Identity theft usually takes the form of obtaining your personal information, either through outright theft or through fraudulent activity to get you to provide your information, and using it to take out loans and apply for credit cards in your name.
In the cases of theft of your information, persons typically take your mail out of your mailbox or go through your garbage/recycling. The purchase and regular use of a shredder is a recommended precaution (or, failing that, you could shred your documents manually). If you notice that monthly bills, bank statements, and other correspondence which would include personal information has not arrived, contact your postal office to determine whether a Change Of Address request has been submitted for you. Although in the short term it would be nice to avoid making a payment, you could end up in more debt in the long run if you procrastinate on the matter.
Increasingly common is phishing, which involves someone pretending to be an employee of a trustworthy corporation (either real or not) and asking either for you to confirm your information or to provide information. Passwords, bank and credit card numbers, and social security numbers are typically the most requested pieces of information. Other, less sensitive, information such as your address or phone number could be used as part of a larger phishing scheme to get your information. We have become so accustomed to being asked for personal information by legitimate businesses that most of the time we don't question people when they ask us for something such as our address or birthdate.
How to protect yourself against phishing:
- If you are asked for personal information, always do a thorough check to ensure the person really is who they say they are.
- If you haven't heard of the company before but are interested in doing business with them, get their information, do some research, and respond to them afterwards. Remember that a legitimate business has nothing to hide.
- If they claim to be from a company with whom you are already doing business and asking you to confirm a password or some sort of account number, go through their official website or toll-free number. Do not contact them through an email address, website address or phone number they provide you unless it matches what you receive in the mail or what is available publicly (e.g. through an official business directory, whether online or in print).
- If the request is through an email, go directly to the company's website (i.e. type the address into your web browser) instead of following the links in the email. This is a bit more work but ensures that you are not following a fake link. Technology has gotten to the point where phishers can make a fake website address look legitimate.
- Remember that because of the persistent phishing scams, most legitimate companies do not ask you to confirm information such as passwords, credit card numbers or account numbers.
- Ask them or yourself why they need the information and whether the promises/claims they are making are too good to be true. In the case of the "Paris 2007 contemporary art exhibition", I was suspicious because they were perusing my name, phone number and address on the promise of a handsome bursary if I attended the exhibition (for which they would pay transportation, "to and fro"). Their claim that "the information supplied will undergo a serious scrutiny before approval can be given for the grant to be issued to you" was over-the-top. At least if they said they would send me information as soon as it became available I would have been more likely to hand over the information. I suppose I should be thankful that it was so obviously untrustworthy.
- Request your credit report on an annual basis (a web search will point you to your country's credit-reporting companies). Check it to ensure that all of the loans and credit cards are ones you have requested.
Resources
