ID Theft, Fraud & Victims of Cybercrime
If you're the victim of cybercrime, you need to know what to do and respond quickly. When dealing with cybercrime, an ounce of prevention is truly worth a pound of cure. Cybercrime in all its many forms (e.g., online identity theft, financial fraud, stalking, bullying, hacking, e-mail spoofing, information piracy and forgery, intellectual property crime, and more) can, at best, wreak havoc in victims’ lives through major inconvenience and annoyance. At worst, cybercrime can lead to financial ruin and potentially threaten a victim’s reputation and personal safety.
It’s always wise to do as much as possible to prevent cybercrime.
One of the best ways to learn how to prevent cybercrime is to check out STOP. THINK. CONNECT. at stopthinkconnect.org.
But, despite our best efforts, our increasingly digital lives may put us in harm’s way. The fact remains that the bad guys continue to find new uses for ever-expanding—but easily accessible—online technologies to steal, harass, and commit all sorts of crime. If cybercrime happens to you, you need to know what to do and to respond quickly.
Cybercrime can be particularly difficult to investigate and prosecute because it often crosses legal jurisdictions and even international boundaries. And, many offenders disband one online criminal operation—only to start up a new activity with a new approach—before an incident even comes to the attention of the authorities.
The good news is that federal, state, and local law enforcement authorities are becoming more sophisticated about and devoting more resources to responding to cybercrime. Furthermore, over the past several years, many new anti-cybercrime statutes have been passed empowering federal, state, and local authorities to investigate and prosecute these crimes. But, law enforcement needs your help to stop the nefarious behavior of cyber criminals and bring them to justice.
Who to contact:
- Local law enforcement. Even if you have been the target of a multijurisdictional cybercrime, your local law enforcement agency (either police department or sheriff’s office) has an obligation to assist you, take a formal report, and make referrals to other agencies, when appropriate. Report your situation as soon as you find out about it. Some local agencies have detectives or departments that focus specifically on cybercrime.
- IC3. The Internet Crime Complaint Center (IC3) will thoroughly review and evaluate your complaint and refer it to the appropriate federal, state, local, or international law enforcement or regulatory agency that has jurisdiction over the matter. IC3 is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center (funded, in part, by the Department of Justice’s Bureau of Justice Assistance). Complaints may be filed online at ic3.gov/default.aspx.
- Federal Trade Commission (FTC). The FTC does not resolve individual consumer complaints, but does operate the Consumer Sentinel, a secure online database that is used by civil and criminal law enforcement authorities worldwide to detect patterns of wrong-doing, leading to investigations and prosecutions. File your complaint at ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en. Victims of identity crime may receive additional help through the FTC hotline at 1-877-IDTHEFT (1-877-438-4388); the FTC website at identitytheft.gov provides resources for victims, businesses and law enforcement.
- Your Local Victim Service Provider. Most communities in the United States have victim advocates ready to help following a crime. They can provide information, emotional support and advocacy as needed. Find local victims service providers here: http://ovc.ncjrs.gov/findvictimservices/search.asp
Even though you may not be asked to provide evidence when you first report the cybercrime, it is very important to keep any evidence you may have related to your complaint. Keep items in a safe location in the event you are requested to provide them for investigative or prosecutive evidence. Evidence may include, but is not limited to, the following:
- Canceled checks
- Certified or other mail receipts
- Chatroom or newsgroup text
- Credit card receipts
- Envelopes (if you received items via FedEx, UPS, or U.S. Mail)
- Log files, if available, with date, time and time zone
- Messages from Facebook, Twitter or other social networking sites
- Money order receipts
- Pamphlets or brochures
- Phone bills
- Printed or preferably electronic copies of emails (if printed, include full email header information)
- Printed or preferably electronic copies of web pages
- Wire receipts
Once you discover that you have become a victim of cybercrime, your response will depend, to some degree, on the type and particular circumstances of the crime. Here are useful tips to follow for some specific types of cybercrimes:
In cases of identity theft:
- Make sure you change your passwords for all online accounts. When changing your password, make it long, strong and unique, with a mix of upper and lowercase letters, numbers and symbols. You also may need to contact your bank and other financial institutions to freeze your accounts so that the offender is not able to access your financial resources.
- Close any unauthorized or compromised credit or charge accounts. Cancel each credit and charge card. Get new cards with new account numbers. Inform the companies that someone may be using your identity, and find out if there have been any unauthorized transactions. Close accounts so that future charges are denied. You may also want to write a letter to the company so there is a record of the problem.
- Think about what other personal information may be at risk. You may need to contact other agencies depending on the type of theft. For example, if a thief has access to your Social Security number, you should contact the Social Security Administration. You should also contact your state Department of Motor Vehicles if your driver's license or car registration are stolen.
