In the last year, simply through the Anthem and Office of Personnel Management hacks alone, hackers gained access to the Social Security numbers of nearly one in three Americans. Many people naively believe that, because no one has cleared out their bank accounts or opened false credit cards in their names, hackers simply decided not to use their Social Security numbers.
In reality, your information has already been compromised, whether you know it or not.
How Hackers Use Stolen Data
Your Social Security number is like the master key to your financial life. Imagine attempting to purchase a house and finding out that several credit cards have been opened in your name — no bank is going to give you a loan when you have tens of thousands of dollars in outstanding debt.
As scary as that might sound, there are far worse things hackers can do with your Social Security number:
- Open Credit Lines
A simple credit card isn’t the only line of credit you should be worried about. Bank loans and predatory payday loans (which usually come with a nearly 400 percent annual percentage rate) are fair game. Most thieves aren’t worried about what they do to others’ credit scores or debt loads after they take the money and run.
- Drain Accounts
Checking and savings accounts are a start, but hackers gladly let victims pay those early-withdrawal penalties as they move on to 401(k)s and individual retirement accounts.
- Frame Others
Even the simplest case of identity theft takes years to recover from, but with the right information, identity thieves can frame you for their crimes while they take your money and run. For one innocent man, this led to multiple arrests and jail stints.
Despite what you see in the movies, it doesn’t take a computer genius to steal a Social Security number. Hackers can steal identities in several ways.
How Hackers Get Information
Your Social Security number isn’t safe, no matter what you’ve been told. Besides the fact that you’re constantly asked to give it away, hackers have their own methods for getting ahold of it — even when you think you’re on the safest website known to man.
The easiest method, social engineering, works by tricking people into giving up their information willingly. A thief will call, pretending to be a debt collector or similar entity, asking someone to verify her information before the call can proceed. A lot of times, the thief will threaten a lawsuit if he doesn’t receive money from the innocent person on the other end of the line — prompting the person to both give up her personal information and give him money over the phone.
Once he has that personal information, he can use it to get whatever he wants.
Another method comes from rudimentary vectors. A vector refers to the way a thief accesses someone’s information — rudimentary vectors are the simplest. Emails with links to fake websites ask users to enter their sensitive information. These emails will sometimes appear to be from a trusted institution, like a bank or an employer.
But just because hackers usually don’t need to resort to advanced techniques doesn’t mean they can’t. By spending just $300, some hackers recently built a machine that can steal confidential information simply by being near a computer.
The Social Security number is dead, but until new methods become reality, a consumer’s best strategy is to stay vigilant.
How to Stay Protected
With all the ways hackers can access information, it’s quite likely that every American has an at-risk or compromised identity. To mitigate the damages, people must remain alert and act on any suspicious account updates.
Credit protection services, such as Bank of America’s Privacy Assist, provide protection for people trying to stay ahead of thieves by monitoring potential weaknesses and alerting users to dangers. When you see a suspicious line of credit or an unknown inquiry into your credit — even if it seems trivial — call and double-check.
Nothing replaces due diligence, and many people simply ignore the risks. Nearly 75 percent of people would not immediately act to protect their identity if they heard news of a potential data breach; of that number, almost half would completely ignore the alert.
It’s almost impossible to stop a determined thief, but preparing to respond quickly can save victims most of the time, expense, and stress of an identity theft.
About the Author: Daniel Riedel is the CEO of New Context, a rapidly growing consulting company in the heart of downtown San Francisco that specializes in lean security and helping companies build better software. Daniel has experience in engineering, operations, analytics, and product development. Previously, he founded a variety of ventures that worked with companies such as Disney, AT&T, and the National Science Foundation.