Employment Identity Theft: What Is It And How Can You Prevent It?
While living in ignorance can be blissful, as the government clamps down on illegal immigrants gaining employment in the US, incidents of employment identity theft look set to soar.
The Treasury Inspector General for Tax Administration (TIGTA) believes the cases of employment identity theft exceed IRS estimates, making it more common than many of us imagined. What’s more, not only can those committing employment identity theft apply for jobs in your name, they can also gain access to your tax refunds and may even claim social security benefits under your name.
Employment identity theft is potentially devastating, which makes both awareness and prevention vital for employees and employers alike.
Employment Identity Theft: What Is It And How Can You Prevent It?
The accepted employment identity theft definition is when another person uses your identity, usually in the form of a social security number, to apply for a job under false pretenses. Employment identity theft is often more difficult to detect than some forms of identity theft, like existing account takeovers, for example, which, if you check your bank statements and credit card payments regularly, are easy to pick up on.
As there is often no immediate impact on the victim, employment identity theft can go unnoticed for months, or even years. For many people, it’s only once a job application proves unsuccessful that they realize that something’s amiss and start unraveling the evidence that may eventually lead them to the perpetrator of the employment identity theft incident.
You can help prevent employment identity theft by keeping your social security number under lock and key rather than brandishing it around like a virtual lightsaber. There are a few other ways to prevent and facilitate the early detection of employment identity theft, and one of the most effective of which is to use identity theft protection software, like Identity Guard.
Employers also have a responsibility to protect their employees’ sensitive information and guard it against employment identity theft and some companies are now introducing certain security measures, such as limiting access to personnel files and using numbers other than social security numbers to identify employees on both payroll and healthcare systems.
How Does an Employment Identity Thief Access My Data?
While we might imagine that most individuals committing employment identity theft are rummaging through dumpsters or the Dark Web to gather the information they need to attack, the truth is, “identity theft as the result of employee information stolen in the workplace by a fellow employee is a much more likely case”. Personnel files don’t just contain your social security number but also the details you submitted in your job application and the data used to administer healthcare benefits.
Businesses that regularly employ temporary workers to perform routine administerial functions expose their employees to a greater risk of identity theft. While many companies run background checks on their full-time employees, temporary workers often slip under the radar, deftly avoiding background checks and other security controls in the employer’s urgency to fill the position.
One New York human resources professional revealed the problems he experienced after failing to properly screen a temporary worker. The temporary employee had been employed to clean up the personnel files of 3,000 employers. Instead, “he was going into these files, taking people’s social security numbers and stealing all of their information”.
By the time a fraud investigator was called in, three employees had complained that their banking information had been changed or their accounts compromised. Although the culprit was arrested, it took the victims of this instance of employment identity theft over a year to resolve the situation and recover from the aftermath.
While this example of employment identity theft resulted in a different type of identity theft, namely existing account takeover, it nonetheless illustrates how much responsibility employers have when it comes to safeguarding their workers’ sensitive data.
How to Prevent Employment Identity Theft as an Individual
There is little you can personally do about the information held by your employers, but there are other ways you can reduce the threat of employment identity fraud.
A clear understanding of the employment identity theft definition is a step in the right direction while keeping tabs on your social security number is another. If you are gainfully employed, however, chances are you don’t’ have the time to scroll through millions of websites checking to see if your social security number is up for sale. This is why more people are turning to the best identity theft protection services to do it for them.
While some of the best antivirus software packages, like Macfee for instance, incorporate identity theft protection features, they are rarely as comprehensive as a standalone identity theft protection app, like Identity Guard.
Not only will Identity Guard keep an eye on thousands of data sources to make sure your social security number hasn’t been stolen, leaked, or exposed, it will also notify you should it detect any vulnerability so you can rectify the problem before any further unpleasant consequences occur.
Other useful tips in terms of preventing employment identity theft include:
Guard your Social Security Number
Keep your SSN safe by hiding it away in a secure vault. The best password managers provide encrypted storage facilities for important documents, like your passport, and sensitive information such as your SSN.
