Your Bank > Education and Advice > CNB University

Identity Theft 101 & Best Practices

By Ryan L. Kaiser, CFE, Assistant Fraud Risk Manager, Canandaigua National Bank & Trust

In the wake of the COVID-19 pandemic, reported incidents of fraud and identity theft increased in frequency substantially. The FTC has reported a mild reduction in year-over-year fraud complaint count in 2022 for the first time since 2016. Still, during 2022, the FTC states that approximately 1.1 million complaints related to identity theft were received, comprising roughly 22% of overall fraud-related complaints. Identity theft consistently tops the charts for fraud-related complaint types, with the most common three scheme types of credit card fraud, bank fraud, and loan fraud.

In today’s environment, opportunity for fraudsters is endless. Data breaches have become more and more common, bad actors can buy or sell illicit identity information online, and thieves can also engage in more primitive methods of nefarious activity such as dumpster diving. Regardless of the method, the results can be extremely lucrative for criminals. The FTC reports that consumers were scammed out of $8.8 billion through various fraud schemes in 2022. Review the following methods utilized by bad actors to steal identities and consider the following best practices to stay protected!

How Are Identities Stolen?

  • Lost wallets or purses – easy access to credit cards, debit cards, social security cards, drivers’ licenses, and other sensitive documents.
  • Mailbox theft – checks, bank statements, and other sensitive account information can be obtained by bad actors through simple theft.
  • Public Wi-Fi hacking – unsecured connections shouldn’t be utilized for shopping, banking, or sensitive transactions, as information can be intercepted by fraudsters!
  • Data breaches – according to the Identity Theft Resource Center’s report on 2022 breaches, there were over 1,800 unique data breach events throughout the year – equal to approximately 5 per day!
  • SIM card swaps – fraudsters take over a phone number without authorization from the consumer.
  • Phishing, SMShing, spoofing – bogus outreach attempts via email, text message, or phone call which aim to trick consumers into turning over personal information.
  • Skimming – the act of fraudulently obtaining credit card information from a device installed at a gas pump or ATM.
  • ‘Shoulder surfing’ – fraudsters can obtain passwords or card numbers by looking over your shoulder or watching you type on your device.
  • Malware – opening a malicious email attachment or link can deploy software on your device, such as a keylogger. Once installed, bad actors use this information to steal usernames, passwords, and other sensitive information.

Best Practices for Protection

  • Trust your gut – if you receive an unsolicited phone call, text message, or email and something seems ‘off’, you are probably correct; do not engage!
  • Check financial or bank statements regularly, reviewing judiciously for unauthorized / irregular activity, transactions that you did not initiate, or anything else that seems out of the ordinary.
  • Check credit reports regularly for potential fraudulent loans or lines of credit opened in your name.
  • Use strong, complex passwords, which are frequently updated.
  • Do not use the same password for multiple accounts.
  • Use multi-factor authentication on accounts where it is available.
  • Be cautious about what information you share online via social media; consider adjusting your privacy settings on social media profiles.
  • Avoid social media quizzes which poll users for specific personal information - fraudsters can leverage this data to commit identity theft!
  • Consider going paperless for bills or account statements to mitigate potential document theft risk.
  • Safely dispose of old or outdated documents containing personal information, such as old credit cards, tax returns, medical records, bank statements, or utility bills.

If your identity has been stolen – consider the following steps –

  • Contact the companies where the fraud occurred to inform them of the incident.
  • Report the incident to the FTC.
  • Consider setting up a credit freeze or block with the credit bureaus for protection moving forward.
  • Consider having your devices checked by an IT professional for potential malware/virus threats.
  • Change applicable passwords.
  • Notify your bank.
  • Consider closing an account and opening a new one if the incident occurred with a service provider you do conduct business with.
  • Report the incident to law enforcement if you feel inclined.

Our Commitment to Help Protect You

Questions related to identity theft or fraud? Feel free to contact us for additional information.

  • CNB Security Center contains relevant fraud articles and resources.
  • CNB offers customer-centric seminars hosted throughout the year-
  • Certified fraud professionals are available to assist when you need it.
  • Follow us on social media to stay up to date on emerging trends and fraud threats.