Identity theft occurs when someone uses another person's personal information such as name, social security number, driver's license number, credit card number or other identifying information to take on that person's identity in order to commit fraud or other crime. For example, someone could obtain private information (name, address, social security number, mother's maiden name, password) and use it to establish unauthorized credit.

Information is often obtained by using social engineering techniques. The term "social engineering" refers to techniques that rely on weaknesses in people rather than weaknesses in software; the aim is to trick people into revealing passwords or other useful information. This is accomplished by various methods including in person, over the phone, via e-mail or via Web sites. Social engineering relies on a person’s inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it.

Online people-finder services such as Any Who or US Search have made it very easy to obtain personal information. Once an identity thief has a name and address, they can go to an "online detective", pay a small fee and get additional information about an individual. Some sites even offer to find social security numbers based solely on name and address.

Account theft is a variation of identity fraud and occurs when a person attempts to take control of a user ID and/or password (log-in/sign-in information) that is used for online commerce.

The Identity Theft and Assumption Deterrence Act of 1998 (Title 18 United States Code - Section 1028) legally defines both identity theft (knowingly possessing an identification document other than one issued lawfully for the use of the possessor) and identity fraud (knowingly possessing a false identification document) and sets punishments for both. Most criminal cases force prosecutors to show, beyond a reasonable doubt, that the defendant committed the crime in question, but identity theft cases force the victim to prove their innocence by proving their identity. Once that battle is won, the person must also clear their name of all the bad-credit ties. Unlike most crimes, if a thief steals an identity, it is the individual whose identity has been stolen who is responsible for recovering it.

• PROTECT your social security number. Don't carry your social security card or other cards that show your SSN. Read, "Identity Theft And Your Social Security Number."
   
• PROTECT your legal signature.  Don’t use or store a digitized version of your legal signature.  See the Digitized Signatures Guide.
   
• USE caution when giving out your personal information. Scam artists "phish" for victims by pretending to be banks, stores or government agencies. They do this over the phone, in e-mails and in postal mail.
   
• TREAT your trash and recycled materials carefully. Shred or destroy papers containing your personal information including credit card offers and "convenience checks" that you don't use. Destroy or securely remove your information from cell phones, PDA's, and other devices before giving them up for recycling (see eCycling and ID Theft for instructions).
   
• PROTECT your postal mail. Retrieve mail promptly. Discontinue delivery while out of town.
   
• CHECK your bills and bank statements. Open your credit card bills and bank statements right away. Check carefully for any authorized charges or withdrawals and report them immediately. Call if bills don't arrive on  time. It may mean that someone has changed contact information to hide fraudulent charges.
   
• CHECK your credit reports. Review your credit report at least once a year. Check for changed addresses and fraudulent charges.
   
• STOP pre-approved credit offers. Pre-approved credit card offers are a target for identity thieves who steal your mail. Have your name removed from credit bureau marketing lists. Call toll-free 888.5OPTOUT (888.567.8688).
   
• ASK questions. Ask questions whenever you are asked for personal information that seems inappropriate for the transaction. Ask how the information will be used and if it will be shared. Ask how it will be protected. If you're not satisfied with the answers, don't give your personal information.
   
• PROTECT your computer. Protect personal information on your computer by following good security practices.
  • Use strong, non-easily guessed passwords.
  • Use firewall, anti-virus and anti-spyware software that you update regularly.
  • Download software only from sites you know and trust and only after reading all the terms and conditions.
  • Don't click on links in pop-up windows or in spam e-mail
     
• USE caution on the web. When shopping online, check out a Web site before entering your credit card number or other personal information. Read the privacy policy and take opportunities to opt out of information sharing. Only enter personal information on secure Web pages that encrypt your data in transit. You can often tell if a page is secure if "https" is in URL or if there is a padlock icon on the browser window.
   

• DO NOT give out personal information on the phone, through the U.S. mail, through e-mail or over the Internet unless you have initiated the contact or know who you're dealing with. Identity thieves may pose as representatives of banks, Internet service providers and even government agencies to get you to reveal your social security number, mother's maiden name, financial account numbers, passwords and other identifying information. Legitimate organizations have the information they need and will not ask you for it. There have been many reported attempts to gain access to personal information through e-mail solicitations that are made to appear as having come from a valid source (e.g., eBay, PayPal) but in reality are spoofed e-mail messages. Give your social security only when absolutely necessary. Ask to use other types of identifiers when possible. Don't carry your social security card.
   
• BE WARY WHEN surfing the Web, installing shareware, or using commercial IRC (Internet Relay Chat). Creating online profiles at Web sites and/or storing personal information on your computer eliminates one of the original security features of the Internet, anonymity. See anti-spyware tools.
   
• USE different passwords for the different commercial online accounts you use (e.g., eBay, PayPal, Amazon) and change your password frequently. Sign in using a secure server (https). Don’t type your login information on an insecure Web page (http). On many sites (e.g., Amazon) the default sign in page is insecure and you must choose to go to an alternate secure page. Look for the "https" in the URL and the locked padlock icon that appears in your browser when you are connected to a secure Web page. To be sure that you are signing in on the genuine/real Web site, look closely at the address/location area of your browser.

If you have reasons to believe your personal information has been compromised or stolen, visit the Identity Theft Resource Center of the Federal Trade Commission. There you will find the latest advice and resources for detecting and defending against identity theft.

You may also contact the three major credit bureaus:

• Equifax
     Fraud Line: 800.525.6285
     www.equifax.com
   
• Experian
     Fraud Line: 800.397.3742
     www.experian.com

• TransUnion
     Fraud Line: 800.680.7289
     www.transunion.com

• U.S. government's central Identity theft site
  • Includes the ID Theft Affidavit: If you are disputing fraudulent debts and accounts opened by an identity thief, the ID Theft Affidavit now simplifies the process. Instead of completing different forms, you can use the ID Theft Affidavit to alert companies where a new account was opened in your name. The company can then investigate the fraud and decide the outcome of your claim.
• Texas ID Theft Victim's Kit
• Social Security Administration
• Federal Trade Commission (FTC)
  
  • ID Theft
  • Identity Theft Complaint Form
• Internet Crime Complaint Center
• Looks Too Good to be True: Learn about types of fraud and consumer alerts
• Identity Theft Resources, Privacy Rights Clearinghouse
• Losing Yourself: Identity Theft in the Digital Age, The SANS Institute
• Identity Insurance
• Telemarketers Do Not Call list: TX
• Identity Theft Alert to Students (OIG-US Depart of ED)
• Anti-Spyware Tools
• National Fraud Information Center Hotline: 800.876.7060
• Identity Resource Center: 858.693.7935
• Contact Us

Test your knowledge about Identity Theft by taking this Quiz.