Job seekers should also be aware that they are not required to provide their SSN before they have been for an interview, claiming it’s necessary for them to perform a preliminary background check. Instead, once the interview process is complete, an employer “can collect an SSN on a separate background check authorization form rather than the employment application”.
Don’t Divulge Financial Information
If an employer requests any financial information, especially your bank account details, you are within your legal rights to refuse. Some may claim they need this information for a credit check, but the reality is if they have your name, address, and SSN, they can find out whatever they need to know about your credit history.
Check the Email Address
Many of us correspond with potential employers via email but only a few use encrypted email services to guard against possible interception. Before sending any sensitive information in a job application, double-check the email address and make sure it’s legitimate – phishing scams are widespread and can be surprisingly sophisticated, so avoid sending information to any address you don’t recognize or that isn’t an official company address.
Beware the Online Form
When applying for jobs, many applicants complete online forms, often entering information like their SSN or driver’s license number. Unfortunately, not all companies use a secure site to host these forms, making them fair game for formjackers looking for potentially lucrative data. If you need to complete an online application form for a specific position, use a VPN and a password manager to boost your online security and protect the data you’re entering.
The web-based system, E-Verify, can be used by both employees and employers, with the former conducting free self-checks and the later using the process to confirm an employee’s employment eligibility.
How to Protect Your Business Against Employment Identity Theft
Employees can only go so far in protecting themselves against employment identity theft and the pressure on businesses to improve their security and safeguard their employees against such threats is steadily increasing.
Since the Protection of Personal Information Bill, B9D – 2009, (POPI) was signed into law in 2013, large-scale employers have been forced to scale back on the amount of information they include in employee’s payslips.
Before the introduction of the POPI, many payslips included details like your SSN, your policy numbers for both your healthcare provider and your life insurance, as well as a full job description and your unique employee work number. All this would often be sent unsecured through the post.
These days, such “slip-ups with pay-slip security” could, according to the head of fraud prevention at Liberty Life Group Forensic Services, Christopher Thomopulous, “prove expensive for employers if it is proved that an organization failed in its duty to protect its data”.
Companies experiencing a data breach could also be liable, should any of their employees become the victim of employment identity fraud, assuming it can be proven that the company could have prevented the breach or limited its extent.
The top tips for companies wanting to safeguard their employees against employment identity theft are:
- Use a reliable identity theft protection tool like Identity Guard
- Adopt good IT practices like storing your data in an encrypting vault or hiding it behind a firewall
- Keep sensitive information, particularly regarding employees or colleagues, confidential.
For more details about how to protect your business against identity theft, check out our article here.
The Impact of Employment Identity Theft – A Case Study
While most incidents of employment identity theft take months to uncover, even those detected promptly can cause distress and endanger your career, as UK journalist, Nicholas Fearn, discovered.
Mr. Fearn had applied for a position at a company in Wales but, when he didn’t hear back from them regarding his application, he got in touch with his contact there only to find that someone had sent an email, apparently from Mr. Fearn’s email address, asking that his application be withdrawn.
Mr. Fearn said he felt “shocked and violated” by the incident, adding, “As a journalist, I use email as a way to pitch for work and communicate with clients, so it’s really worrying that someone is impersonating me”.
Although there is, as yet, no evidence of who the culprit was or how they accessed Mr. Fearn’s private data, the victim believes that another candidate may have been responsible. During the application process, all applicants were asked to submit a written assessment, each of which was saved to a specific file.
When Mr. Fearn completed his, he noticed that the file also contained the names of all the other candidates. He suspects this is where the leak began, and the imposter began shedding his skin and taking on the identity of Mr. Fearn.
While the incident impacted significantly on Mr. Fearn’s life and career, he was luckier than some victims of employment identity theft fraud. For some, the initial sense of violation is nothing compared to the ripple effect of the crime. According to one report, 13.8% of identity theft victims said they had struggled to get a job as a result of identity theft. For others, being denied a job opportunity is the first indication that they have been targeted by an employment identity thief.
