What is SSN Theft?

SSN Phishing

Phishing has become one of the most widely recognizable threats to our data. It consists of a malicious actor “casting out” a “line”, usually an email or text message, meant to entice their potential victim into interaction. Functionally, these actors are data “fishermen”, looking to get a “bite” before stealing the data and SSNs of their “catches”.

Most commonly, these scammers send emails or texts to their victims; however, some have also used voice mails to trick their targets into revealing their information. More often than not, these messages contain malicious links. These links can do anything from downloading malware, redirecting the victim to a fake website, or tricking a person into inputting personal data.

Data Breaches

Data breaches are more prevalent than ever, with entities worldwide announcing the consequences of destructive events every month. Even the most heavily secured organizations, including state and local governments, social media platforms, eCommerce websites, financial entities, and many others, have recently fallen victim to breaches.

No organizations are entirely safe from these events, including the platforms and services we use daily, like stock trading apps, payroll companies, bank accounts, and healthcare provider service portals. These services use SSNs to verify the identity of an account holder; however, because most of these companies do not have advanced SSN encryption mechanisms, when data breaches victimize them, the event may expose the full SSNs of clients and consumers. Further, because a breach can happen at any time and to any organization, the public must have high standards for companies to obtain identifying information like SSNs.

Physical Theft

Public enterprises are primarily virtual these days; data experts prefer paperless communications over physical documents because it’s a more secure way for individuals to review and alter their online accounts. However, some institutions still have physical documentation regardless of the appeal of electronic ink. For this reason, data theft isn’t only possible on the web.

Criminals can steal wallets, backpacks, purses, or even trash bags from your front yard to find something holding your SSN and private information. Such threats are why household shredders are purchasable. Instead of throwing out entire documents, individuals can shred their tax papers, income statements, credit card applications, loan agreements, and anything else with sensitive data. Moreover, in an increasingly paperless society, individuals must be more cautious than ever in disposing and storing their physical data.

Buying Out Employees

Organizations are at risk from more than external data breaches. Their employees may cause data exposures, permissions leaks, or account hijackings. A few unique employees may even profit from their access, and get paid handsomely to disregard their moral and ethical obligations.

Businesses might collect social security numbers for various reasons, like running credit checks for larger purchases or confirming entitlement eligibility status. Public organizations, education institutions, and government entities have an exceptionally high risk for “purchasable employees” regarding SSNs. Moreover, any business can fall victim to unscrupulous employees and criminal benefactors.

Keep Your SSN Private

It is vital to keep your SSN private and only share it with trusted sources. The goal is to share your SSN only for a legitimate reason. For example, do not share your SSN with any institution or entity unless necessary. You would not need to share your SSN with your pet’s vet or when making an online dating account, but many of these organizations may ask for it. Politely decline in situations like these.

Instead, share your SSN if and only when necessary, ideally when you trust that the company will keep your data as private as possible. Some examples of these trusted scenarios include:

• Getting a background check or applying for credit
• Reporting your taxes or filling out employment information
• Investing in identity protection services
• Performing a cash transaction over $10,000
• Applying for government benefits or aid

Individuals must keep all their personal information private unless necessary; SSNs aside, the rise of social media has ushered in an era of oversharing online. By consciously restricting the information we share about ourselves, we can make the job of cybercriminals more challenging, if not deter them completely.

Use Identity Theft Monitoring

Online identity monitoring services are the best way to monitor your information and other personal data. This is especially true for those accounts we don’t check daily. These may include identity, loan, mortgage, and medical record accounts. Members of these services receive notifications and alerts whenever a data breach or element exposure puts their personal information on scam websites or the dark web. Monitoring professionals like IDStrong prevent and proactively mitigate exposed individuals from further victimization via identity, medical, reputation, and financial scams.

Check for Breaches Regularly

From the public’s perspective, organizations must notify individuals of data breaches; this is true, but to a limited extent. Although localized guidelines exist, no federal regulations surround the necessary response to a data breach. The issue with having no federal regulations is that the local governments determine the characteristics of a breach notification.

For example, all breaches impacting Maine residents must notify the state’s Attorney General Office of the event; however, multiple states allow organizations full self-regulation. In function, this means when a company gets breached, and the stakeholders determine that the stolen data is not “of significant value,” they may not notify the victims of the event. For this reason, everyone must review their vital accounts. Potential victims must contact professionals to investigate if any information about you or your accounts seems out of place, incorrect, or suspicious. We recommend that you regularly scan your details to see if your sensitive data has been breached or exposed.

