID thieves focused on obtaining data about existing financial accounts and credit cards. Then, they spent a few months exploiting these accounts before the accounts were frozen.

Now, new and more sophisticated tactics are being used to obtain information from victims.

The Internet is becoming a boon to ID thieves. Most don’t worry about technically elegant tactics such as looking for unsecured Internet connections that allow them to scour a computer’s hard drive (though such tactics still are in use by some). The word is out on these tactics, and too many computer users now have firewalls and other protection.

ID thieves have found that it is easier and more profitable to get victims voluntarily to provide their sensitive information.

The latest strategies are collectively known as “phishing.” For example, a thief might send out a mass e-mail, purporting to be from a major financial institution to its customers. (A recent widespread and fake e-mail claimed to be from Citibank.) The e-mails ask customers to verify their personal account information. Some request it by return e-mail. Others direct readers to a web site.

Web sites now can be disguised cleverly to resemble the official web site of the financial institution, usually asserting that there was some computer breakdown. The thieves even have made the real web address of the financial institution appear in the browser’s address line (though Microsoft recently claimed to have fixed its browser to prevent this). Sometimes a link in the e-mail actually takes the viewer to the official web site of the institution. But a pop-up box that is linked to the crooks appears and asks for the information.

Another frequent approach is for the e-mail to appear to be from the government as part of an effort to prevent ID theft. The e-mail might say that a new law requires everyone to register credit card information. Or it might say that registering the information will make it easier to catch thieves. Some e-mails claim to be from online payment services such as PayPal.

Once the thieves have the information from the victims, the thieves withdraw cash from ATM machines, run up charges on credit cards, or write checks against accounts.

Everyone should ignore such e-mails. Financial institutions do not ask customers to send sensitive information through e-mail. They also do not ask customers as a group to verify their account information. The institution already has this information. If there is a computer failure, the information is backed up. The government also won’t ask for the information, and there is no law requiring or encouraging consumers to register financial information with the government.

 If you receive an e-mail asking for sensitive information, ignore it. If the message seems legitimate and you do not feel comfortable ignoring it, do not respond online.  Instead, call the financial institution, using a telephone number you already have, and ask about the e-mail. Or visit the institution in person.

Another option is to start a new Internet session. Close your browser. Even better, shut down your computer and reboot it. Then go to the institution’s real web site and see if there is anything requesting information from customers.

Computer users also need to be wary of spyware. This is a computer program that a web site or e-mail can install on your hard drive. Some spyware programs are legitimately used by web sites to track visits to their sites. But others are insidious. For example, a spyware program can keep track of each of your keystrokes, then send this information to the thieves. If you do your banking or investing online, the ID thieves use this information to obtain your passwords and other important account information. Some spyware programs scan a hard drive looking for “cookies” that contain passwords and access codes.

Spyware programs are most likely to invade your hard drive as e-mail attachments or by clicking on pop-up ads. The best defense is to install both anti-virus and firewall programs on your system. You also can get anti-spyware software, such as Spybot, free from SafeNetworking.org.

The ID thieves rapidly change their methods when the public becomes aware of the old tactics. You always need to safeguard vital personal information and be alert for new ways to get you to reveal the information.