The main difference between Security Assertion Markup Language (SAML) and Open Authorization (OAuth) lies in their roles: SAML focuses on authentication, while OAuth is dedicated to
Identity theft is a crime that is unfortunately common and is devastating for the victim. Serious cases can require enormous amounts of time and money to recover.
The three primary categories of identity theft include online identity theft, financial identity theft and medical identity theft. Within these categories are dozens of ways criminals use the sensitive Personally Identifiable Information (PII) of unsuspecting victims to steal from them, including using the victim’s medical insurance, taking over their accounts or stealing their unemployment benefits.
Keep reading to learn more about the different types of identity theft and what you can do to prevent it from happening.
What Is Identity Theft?
Identity theft is when someone uses your PII to commit fraud. Since PII like your birthday, Social Security number or credit card number is used to verify your identity with the government and other important entities, someone with your PII can pretend to be you in order to steal money, create a fake passport or do other illegal activities.
Online Identity Theft
Online identity theft is any identity theft that happens on the internet. It can overlap with other types of identity theft since most of these crimes can happen online. While identity theft existed long before we were all using the internet for everyday activities, it has created a whole new variety of ways criminals can commit fraud. Account takeover and Social Security number theft are two of the most common types of identity theft.
Account takeover
Account takeover happens when cybercriminals steal the credentials you use to log in to your online accounts. One of the most common ways credentials are exposed is through data breaches, but it could also happen through password-cracking techniques or phishing. A cybercriminal gains access to your account, like your Instagram or bank account, and then locks you out. Cybercriminals may do this for a variety of purposes, but often they’re doing so in order to impersonate you so they can commit scams or steal money.
For example, if a cybercriminal takes over your email account, they can send emails to your contacts–pretending to be you–and convince them to send back money or sensitive data. If a cybercriminal takes over your social media accounts, they can use those accounts to send spam or phishing links to your unsuspecting friends and family. Cybercriminals can also take over bank accounts or online shopping accounts in order to steal your money.
How to prevent it: To prevent account takeovers, use a password manager with dark web monitoring. A password manager is a solution that helps you create and store strong, unique passwords for all your accounts to prevent password cracking. Dark web monitoring is a service that notifies you if your credentials have been exposed in a data breach, so you can change them right away. You should also enable Multi-Factor Authentication (MFA) for all your accounts, which adds additional methods of verification that increase your security.
Social Security number theft
While Social Security number theft happens offline, too, it’s more common than ever for cybercriminals to steal your Social Security Number (SSN) over the internet. If someone steals your SSN, they can commit all sorts of financial fraud like opening credit lines, collecting your unemployment benefits and creating fake IDs.
Social Security numbers are often stolen in data breaches, especially from employers who may have your Social Security number on file. It can also be stolen from your online communications. Some online communications, like email and text messages, are unencrypted and easy for cybercriminals to hack. For example, if you’ve emailed someone a copy of your W2 that includes your SSN or texted a family member your SSN, a cybercriminal who targets your accounts would easily find the SSN after gaining access.
How to prevent it: Keeping your SSN safe is vital. Never share it using unencrypted communications and delete any emails or messages that may contain it. If you must send your Social Security number to your employer or anyone else, ensure that you use encrypted methods such as sharing it with the help of a password manager.
Financial Identity Theft
Financial identity theft is any case of identity theft that involves financial fraud. Financial identity theft has been a crime as long as humans have had financial systems, but over time it has evolved and adapted to our current technologies. This is also the most common type of identity theft, with credit card fraud being the most common form of identity theft reported to the FTC.
The way financial identity theft typically begins is with SSN theft. Since your Social Security number is a key identifier for most financial activities such as opening bank accounts or applying for a loan, when your SSN is compromised, it opens the possibility for many types of financial fraud.
Obtained through data breaches or by hacking user accounts, once cybercriminals have your SSN they will look at sources like your social media, the dark web or people finder sites in order to collect enough intel to fill out financial forms as if they were you.
Credit card fraud
Credit card fraud is when someone uses your credit card information to make purchases. You may discover it when you see strange purchases you don’t recognize on your monthly bill. Credit card numbers can be stolen in data breaches at companies where you shop or through your accounts being hacked. Credit card theft is wildly common – in fact, most of us have experienced it. But luckily, because it is so common, most credit card issuers have ways of dealing with it efficiently.
How to prevent it: Basic online safety can help prevent credit card fraud, but you should also be sure to keep an eye on your bills in order to spot any strange charges. Many credit card companies also have an app that will send you notifications for large or unusual purchases so that you will know right away if a charge appears that didn’t come from you. If you stop using a certain credit card, you should cut it up and lock your account. Cybercriminals have an easier time getting away with credit card fraud if an account is neglected.