Store and Shred Documents

Before disposing of any sensitive document, especially those that include your SSN, censor and shred it. Censoring information on documents is simple with the help of a confidential rolling stamp, which individuals can purchase through any office supplier or online. These rollers work even better than a Sharpie, as the stamped symbols mitigate the ability of a malicious actor to see the sensitive data printed below them. These stamps and a household shredder make protecting your disposed documents easy and efficient.

Everyone should hold on to some of their unique documents instead of disposing of them. For example, everyone should save tax-related documents, proof of income, and property records for at least seven years past their issuing date. For many, the most efficient way to organize these documents is by making digital copies and saving those to a trusted device. However, in the cybersecurity world, not all devices are equal; Windows and Mac have built-in options for encrypting files behind a password. For individuals, this means if you’re saving documents to your at-home computer, you can lock them behind additional security. Encrypted cloud storage services like Google Drive, OneNote, iCloud, and Dropbox are also excellent options for further file security and allow for easy access.

Run a Dark Web Scan

Most victims won’t know their SSN is gone until it’s too late, and the thieves have made off with profits. Routinely checking the status of an SSN is one way to mitigate these potentials; the most efficient way to do this is by routinely running dark web scans. These scans scour the dark web, alerting users if their SSN appears. IDStrong takes this service a step further, offering recovery assistance for those who discover their information in the crevices of the dark net.

Freeze Your Credit Score

Your credit is one of the most vital details attached to you; without it, individuals couldn’t purchase cars, apply for loans, or purchase homes. Events that change your credit have additional impacts on your daily life. If you suspect that someone stole your SSN, freeze your credit, this may help to mitigate the criminal’s options for profit while protecting your investments.

Enable Multi-factor Authentications

When cybersecurity was still relatively new, experts argued for two-factor authentication. These days, criminals can surpass two-factor authentication, mainly when employees use default passwords and permissions. Victims of SSN theft must enable additional verification processes, without these security measures, the right criminal could walk directly into the network.

Update Passwords and Usernames

Passwords and usernames are essential to modern life, from personal social media to work projects and vendor accounts to paying bills, it all happens online. In a perfect world, each individual would use a password manager to generate and maintain these credentials; however, individuals are more likely than ever to share duplicate credentials between accounts. Updating these passwords and changing usernames can significantly help restrict the influence of a criminal, especially if they’ve already entered the account.

Review Bank and Medical Statements

If you suspect someone is misusing your SSN, request official account statements from the places they may have impacted; this includes financial and medical institutions for most, but others may also consider their mortgage and loan providers. Look for any activity that does not align with your knowledge. For example, if a criminal steals an SSN for medical fraud, the biannual Explanation of Benefits will list the expenditure of those entitlements. If you discover suspicious activity, notify the organization ASAP.

"Self-Lock" Your SSN on myE-verify

SSNs also dictate whether a person can work in the United States. Developed as a collaboration between government entities, MyE-verify is the most used tool for employers to determine a person’s employment eligibility. If your SSN is stolen and misused, you might miss future opportunities. A quick and efficient way to deal with these problems is by going to the website and “self-locking” your SSN; this stops the account from accepting new updates automatically, protecting you and your prospects.

Report Suspicious Activity to the Authorities

Although cyber experts suggest notifying the authorities of suspicious actions within accounts, actually complaining may be less straightforward. If you find suspicious activity online, report it to the national cyber crime hub, the Internet Crime Complaint Center (IC3), or they can report it to the Federal Trade Commission (FTC); alternatively, to make a report in person, head to the closest FBI field office. Meanwhile, those who suspect they’ve found a scam can receive nuanced recommendations from the official US government information guide.

Enroll in Identity & Credit Monitoring

When people learn their SSN may be compromised (or notice suspicious activity within their accounts), they must start exploring preventative options. IDStrong is one of these preventative options, we scour the dark web for your information. If we discover your data is out there, alert you and help you to begin working on available solutions; we also continue to monitor your information and alert you if it shows up anywhere else or in other breaches. Stolen SSNs are not confidential after exposure; however, with the help of IDStrong experts, victims can mitigate and defend data from further misuse.