- File a report with your local law enforcement agency. Even if your local police department or sheriff’s office doesn’t have jurisdiction over the crime (a common occurrence for online crime which may originate in another jurisdiction or even another country), you will need to provide a copy of the law enforcement report to your banks, creditors, other businesses, credit bureaus, and debt collectors.
- If your personal information has been stolen through a corporate data breach (when a cyberthief hacks into a large database of accounts to steal information, such as Social Security numbers, home addresses, and personal email addresses), you will likely be contacted by the business or agency whose data was compromised with additional instructions, as appropriate. You may also contact the organization’s IT security officer for more information.
- If stolen money or identity is involved, contact one of the three credit bureaus to report the crime (Equifax at 1-800-525-6285, Experian at 1-888-397-3742, or TransUnion at 1-800-680-7289). Request that the credit bureau place a fraud alert on your credit report to prevent any further fraudulent activity (such as opening an account with your identification) from occurring. As soon as one of the bureaus issues a fraud alert, the other two bureaus are automatically notified.
For additional resources, visit the Identity Theft Resource Center at www.idtheftcenter.org or the Federal Trade Commission at identitytheft.gov.
In cases of Social Security fraud:
- If you believe someone is using your social security number for employment purposes or to fraudulently receive Social Security benefits, contact the Social Security Administration’s fraud hotline at 1-800-269-0271. Request a copy of your social security statement to verify its accuracy.
For additional resources, visit the Social Security Administration at oig.ssa.gov/report-fraud-waste-or-abuse.
In cases of online stalking:
- In cases where the offender is known, send the stalker a clear written warning saying the contact is unwanted and asking that the perpetrator cease sending communications of any kind. Do this only once and do not communicate with the stalker again (Ongoing contact usually only encourages the stalker to continue the behavior).
- Save copies of all communication from the stalker (e.g., emails, threatening messages, messages via social media) and document each contact, including dates, times and additional circumstances, when appropriate.
- File a complaint with the stalker’s Internet Service Provider (ISP) and yours. Many ISPs offer tools that filter or block communications from specific individuals.
- Own your online presence. Set security and privacy settings on social networks and other services to your comfort level of sharing.
- Consider changing your email address and ISP; use encryption software or privacy protection programs on your computer and mobile devices. (You should consult with law enforcement before changing your email account. It can be beneficial to the investigation to continue using the email account so law enforcement can also monitor communication.)
- File a report with local law enforcement or contact your local prosecutor’s office to see what charges, if any, can be pursued. Stalking is illegal in all 50 states and the District of Columbia.
For additional resources, visit the Stalking Resource Center at ncvc.org/src.
In cases of cyberbullying:
- Tell a trusted adult about what’s going on.
- Save any of the related emails, texts, or messages as evidence.
- Keep a record of incidents.
- Report the incident to the website’s administrator; many websites including Facebook and YouTube encourage users to report incidents of cyberbullying.
- Block the person on social networks and in email.
- Avoid escalating the situation: Responding with hostility is likely to provoke a bully. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. If you or your child receives unwanted email messages, consider changing your email address. The problem may stop. If you continue to get messages at the new account, you may have a strong case for legal action.
- If the communications become more frequent, the threats more severe, the methods more dangerous and if third-parties (such as hate groups and sexually deviant groups) become involved—the more likely law enforcement needs to be contacted and a legal process initiated.
For more information, visit stopcyberbullying.org and ncpc.org/cyberbullying.
Many cybercrimes start with malware—short for “malicious software.” Malware includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent—you may have downloaded the malware without even realizing it! These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information and commit fraud. If you think your computer has malware, you can file a complaint with the Federal Trade Commission at ftc.gov/complaint.
Avoid malware with the following tips from the STOP. THINK. CONNECT. campaign:
- Keep a clean machine by making sure your security software, operating system and web browser are up to date.
- When in doubt throw it out. Don’t click on any links or open attachments unless you trust the source.
- Make your password a sentence. A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
- Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
- Set your browser security high enough to detect unauthorized downloads.
- Use a pop-up blocker (the links in pop-up ads are notorious sources of malware).
- Back up your data regularly (just in case your computer crashes).
- Protect all devices that connect to the Internet. Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from malware.
- Make sure all members of your family follow these safety tips (one infected computer on a home network can infect other computers).
Follow these STOP. THINK. CONNECT. tips to help protect your personal information:
- Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
- Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
- Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords.
- Own your online presence: Set the privacy and security settings on websites to your comfort level for information sharing when they are available. It’s OK to limit how and with whom you share information.
- Get two steps ahead: Turn on two-step authentication – also known as two-step verification or multi-factor authentication – on accounts where available. Two-factor authentication can use anything from a text message to your phone to a token to a biometric like your fingerprint to provide enhanced account security.
The National Cyber Security Alliance would like to thank the National Sheriffs’ Association and International Association of Chiefs of Police for their assistance in creating this resource.