The Federal Trade Commission estimates that as many as 9.9 million Americans become victims of identity theft each year though hacking, phishing, physical theft, and other techniques.
Learn how protect yourself, identify threats, and take action if you believe your login credentials or personal information has been stolen.
Identity theft is unauthorized access to personally identifying information (PII), including:
Many people associate such crimes with online scams such as phishing emails. However, most identities are stolen using low-tech methods. There are many ways thieves obtain your personal information:
What do thieves do with your personal information?
Thieves can use illegally obtained personal identity information in various ways:
Prevention is the best defense. Try following the suggested precautions below:
Securing data and electronic information
Securing physical documents
Phishing is a cyber crime where well designed and legitimate looking emails and pop up messages lure victims into revealing their username, password, credit card number, Social Security number, or other sensitive information. Even though the problem is not new, there never seems to be a shortage of victims. The Phishing messages used look authentic to the kind of communication you would expect to get from institutions you trust. Messages used in Phishing scams often are identical from those used by the banks, schools, and merchants you deal with.
What to do about phishing or other suspicious email messages:
Learn more by checking out the Phishing Awareness Training available from the Cyber Security Training web page.
You can navigate to the official Yale University Message page to locate and verify the authenticity of official messages.
You can certify that the webpage to which you are directed is authentic by clicking on the "VeriSign Secured " logo on the top right corner of the screen.
If you think your Yale University NetID password may be compromised, you can change your NetID password at any time. Contact Yale's Information Security Office if you have questions about a possible identity compromise or theft involving your personal or business information.
The agency you call will automatically share the alert with the other national credit reporting agencies. This alert typically lasts 90 days, after which time you can review your credit report to determine if any other fraud has occurred.
You can also request a security freeze to block anyone from accessing your credit history. You must use a PIN to unblock the freeze prior to any application for credit.
When you send a complaint to the Federal Trade Commission (FTC) they will enter the Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies worldwide. The FTC maintains a site you can use as a starting point for identity theft information.
Useful links & resources on identity theft issues:
Nonprofit organizations committed to promoting prevention and recovery from identify theft
Social Security Administration
OptOutPrescreen service to avoid financial offers through junk mail
"Secure pages" are special web pages through which data can be sent in a coded or encrypted format (Secure Sockets Layer, or SSL). Secure pages are often used for transmitting passwords, credit card numbers, or other personal or financial information. Whenever a web page asks you to supply your password, credit card information, or other personal information, always check to be sure that the page is secure.
Secure pages are hosted by organizations and companies that have gone through a careful screening process by a third-party "certificate authority" like VeriSign to establish that the companies are legitimate, and receive an electronic certification that essentially verifies that the organization is who it says it is on their secure web pages.
There are two quick ways to tell if a web page is secure:
1. Look for the "https" in the URL address line at the top of the browser window.
Social networking sites like Facebook, MySpace, Flickr, and Twitter that are rich with personal information are becoming targets for identity thieves and other cyber-criminal scams, according to the FBI and other cybersecurity experts. These accounts are often compromised through the result of phishing schemes.
If you use social networking sites, carefully review your "Profile" information with security in mind, particularly for information that might be useful for someone seeking to impersonate you. Home addresses, phone numbers, birth dates, pictures of yourself that might be used to fake an ID card, and other seemingly innocuous information could be very useful to an identity thief.
Even family information or pictures could be useful to a thief, as family-related questions like "What is your mother's maiden name?" are often used to verify your identity in banking and e-commerce sites. Sharing travel photos while you are on vacation is great, but consider: you are advertising that your house may be unoccupied while you are away.
Steps you can take to preserve your privacy in social networking:
Instant messaging (IM) allows users to send each other text, voice messages and files. Examples of IM are AOL Messenger (AIM), MSN Messenger, ICQ, and Yahoo!Messenger. Most IM clients do not provide strong authentication, making it hard to know if you're really talking to someone you know. Also, IM clients are vulnerable to electronic eavesdropping. Many IM clients now also have file sharing capabilities, which can be used to send malicious files.
Reducing IM security threats: