When you think of identity theft, you probably are thinking about someone using your credit card number to make online purchases, or using your social security number to take out a fraudulent mortgage loan. But the true face of identity theft is far more complex. A scary variation of traditional identity theft, for example, is what has come to be known as synthetic identity theft.
This is where the identity thief might use a real social security number with a different name, date of birth, and address, combining the personally identifying information of real people or slight variations in your actual name to form a new identity. Accounts opened under this new identity would still be attached to the social security number, but these accounts would be in sub-files not available in consumer credit reports.
Only some industries that run credit checks, like auto lenders, have the capability of running credit checks that reach into these sub-files. In other words, someone could be using your social security number RIGHT NOW, with a different name, to open accounts. Or someone could be using your name and address in combination with another person’s social security number. This type of identity theft seems particularly creepy, because it is so difficult to detect.
There are various other creepy forms of identity theft. In tax refund identity theft, the thief uses your social security number and a W2 to file taxes electronically to get a refund deposited to an account of his or her choosing. (Did you know the IRS often does not actually verify W2 information before sending out refunds for electronic tax filings? That surprised me! Fake W2s may slip through in an electronic filing.) Another nefarious form of identity theft is criminal identity theft: here the thief uses your personal identifying information, like your fingerprints, to commit a crime. Victims of criminal identity theft may find out they have arrest records or warrants for their arrest for crimes they did not commit. (So next time someone you do not know very well asks you to hold an unmarked package that may contain something illicit or to hold something that could be used as a weapon, like a hammer, for a few minutes, think twice before doing so, because this is an easy way for that person to get your fingerprints on an object that may be associated with a past or future crime.)
In my work, and in my own personal life, I have begun to work on confronting and helping others confront identity theft. I subscribe to a service called Been Verified. For the most part, I use this service during the course of my investigative work to run background checks on individuals, trace telephone numbers to owners and carriers, and run property reports to determine real estate ownership, etc. The information yielded by Been Verified is mostly accurate, though additional fact-checking is usually necessary. The primary value of the service is that it digs up information that can be helpful in directing additional investigation of a particular subject matter.
But why do I mention Been Verified here? Well, naturally, I ran a background check on myself, which triggered the Been Verified system to scan the Dark Web for my personal identifying information. Guess what? The scan identified the email address I use in consumer and civil rights advocacy, email@example.com, in the Dark Web. (For those who don't know, the Dark Web is a network of sites, commercial and otherwise, where site owners and users can maintain anonymity. It is accessible through special browsers, like one called "Tor," and it can be a venue for political dissidents or for illicit trade. In fact, identity thieves sell Social Security Numbers and other personal identifying information on the Dark Web to individuals who may then use that information to open fraudulent accounts, etc.)
What did I do? I have never been on the Dark Web but I had information that someone might be using a clone of my email address in transactions there. First, I immediately publicized the fact that my identity had been compromised in a post on Facebook. Then I filed an identity theft complaint with the Federal Trade Commission (FTC) at https://www.identitytheft.gov/ and received a recovery plan. This FTC site provides you with steps you can take when your identity has been compromised in any way and offers you form letters to send to businesses and other identities alerting them to the theft of your personal identifying information.
Right now, I am helping one individual sort through a very complex, multilayered identity theft situation. There are insurance and bank accounts fraudulently opened under his name, email addresses and telephone numbers that are compromised, incorrect contact information in his bank accounts, efforts to obtain fake IDs using his permanent address, fraudulent charges on his credit cards, and more. The FTC resources at https://www.identitytheft.gov/ have been tremendously helpful and we're even beginning to narrow down the list of suspects.
The main takeaways here for the reader, though, are that identity theft has many faces and that it is entirely possible that an identity thief could be using your personal identifying information in fraudulent activities without you even suspecting it. What you want to do, in my opinion, is to keep aware of signs of identity theft, which could just appear to be minor discrepancies or errors in records, and to confront these signs as soon as you notice them. And remember, if someone you just met asks you to hold a heavy candlestick for a minute, you may want to decline, even if it may seem rude, or you may end up being framed as the patsy Colonel Mustard accused of killing Mr. Body with the Candlestick in the Library.
If you are interested in this subject matter, keep an eye out for an upcoming podcast on my platform A Bountiful Life Smorgasbord and a new post on identifying signs that your identity may have been compromised.
Author Dan Sullivan is a writer, storyteller, consultant, and consumer and civil rights advocate. If you need assistance, he can be reached at (202) 340-6724 or firstname.lastname@example.org.