Dealing with the Consequences of Employment Identity Theft
Victims of employment identity theft suffer on several levels and must deal with financial, emotional, and even physical consequences of the crime. According to the CEO of the Identity Theft Resource Center, Eva Velasquez, “the effects of identity theft are far-reaching: impacting victims’ general emotional and physical well-being, their relationships with others and even how they engage with their work or school environments”.
The Financial Fall-out
While employment identity theft may not have as significant a financial impact as existing account takeover identity theft. For example, victims often need legal advice and specialists to help them resolve issues of SSN theft with the Social Security Administration, and when trying to sort out subsequent tax issues with the IRS.
The Emotional Impact
In the short term, employment identity theft victims often experience shock and anger, but the long-term effects are often even more difficult to deal with. Many find it difficult to trust family and friends after the attack, while others may suffer stress or anxiety.
According to the Identity Theft Resource Center’s 2016 survey of identity theft victims, “More than half of respondents reported feeling a sense of helplessness or powerlessness when faced with an identity theft issue (54 percent). Other fears included fear regarding personal financial safety (69 percent), fear for the financial security of family members (42 percent), and fear for physical safety (23 percent). Eight percent even reported feeling suicidal”.
The Physical Effects
Being a victim of employment identity theft won’t only impact on your career and working life, but often hurts your physical well-being as well. ID theft victims may suffer from insomnia or other sleep problems after the attack, while others may develop other symptoms like the inability to focus or increased stress levels. For around 10% of victims, the physical effects of employment identity theft are so severe they have to take time off work to recover.
Victims of employment identity theft have a lot on their shoulders, but help is at hand and if you’ve been the target of such an attack, you should consider contacting your bank, credit reporting agencies, the IRS, and the Social Security Administration for help. Of course, if you’re protected by an identity theft protection service like Identity Guard, it will also help you through the recovery process and advise on the best course of action.
Employment Identity Theft in the USA
While some cybercriminals might be after your SSN so they can claim tax rebates and government benefits, others simply want the opportunity to do a good, honest day’s work.
Undocumented workers and illegal immigrants desperate for the opportunities available in the US are often willing to buy another person’s identity to secure some form of employment. A special agent with the Department of Homeland Security’s Immigration and Customs Enforcement, Jere Miles said, “the authorities discovered 400 instances of identity theft that had been perpetrated against legal United States residents”.
At present, the federal government has exclusive jurisdiction over incidents of employment identity theft where a stolen SSN appears on a federal immigration form, but this could soon change, giving state courts the power to prosecute.
In March last year, the “Kansas Supreme Court threw out convictions of three undocumented immigrants, ruling that only the federal government could prosecute such cases based on information that comes from the federal form”.
According to Kansas solicitor general Stephen McAllister, the law needs to change. “This nationwide, indeed worldwide, problem and its consequences are more than the federal government alone can address,” he said.
In this instance, employment identity theft gave illegal workers the chance to earn an income, while victims were left dealing with the consequences.
Nevertheless, reactions to the case were mixed with some saying “giving states power to prosecute employment fraud would let them immigration policy into their own hands” and others saying the federal stranglehold on such cases undermines “the state’s ability to combat identity theft”.
Employment identity theft may not be as rife as credit card fraud or existing account takeovers, but it’s a growing concern and one that can have serious, long-term consequences on its victims. As awareness of the problem grows, so more people are turning to identity theft protection services to keep their personal details safe and stop sticky-fingered thieves from accessing their SSN.
There is only so much an employee can do to protect themselves against employment identity fraud and the weight of responsibility is falling increasingly on employers to provide secure systems that protect their workers’ sensitive information.
The government is increasing pressure on illegal immigrants working in the US, and as a result, more are likely to turn to employment identity theft to give themselves a chance at earning an income. As the threat increases, the need for greater vigilance and better security increases with it.
Job seekers are particularly vulnerable to the possibility of employment identity theft, as they share their SSN online and via email during the application process. Fortunately, there are now cybersecurity tools like VPNs, antivirus software, password managers, and identity theft protection services that can all help protect you and your identity.
Employers need to up their game and their security as well, especially as the weight of responsibility is increasingly being shifted from the individual to the corporation.