Nearly 60 million people have fallen victim to identity theft in recent years, resulting in nearly $20 billion in annual damages. What makes identity theft especially destructive, however, is how long it takes to recover from it.
Identity theft occurs when someone uses the name of your business, address, relevant Social Security numbers, bank account, credit card or other sensitive information without your permission. They buy goods and services with this information or commit other types of fraud in your name, leaving you with the bill.
To protect your business from identity theft, it is important to understand the methods by which these crimes are committed. Here are some of the most popular schemes.
Phishing: This is a fairly common technique that involves a fraudulent email or message requesting your response with sensitive information that is supposedly needed to either solve an urgent problem or reward you with a tremendous opportunity.
Vishing: Voice phishing is a variation of the previous scam, but this is done over the phone. Victims will receive a call and hear an automated recording explain that their bank or credit accounts have been targeted by fraudulent activity. They are given a phone number to call to resolve the issue where another recording will ask them to furnish their account numbers.
Change of address: By filling out a change of address form to forward your mail to another location, thieves are able to sort through your bills and other items of interest for information they can exploit. If you receive bank or credit card statements through the mail, take note if they stop arriving and contact the appropriate company to learn why.
Keystroke logging: By tracking the computer keys struck on a keyboard, thieves are able to steal information such as usernames, passwords and PIN numbers that can be used to access sensitive data. Take care to shield your actions if you are in public, as others may be watching when you input this type of information.
Dumpster diving: Identity thieves will go through the trash to find statements and other documents that have the information they need to commit their crimes. When the time comes to get rid of records your business no longer wants to keep, shredding them is safest way to make sure none of that information is stolen.
Man-in-the-Browser: This is a more sophisticated attack than many and is therefore less common. It requires the perpetrator to install a malicious program on a victim’s computer that modifies real-time Web transactions as they occur. Victims will believe they are accessing bank account information to pay bills online, for example, but the thief intercepts these transactions and substitutes bogus data, stealing money or information without the knowledge of the victim or the bank.
Skimming: There are a couple of different methods used to “skim” a victim’s sensitive information. A small device can be secretly inserted into a card reader to scan and store the data on the magnetic strip, or a handheld device can be used to do the same thing when a card is given at a bar, restaurant or anywhere the holder would expect someone to take the card out of sight and then return it.
The tricks and tools ID thieves use to steal information – it may be obvious and it’s certainly not new, but stealing credit and debit cards, or robbing a mailbox for bills that have sensitive information, is still an effective way for ID thieves to get what they need.