What is SSN Theft?
Most Americans are assigned a Social Security Number (SSN) at birth. Initially, the purpose was to track individual earnings to determine social security benefits and entitlements upon retirement. Today, not only are they a widely accepted and secure way to prove a person’s identity in the US, but they are also one of the most sensitive pieces of information attached to us. Without one, we cannot purchase houses, obtain loans, work for organizations, or grow a credit score. Moreover, SSNs are highly sensitive, valuable pieces of our identity as Americans and individuals; without one, we’re ghosts. So what happens when our most recognizable identifier is exposed?
SSN theft is when someone uses your number to commit fraud. The process starts with victims having the information stolen; this can happen in many ways, from social engineering attacks or data breaches to malicious actors sifting through trash or employees leaving their laptops open in a cafe. It’s not enough to simply protect your SSN when circumstances beyond your control threaten your SSN. It is the key to your sensitive information, and criminals can use it to rob bank accounts, steal entitlements, and wreak havoc in their victim’s lives.
These types of fraud can seriously damage your identity, financial, and medical records, making it virtually impossible to continue life as usual.
How Would My Social Security
Number Get Stolen?
SSN Phishing
Phishing has become one of the most widely recognizable threats to our data. It consists of a malicious actor “casting out” a “line”, usually an email or text message, meant to entice their potential victim into interaction. Functionally, these actors are data “fishermen”, looking to get a “bite” before stealing the data and SSNs of their “catches”.
Most commonly, these scammers send emails or texts to their victims; however, some have also used voice mails to trick their targets into revealing their information. More often than not, these messages contain malicious links. These links can do anything from downloading malware, redirecting the victim to a fake website, or tricking a person into inputting personal data.
Data Breaches
Data breaches are more prevalent than ever, with entities worldwide announcing the consequences of destructive events every month. Even the most heavily secured organizations, including state and local governments, social media platforms, eCommerce websites, financial entities, and many others, have recently fallen victim to breaches.
No organizations are entirely safe from these events, including the platforms and services we use daily, like stock trading apps, payroll companies, bank accounts, and healthcare provider service portals. These services use SSNs to verify the identity of an account holder; however, because most of these companies do not have advanced SSN encryption mechanisms, when data breaches victimize them, the event may expose the full SSNs of clients and consumers. Further, because a breach can happen at any time and to any organization, the public must have high standards for companies to obtain identifying information like SSNs.
Physical Theft
Public enterprises are primarily virtual these days; data experts prefer paperless communications over physical documents because it’s a more secure way for individuals to review and alter their online accounts. However, some institutions still have physical documentation regardless of the appeal of electronic ink. For this reason, data theft isn’t only possible on the web.
Criminals can steal wallets, backpacks, purses, or even trash bags from your front yard to find something holding your SSN and private information. Such threats are why household shredders are purchasable. Instead of throwing out entire documents, individuals can shred their tax papers, income statements, credit card applications, loan agreements, and anything else with sensitive data. Moreover, in an increasingly paperless society, individuals must be more cautious than ever in disposing and storing their physical data.
Buying Out Employees
Organizations are at risk from more than external data breaches. Their employees may cause data exposures, permissions leaks, or account hijackings. A few unique employees may even profit from their access, and get paid handsomely to disregard their moral and ethical obligations.
Businesses might collect social security numbers for various reasons, like running credit checks for larger purchases or confirming entitlement eligibility status. Public organizations, education institutions, and government entities have an exceptionally high risk for “purchasable employees” regarding SSNs. Moreover, any business can fall victim to unscrupulous employees and criminal benefactors.
How Are Stolen Social Security
Numbers Used?
Credit Fraud
The majority of our population is not only active online but also found within public records. Scammers can easily find their target’s full name, address, and contact information strewn across social media profiles, professional pages, voter registration records, and various public databases; because of this, no one can completely disappear from the Internet, try as they might.
Consequently, although SSNs are usually the final piece of the puzzle necessary for a criminal’s scheme, criminals can launch various plots to leverage what they know once they have them. Depending on their goals, they could open new credit cards, access healthcare perks, apply for mortgages, file phony taxes, or purchase luxury items based on their victim’s credit score.
