Breadcrumbs

UT4U Header Image

Page title

Top 10 Myths About Identity Theft

Main page content

Each new data breach and phishing scam alert is accompanied by a wave of cyber security articles and commentary. The tone of these stories can range from panicked to apathetic. But the facts can't be ignored: identity theft is an epidemic in the United States. According to TransUnion, 19 people fall victim to identity theft every minute.

We can't prevent hackers from attacking technology, but we can arm ourselves with knowledge and habits to help keep our personal information safe from criminals. Let's get the facts straight. Here are the top ten myths about identity theft and, more importantly, the truth.

Myth 1: Identity theft is a victimless crime.

Many people assume that their credit card company can quickly reimburse them for their losses, making for a painless process.

According to TransUnion, it takes the average victim an estimated $500 and 30 hours to resolve each identity theft crime. According to the FBI, a single scam can destroy a company, cost investors billions of dollars, or wipe out a family's life savings.

It can take upwards of 30 days for a credit card company to acknowledge a disputed charge and even longer to resolve it. During that time, identity theft victims can receive an overwhelming amount of calls from collection agencies. The process can be slow and extremely stressful. Few people are left unscathed from an identity attack.

Myth 2: Identity theft is just a financial crime.

While most criminals are after your hard-earned money, many others have additional ulterior motives.

  • Criminal identity theft occurs when a person abuses faulty or stolen identification to evade the law.

  • Medical identity theft, a crime that is becoming increasingly rampant, involves a criminal lying to receive medical treatment and insurance benefits.

  • Employment fraud involves a criminal using a stolen Social Security number to secure a job and benefits.

Each piece of your personally identifying information can be used in a variety of crimes. It is important to understand all of the risks.

Myth 3: My personal information (address, telephone number, email, etc.) is not valuable to a thief.

Thieves will find a way to abuse any information they have at their disposal, especially with information that is often shared or may be considered “public."

“Sharing" on social media that you are going on a trip? A criminal with your address could plan to break into your home, or steal your sensitive mail, while you are away. How many accounts use your email address as your username? Paired with other sensitive information, a thief could access your most important information. A phone number can be used to solicit phishing scams.

To keep all of your sensitive information safe, adopt the habit of only providing information on a need-to-know basis. Businesses often ask for personal information they do not need. Stop oversharing.

Myth 4: Social networking is safe.

Speaking of oversharing, social networks are a part of daily life. Selfies, brunch check-ins, new friends, and “likes" all help define our online identities, but these carefree details can also be harvested by thieves to affect your real life.

Check-ins and vacation photos can alert criminals to your whereabouts. Your mother's maiden name can be used to crack account questions. More than half of teens and young adults admit to being cyberbullied.

To protect yourself, avoid making information “public," even if it seems relatively harmless. Take control of your online identity by adopting the strictest privacy settings on each social platform.

Myth 5: Identity theft criminals don't know their victims.

While credit card theft often comes as a result of a massive, publicized data breach, other types of identity theft can be caused by trusted friends, family, and coworkers.

Medical identity theft can occur when family members “share" an insurance account, and child identity theft can result from parents abusing their children's spotless credit score. Older adults often fall victim to caregivers and “friends" who abuse their trust.

Be extremely wary about sharing your usernames, passwords, or financial account information with people you know.

Myth 6: I would immediately know if my identity was stolen.

Checking credit card statements on a monthly basis is not enough to protect your identity. Thieves usually want to open and abuse new accounts that would never appear on your current statements.

Cyber criminals are also smart. Thieves know you were just offered a year of free credit reporting after the latest department store breach. They will wait 365 days before using and abusing your information.

Your best defense is to remain vigilant over your identity by requesting a credit report from each of the three major bureaus, at least once a year. The Center recommends requesting one credit report every four months.

Myth 7: My small business is too small for hackers.

For every major data breach reported, there are dozens of small business breaches that never make the headlines.

In a 2012 report by Trend Micro, 65% of small businesses admitted their organizations' sensitive information is not encrypted or safeguarded. In that same study, 62% of small businesses said they do not routinely back up data.

Hackers know that most small businesses do not have the appropriate time or resources dedicated to cyber security, which is why small business are so aggressively targeted with cyber attacks.

As a shopper, research a company and their cyber practices before sharing your payment methods and personal data.

Myth 8: Most identity theft cases occur online.

While data breaches certainly add to the growing number of victims affected by identity theft, many cases occur with no ties to the Internet.

A lost wallet, checkbook, or Social Security card can trigger the long and tiresome identity theft recovery process. Credit cards can be skimmed at a gas pump or restaurant. Thieves are not above jumping into dumpsters to steal improperly discarded information. Criminals will also steal mail right out of an unlocked mailbox.

More than half of identity theft crimes occur offline.

The best place for your most sensitive information is in a safe in your home. Sensitive mail should always be placed in a locked mailbox, and trash should be run through a cross-cut shredder.

Myth 9: My antivirus program keeps me free from cyber threats.

Antivirus software is an important element in keeping your computer and personal information safe, but it can't prevent all cyber threats. Most antivirus programs only detect a fraction of known malware and viruses. The programs can only protect against known attacks.

Elaborate phishing scams and dormant viruses can still compromise your devices and personal information. Run your antivirus software often, and check for updates, but understand it can't single-handedly keep your information safe.

Myth 10: You can't protect yourself from identity theft.

Identity theft and data breaches may make it seem like your information is out of your hands, but you can take steps to help prevent identity theft online and offline.

Be careful about the personally identifying information you share online, especially on social media. Shred mail and documents with account information. Never carry your Social Security number. Check your credit report, for free, three times a year and report any errors. Request your medical history and report any errors. Opt out of junk mail and register for the National Do Not Call Registry. Consider investing in an identity theft protection service. Keep your computer and devices updated and protected with antivirus programs and firewalls.

Take an active role in protecting your identity, so if something does happen, you can catch it early.

Taken from IDWise at The University of Texas at Austin Center for Identity. IDWise is a resource center for the public on identity theft, fraud, and privacy funded by a partnership with the Texas Legislature, and powered by the UT Austin Center for Identity. IDWise offers clear and accessible resources to empower citizens—both online and offline—to be better informed and make smarter choices to protect their personal information.