What is identity theft?

Identity Theft Home What is Identity theft? Protect yourself from identity theft What to do if you're a victim Frequently Asked Questions

The broad term "identity theft" encompasses any type of crime in which a thief wrongfully obtains and uses another person's personal information - such as their name, Social Security number, bank and credit card account numbers or any other identifying information - for fraud or deception, usually for financial gain. The number of different identity theft scams is growing rapidly. Following are the most prevalent:

Phishing - In this scam, recipients receive e-mails directing them to phony Web sites (most often, the supposed sites of banks or well-recognized national and Web retailers) and prompting them to provide personal information. The e-mails may threaten to freeze the recipient's bank account, or ask for information in order to "update their records," or may even offer merchandise for free in exchange for information.

The FBI has called phishing "the hottest, most troubling new scam on the Internet," with an estimated 57 million Americans having received a phishing e-mail. Thieves have become very adept at disguising e-mails and Web sites to make them look authentic, which is one reason why incidents of this type of fraud are rising so quickly. Phishing can also be perpetrated over the phone, with thieves simply calling and asking for personal information.

Pharming - In this scam, victims are redirected to imposter Web pages when typing in valid Web addresses. Hackers are able to do this by exploiting a shortcut some Internet Service Providers (ISPs) have instituted to speed up Web browsing.

Evil twins - These are wireless networks that pretend to offer legitimate Wi-Fi Internet connections in Wi-Fi hotspot areas (like those now found in many coffee shops, airports and hotels). Through these networks, hackers can eavesdrop on unprotected wireless computers and scour them for passwords and other sensitive information.

Trojan horse virus - These viruses, usually released by an e-mail attachment, will scour your hard drive (if opened) for personal and financial information (such as Social Security and account numbers and PINs) and send this information back to the thief's database - probably without you even being aware of it.

Spyware - This is similar to the Trojan horse virus in that it is also unknowingly installed on a victim's computer (it may be packaged with other software). The more malicious varieties of spyware search your hard drive for passwords and other personal information and can even monitor your keystrokes to discover passwords and account numbers that you have entered on your computer.

The Nigerian scam - This involves primarily e-mails, but also letters and faxes, supposedly from a government official (usually in Nigeria) asking individuals to help disburse millions of dollars from his country in return for a percentage of the money. Recipients are asked to provide bank account information so the money can be deposited into their accounts, which the thieves then use to clean out their accounts.

Telephone and telemarketing fraud - This can take many different forms, from phone calls you receive from imposters claiming to be from your bank or credit card company and asking for personal information to callers offering free travel, other prizes and get-rich-quick "opportunities" in exchange for personal information, as well as fraudulent telephone fund raising.

Mail fraud - Many of these schemes are similar to telephone fraud except that thieves mail official-looking correspondence to individuals that's supposedly from their bank asking for personal information. Mail may also promise free travel and other prizes and be used for fraudulent fund raising.

How do thieves get your information?
Much of the attention on identity theft has been focused on new "high-tech" techniques that identity thieves can now use to obtain personal information, such as by using email and the Internet. But most theft still takes place in decidedly low-tech fashion:

• The theft of information from businesses or employers via bribes to employees, hacking of records or simply thieves pilfering the information themselves.

• The theft of mail right out of individuals' mailboxes. Bill payments, bank and credit card statements, new blank checks, tax information and pre-approved credit offers are the most vulnerable pieces of mail that offer thieves unlimited opportunities for fraud.

• "Dumpster diving," in which thieves sift through trash bins in search of unshredded mail and account statements containing valuable personal information.

• "Shoulder surfing," in which thieves stand behind individuals at ATMs and try to see and memorize their PINs.

• The theft of credit and debit card numbers (most often in retail stores and restaurants) via a process known as "skimming." In this scam, salespeople or waiters run your card through a small device called a skimmer that collects and stores the card information, which waiters and salespeople often sell to thieves for as much as $50 per card.

• The theft of wallets and purses containing credit, debit and Social Security cards.

• The illegal acquisition of credit reports by thieves posing as your landlord or employer.

All of these low-tech identity theft tactics are in addition, of course, to the many different way thieves have discovered for stealing your identity electronically via Internet and e-mail scams.