SSN Takeover
Many organizations rely on SSNs in their identity verification processes. These include financial accounts like PayPal and Venmo, as well as investment applications like Acorns. Mortgage companies, credit bureaus, and medical providers also use SSNs within their systems.
SSNs are a common way for these organizations and many others to verify identities; if criminals learn yours, they can take control of those accounts. They can drain your liquid funds, misuse your credit lines, open mortgages in your name, steal your medical entitlements, and leave you with nothing.
Counterfeit SSN Cards
SSNs alone aren’t enough to prove an identity at many institutions nowadays. Organizations are increasingly requiring authorizations through emails, phones, and one-time tokens. However, it could be a different story if a criminal can back up their claims with a physical SSN card.
Counterfeit SSN cards only need a bit of information to be believable. A victim’s full name, signature, and complete number are the most vital aspects of these fake documents. Furthermore, if a criminal does produce these elements in a counterfeit card, it’s unlikely that an organization will flag it as fake; they could use it successfully in various ways, from receiving stolen medical treatments to bypassing multi-factor authentication.
How Can I Protect Myself
Against SSN Theft?
Keep Your SSN Private
It is vital to keep your SSN private and only share it with trusted sources. The goal is to share your SSN only for a legitimate reason. For example, do not share your SSN with any institution or entity unless necessary. You would not need to share your SSN with your pet’s vet or when making an online dating account, but many of these organizations may ask for it. Politely decline in situations like these.
Instead, share your SSN if and only when necessary, ideally when you trust that the company will keep your data as private as possible. Some examples of these trusted scenarios include:
- Getting a background check or applying for credit
- Reporting your taxes or filling out employment information
- Investing in identity protection services
- Performing a cash transaction over $10,000
- Applying for government benefits or aid
Individuals must keep all their personal information private unless necessary; SSNs aside, the rise of social media has ushered in an era of oversharing online. By consciously restricting the information we share about ourselves, we can make the job of cybercriminals more challenging, if not deter them completely.
Use Identity Theft Monitoring
Online identity monitoring services are the best way to monitor your information and other personal data. This is especially true for those accounts we don’t check daily. These may include identity, loan, mortgage, and medical record accounts. Members of these services receive notifications and alerts whenever a data breach or element exposure puts their personal information on scam websites or the dark web. Monitoring professionals like IDStrong prevent and proactively mitigate exposed individuals from further victimization via identity, medical, reputation, and financial scams.
Check for Breaches Regularly
From the public’s perspective, organizations must notify individuals of data breaches; this is true, but to a limited extent. Although localized guidelines exist, no federal regulations surround the necessary response to a data breach. The issue with having no federal regulations is that the local governments determine the characteristics of a breach notification.
For example, all breaches impacting Maine residents must notify the state’s Attorney General Office of the event; however, multiple states allow organizations full self-regulation. In function, this means when a company gets breached, and the stakeholders determine that the stolen data is not “of significant value,” they may not notify the victims of the event. For this reason, everyone must review their vital accounts. Potential victims must contact professionals to investigate if any information about you or your accounts seems out of place, incorrect, or suspicious. We recommend that you regularly scan your details to see if your sensitive data has been breached or exposed.
Store and Shred Documents
Before disposing of any sensitive document, especially those that include your SSN, censor and shred it. Censoring information on documents is simple with the help of a confidential rolling stamp, which individuals can purchase through any office supplier or online. These rollers work even better than a Sharpie, as the stamped symbols mitigate the ability of a malicious actor to see the sensitive data printed below them. These stamps and a household shredder make protecting your disposed documents easy and efficient.
Everyone should hold on to some of their unique documents instead of disposing of them. For example, everyone should save tax-related documents, proof of income, and property records for at least seven years past their issuing date. For many, the most efficient way to organize these documents is by making digital copies and saving those to a trusted device. However, in the cybersecurity world, not all devices are equal; Windows and Mac have built-in options for encrypting files behind a password. For individuals, this means if you’re saving documents to your at-home computer, you can lock them behind additional security. Encrypted cloud storage services like Google Drive, OneNote, iCloud, and Dropbox are also excellent options for further file security and allow for easy access.