Unemployment insurance identity theft
In unemployment insurance identity theft, cybercriminals use your SSN and other PII to pose as you and apply for unemployment benefits from the state. Since unemployment benefit applications have moved online, this makes it easy for cybercriminals to apply and pretend to be you.
The goal is to collect your unemployment insurance benefits and steal the money. This can be a sneaky form of theft because you may not notice unless you try to apply for unemployment benefits yourself. Luckily, states have employees dedicated to spotting and stopping this form of identity theft.
How to prevent it: Protecting your SSN is key to preventing unemployment benefit theft. Look out for any suspicious mail or calls from the state regarding an apparent unemployment insurance claim – this could be a sign someone is attempting to steal your benefits. Employers also have some responsibility here – organizations should keep their employee PII secure so that cybercriminals can’t connect SSNs to employers.
Mortgage identity theft fraud
Mortgage identity theft fraud is when someone uses your SSN and PII in order to take out a mortgage in your name. The thief walks off with the cash, while you owe the mortgage payment. You might not know this happened until the bank calls to collect.
How to prevent it: Sign up for a credit monitoring service with one of the three major credit bureaus–Equifax, TransUnion and Experian–that will alert you if anyone tries to take out a loan or mortgage with your Social Security number.
Home title fraud
If a cybercriminal gets your personal information and the details of your home’s deed, this can result in the theft of your home title. This data is typically stolen through phishing or social engineering techniques that trick you into giving your personal data to the cybercriminal.
Once a title is stolen, the thief can use it to open lines of credit in your name (and not pay it back, ruining your credit), sell the home to someone else or rent it out–all without your permission. You might not even know it happened until someone shows up at your house to move in or until your home is foreclosed on. This scam can result in you losing your home.
How to prevent it: Home title details are stolen the same way as any other personal information–through phishing, data breaches or other methods. In order to protect yourself, be sure to learn cybersecurity best practices to keep your data safe online. You should also have credit monitoring set up so you know if anyone tries to take action in your name.
Tax identity fraud
Tax identity fraud occurs when someone else falsely files your taxes and steals your tax return. The rise of e-file has made this a common cybercrime. If you are trying to file your taxes online and are being blocked, or you’ve received notification of a tax return, these are signs that someone has already filed your tax return and made off with the money.
How to prevent it: Beyond basic online safety tips, you should consider filing your tax return early in the season in order to limit the chances of a cybercriminal filing your tax return first.
Medical Identity Theft
Medical identity theft is when someone uses your medical insurance to obtain medical treatment or prescription drugs. This happens both with stolen information and information that is freely given (for example, to a friend who needs medical care), and both are illegal. If stolen, the culprit is usually a cybercriminal who obtained your SSN or insurance information through phishing or data breaches. They then sell it to those who plan to use it to receive treatment.
How to prevent it: Treat your medical insurance card as securely as you treat your SSN or tax documents–it should be kept in a safe place and only sent to your doctor or family members through an encrypted method of communication, such as using a password manager with a secure sharing feature.
What to Do if You Suspect Identity Theft
Some reasons to suspect you might be a victim of identity theft include:
- You receive bills or calls about debts and transactions you never incurred, whether for mortgages, loans, credit cards or medical care.
- You receive notices about tax refunds or unemployment insurance when you haven’t filed your taxes or made an unemployment claim.
- You receive a credit monitoring alert for credit checks–which you didn’t initiate.
- Friends respond to emails, texts or calls that you didn’t send.
- You notice strange addresses or activity on your credit report.
- You’re missing expected mail.
If you suspect your identity has been stolen, you should:
- Report the incident to the FTC.
- Contact the entities connected to the incident, such as your credit card issuer, mortgage lender or bank.
- File a report with the police.
- Freeze your credit by contacting the major credit bureaus.
- Replace identification cards such as your SSN, driver’s license and passport.
Identity Theft Is a Major Online Risk
Extremely sensitive PII is commonly stored or communicated using the internet. While this makes modern life convenient, insecurely sharing your SSN and other vital data online can put you at risk of identity theft. Knowing the major types of identity theft can help you recognize if it happens to you and address the issue as soon as possible.
While there are a variety of identity theft crimes within the three categories mentioned here, the prevention of identity theft online is similar across the board. Secure your private information with cybersecurity best practices such as using a password manager and sending sensitive information to others using safe, encrypted methods.