How to Protect Yourself From the Latest ID Theft Scams

Have you heard of “smishing” and “doxing”? If not, find out how to safeguard your personal data from ID thieves’ newest schemes.

Picture of Lock and Credit Card on top of Keyboard

by NEA Member Benefits

Key takeaways

  • There are various scams savvy thieves employ in an attempt to steal your information.
  • Scams that can lead to ID theft include phony website scams, the “Facebook-at-home” scam and the “one-ring call” scam.
  • Electronic tax filing may even help thieves gain access to your cash.
  • Carefully monitor your credit report to see if there’s been any unauthorized activity.

Protecting your identity can feel like a full-time job. You know you shouldn’t give out personal information over the phone, via email or to strangers with sob stories. You think you’ve got your bases covered … until scammers come up with some devious new way to assume your identity.

“There hasn’t been any significant progress in stemming the tide,” says Eva Velasquez, chief executive of the Identity Theft Resource Center in San Diego. “The thieves are getting more savvy in how they’re going to trick you.”

The center, which has a hotline for victims of ID theft, lists the top scams of the week (yes, week!) to give the public an idea of what they’re up against.

“Not every scam is ID theft,” Velasquez says, “but they can lead to ID theft depending on what information you give them.”

One of the regular scams that surfaces during the holidays is the phony website scam.

“People get in an online shopping mode and want to get the best deal,” Velasquez says. As you shop around, you may find a product for significantly less at a website that looks legitimate.

“It’s not the same as shopping at a brick-and-mortar store,” Velasquez says. “You’re not taking the goods with you.”

Experts at the Identity Theft Resource Center recommend checking third-party sites, such as Yelp or the Better Business Bureau, to verify a vendor’s legitimacy.

Another recent scam is the “Facebook-at-home” scam.You’re invited to join Facebook’s “home-based support team,” and you only need to pay $4 to download the necessary materials. But you’ll likely fail to notice that you’re also agreeing to a $94 a month recurring charge on your credit card.

In the “one-ring call” scam, scammers use autodialing to ring just once so the call gets logged by your caller ID. When you call back to find out who it was, you’re actually calling an international phone number that’s posing as a legitimate U.S. phone number. While the “operator” keeps you on hold, you’re incurring hefty fees.

Tips to protect yourself—or do damage control

One way to limit the risk from online shopping is to use one credit card – not a debit card – exclusively for online shopping and keep a low credit limit on it. This is much easier to monitor for fraudulent charges.

Some credit card issuers also let you set up an email or text alert every time your card is charged so you’ll know immediately if fraudulent charges are being made.

If the only information you give to a scammer is your credit card data, then that can be remedied by reporting the incident to your card issuer and getting a replacement card.

It’s much more serious if more personal information, such as your Social Security number or bank data, is given. Some scam artists will lure you in to a false website and then try to get more information from you by offering a bonus for taking a survey.

This type of information can be used for genuine identity theft, such as opening a new line of credit. One of the most effective tools when this type of information has been exposed is a “credit freeze” with the three credit reporting agencies, which blocks your credit rating from being given out and blocks any additional theft.

Of course you don’t want to use this tool if you’re shopping for a new house or car or opening up some other form of credit for yourself. “Thawing” the credit freeze can take some time and requires you to safeguard the PIN given to you at the time you request the freeze.

Short of a freeze, the ID Theft Resource Center recommends monitoring your credit report carefully, checking it often to see if there’s been any unauthorized activity. If you believe you have been the victim of identity theft, you can ask for a free fraud alert, which requires potential lenders to verify your identification before extending credit.

Your tax refund could even be at risk

Many Americans file their taxes electronically, and refunds can be disbursed via mail or direct deposit. Filing via Internet speeds up the refund process—but sometimes it helps crooks get their hands on your cash in record time.

That’s because scammers have been stealing the names and Social Security numbers of hard-working, law-abiding citizens and using that information to file bogus digital tax returns to divert refunds to their own accounts.

When these ID theft victims file their returns, they’re told by the IRS that their refund already has been sent. At that point, damage control ensues, and it can take victims months to get things straightened out and finally receive their refund.

The IRS is working hard to stop ID theft through a series of filters that help flag potentially fraudulent returns. The IRS can adjust the filters each year as more is learned about how the thieves operate.

The IRS also has improved its assistance to victims. Those who substantiate their identity and address will be issued an Identity Protection PIN. This unique number must be used in conjunction with the victim’s Social Security Number. The IRS will delay processing of returns filed without this IP PIN to protect taxpayers from being victimized again.

However, the sheer scope of the IRS fraud, with millions of cases every year, limits what the agency can do. The IRS filters can identify some cases of fraud, but often enough it will only be when the second filing for a refund, the legitimate one, come is it clear there has been fraud.

“A lot can happen in a year,” says Identity Theft Resource Center’s Velasquez. “You change jobs, you move, dependents grow up and leave home. Unless we want to tell the IRS everything we do, they have no way of telling if slightly different information is suspicious.”

As with most other ID theft risks, it’s ultimately a tradeoff between convenience and security. For instance, paying directly at the gas pump with a bank card is convenient, even though there’s a growing risk of “skimming”—when ID thieves surreptitiously install a device in the credit card swiper that records your data.

Even though it can be a hassle, paying the cashier directly is safer.

3 more ID theft scams to look out for

In addition to these scams, here are a few more burgeoning forms of ID theft.

Smishing. This is a twist on the more familiar “phishing,” which is done via email. Smishing involves SMS text messages sent to your cellphone. The scam has become more common as smartphone use increases. The texts can be quite convincing; some even use the name of a friend or relative. The goal is to get you to click on a link that will download malware to your phone.

Most people have anti-virus software on their personal computers or laptops, but very few have this kind of protection on their smartphones. Also useful are the backup and wiping programs available from wireless providers that save your data on their servers and wipe your phone if it’s lost, stolen or compromised.

Doxing. This new term, derived from “document tracing,” is the Internet version of social engineering. ID thieves have become adept at piecing together your information from social networking sites, then using it to elicit more personal data.

According to consulting firm Javelin Strategy and Research, consumers should avoid revealing personal details used as identifying tools in financial accounts, such as their alma mater’s name, their mother’s maiden name, their pet’s name and so on.

Public Wi-Fi. Most people are aware of the risk posed by these types of Internet connections, but many may not realize how easy and prevalent it is for ID thieves to access your data. When you sign on to a Wi-Fi in a café or airport, you’re connected to everyone else on the network, and they have access to your data even if your computer is password-protected.

Don’t do any online shopping that includes your credit card information while logged on to a public Wi-Fi. One remedy is to download a virtual private network (VPN) to keep your private data sealed off from the public network.

The ID Theft Resource Center, which was founded in 1999 by an ID theft victim and is funded by sponsors and partners, has a hotline for victims at 1-888-400-5530. More information on latest trends in ID theft is available at