What to Do if Your SSN
was Compromised
Run a Dark Web Scan
Most victims won’t know their SSN is gone until it’s too late, and the thieves have made off with profits. Routinely checking the status of an SSN is one way to mitigate these potentials; the most efficient way to do this is by routinely running dark web scans. These scans scour the dark web, alerting users if their SSN appears. IDStrong takes this service a step further, offering recovery assistance for those who discover their information in the crevices of the dark net.
Freeze Your Credit Score
Your credit is one of the most vital details attached to you; without it, individuals couldn’t purchase cars, apply for loans, or purchase homes. Events that change your credit have additional impacts on your daily life. If you suspect that someone stole your SSN, freeze your credit, this may help to mitigate the criminal’s options for profit while protecting your investments.
Enable Multi-factor Authentications
When cybersecurity was still relatively new, experts argued for two-factor authentication. These days, criminals can surpass two-factor authentication, mainly when employees use default passwords and permissions. Victims of SSN theft must enable additional verification processes, without these security measures, the right criminal could walk directly into the network.
Update Passwords and Usernames
Passwords and usernames are essential to modern life, from personal social media to work projects and vendor accounts to paying bills, it all happens online. In a perfect world, each individual would use a password manager to generate and maintain these credentials; however, individuals are more likely than ever to share duplicate credentials between accounts. Updating these passwords and changing usernames can significantly help restrict the influence of a criminal, especially if they’ve already entered the account.
Review Bank and Medical Statements
If you suspect someone is misusing your SSN, request official account statements from the places they may have impacted; this includes financial and medical institutions for most, but others may also consider their mortgage and loan providers. Look for any activity that does not align with your knowledge. For example, if a criminal steals an SSN for medical fraud, the biannual Explanation of Benefits will list the expenditure of those entitlements. If you discover suspicious activity, notify the organization ASAP.
"Self-Lock" Your SSN on myE-verify
SSNs also dictate whether a person can work in the United States. Developed as a collaboration between government entities, MyE-verify is the most used tool for employers to determine a person’s employment eligibility. If your SSN is stolen and misused, you might miss future opportunities. A quick and efficient way to deal with these problems is by going to the website and “self-locking” your SSN; this stops the account from accepting new updates automatically, protecting you and your prospects.
Report Suspicious Activity to the Authorities
Although cyber experts suggest notifying the authorities of suspicious actions within accounts, actually complaining may be less straightforward. If you find suspicious activity online, report it to the national cyber crime hub, the Internet Crime Complaint Center (IC3), or they can report it to the Federal Trade Commission (FTC); alternatively, to make a report in person, head to the closest FBI field office. Meanwhile, those who suspect they’ve found a scam can receive nuanced recommendations from the official US government information guide.
Enroll in Identity & Credit Monitoring
When people learn their SSN may be compromised (or notice suspicious activity within their accounts), they must start exploring preventative options. IDStrong is one of these preventative options, we scour the dark web for your information. If we discover your data is out there, alert you and help you to begin working on available solutions; we also continue to monitor your information and alert you if it shows up anywhere else or in other breaches. Stolen SSNs are not confidential after exposure; however, with the help of IDStrong experts, victims can mitigate and defend data from further misuse.
How IDStrong Works
1. Monitor
We continuously monitor your personal and financial information, scouring the dark web for potential threats, active data breaches, and network element leaks.
2. Alert
If we locate your information somewhere in the dark recesses of the Internet, we will instantly notify you, alerting you to any information leaked, exposed, or breached.
3. Resolve
We won’t just alert you of the dangers; we’ll help you resolve them. Our identity protection experts are available 24/7 to help you take the necessary actions to restore your identity and get back to normalcy.
Our Benefits
Identity Monitoring
Our business is monitoring billions of records on the dark web. If we find anything about your information, we alert you to the risks and offer recovery strategies.
Credit Monitoring
One of the essential elements of your identity is that we monitor your credit profile for suspicious inquiries, new loans, or credit-related changes. That means no surprises when it’s time to put a down payment on your dream home or car.
Privacy Monitoring
Personal information is the lifeblood of data brokers. They collect and sell it on a massive scale, and when your data is harvested online and neatly parceled into their systems, we allow you to remove it with a click.
Up to $1 million Identity Theft Insurance *
If you are a victim of ID theft, we’ve got you covered. We will cover up to $1 million for theft recovery expenses. If the worst happens, that gives you peace of mind and a financial safety net.
Lost Wallet Assistance
We’ve got you covered, even if your wallet is lost or stolen. We’ll provide quick, reliable help navigating the world of data defense and structure the best recovery options for your situation. Our experts walk you through the process step-by-step.
Identity Restoration
If you experience identity theft, our expert fraud resolution team will deliver personalized support; we’ll investigate the situation, recover what we can, and restore your identity to its rightful status.
* The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company.
Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.
Frequently Asked Questions
About SSN Theft
How likely am I to become a victim of SSN theft?
In 2021, the FBI reported 51,600 cases of SSN-related identity theft. However, this number is relatively low compared to the recorded 5.7 million identity theft cases two years later. Furthermore, this year will likely be the most dangerous with the rise of ever-developing technologies. These numbers are even worse when we acknowledge the massive number of unreported instances.
We suggest using our free identity scan to see what data might be available online; this is vital in determining your overall theft risk.
Can I protect against all SSN theft?
Unfortunately, there’s no surefire way to prevent SSN theft. You often must use your social security number for credit checks, which criminals can exploit in a data breach. The only option is to be as careful as possible and stay vigilant for any signs of it.
You can also initiate identity monitoring alerts that notify you when sensitive information appears online. These allow you to assess your data’s danger and preemptively set up safety measures like credit freezes or additional account authorizations.
Does Identity Monitoring help identify SSN theft?
Identity monitoring does not identify SSN theft. Instead, it indicates when you’re at risk of it, making it a powerful tool for setting up preventative measures.
For example, IDStrong’s monitoring service tells you when your email, name, and SSN have appeared on a scam site. These alerts let you respond before any permanent damage. Further, they can freeze your credit, preventing new accounts from opening in your name.
What to do if I am a victim of SSN theft?
If you’ve been the victim of SSN theft, your first step is to file a report with the Federal Trade Commission (FTC). The FTC will give you a report allowing you to place a credit freeze with one of the three major credit bureaus.
A credit freeze prevents anyone from accessing your credit report, stops criminals from opening accounts in your name, and restricts the damages those criminals can cause to your long-term score, and life in general.
Review your financial, credential, and social security statements for suspicious charges or missing money. Always request itemized documents, as some charges can be combined and hidden from sight within regular documentation.
What are the signs of SSN theft?
The most recognizable signs of SSN theft are unauthorized transactions in your bank accounts, especially those linked to credit or debit cards. Look for unexpected letters, emails, or notifications from your financial institutions that you don’t recognize or did not request.
Although your credit score changes daily, some changes in your credit score can also warn you about identity theft. If a scammer opens new lines of credit or attempts a scheme that requires a hard inquiry, your rating will surely plummet.
Can SSN theft result in a monetary loss?
In 2021, social security number theft resulted in $281 million in losses. Since many identity thieves know how to fly under the radar, it could be years before officials catch them, thus giving them ample time to empty bank accounts, destroy credit records, steal assets, and rack up enormous amounts of debt in their victim’s name.
How easy is it to detect SSN theft?
Financial scams are usually challenging to detect because the victim is unaware that the fraud is occurring. Consequently, the best way to ensure your information stays secure is to take a proactive approach, such as checking all your accounts for suspicious activity and using an identity monitoring service for regular financial alerts.
Monitoring your SSN allows you to be proactive and defensive. It also lets you know if anyone is trying to misuse your identity and personal information. Criminals may be closer than you realize. Partner with ID Strong to keep your information protected!