4

Basically, this afternoon, I got a call that I had picked up. The caller asked for (my name) stating that they were from this company associated with my healthcare. The call seemed pretty legit, and they asked for my birthday and my address for confirmation. I was a bit fishy at first and wanted to tell them I was busy and that I would call them later. I don't know where they got my name, but I had given them my birthday, but not my address. Am I in danger of ID theft?

Update : Thank you for all the responses so far, the thing is, I did ask them for a number that I can contact them by, got a number and googled it. The results are 50/50. It's not a chance that I would like to take. Knowing that they already had my name and phone number, I can just assume that they now have a zip code of where I live. Now they also have my birthdate, which causes me to be extremely worried. The thing is, I'm not at the point in life where I file for tax or have credit, but I am worried that this will come to haunt me in the future. Are there any steps that I can take to limit any possible id theft?

Echizan
  • 41
  • 1
  • 1
  • 3
  • To make sure always ask them how can you contact them back on legit numbers belong to company.Then call them back later. – Kerim Can Kalıpcıoğlu Jul 21 '17 at 19:46
  • Have you tried looking up the number? – Ivan Jul 22 '17 at 01:06
  • 1
    Possible duplicate of [How dangerous is it to reveal your date of birth, and why?](https://security.stackexchange.com/questions/95029/how-dangerous-is-it-to-reveal-your-date-of-birth-and-why) + [Is a full name and address all that's needed for identity theft?](https://security.stackexchange.com/questions/117789/is-a-full-name-and-address-all-thats-needed-for-identity-theft) – Jedi Jul 22 '17 at 04:46

4 Answers4

5

It depends on what other information they have. If it was in fact a scammer, they may have had other information but needed your birthday to make use of it. In that case, you'd have an imminent risk of identity theft if they were able to capture the additional information needed to make use of what they already had.

That said, name and birthdate by itself isn't really a big risk. I have my name, birthday, education, general area I live, e-mail address and home phone number all publicly listed on my website in easily scrapable fashion and have never had issues with identity theft.

Most of that information can be obtained online already anyway from a variety of open source sources, such as social media and public records as well as from database dumps of compromised corporate databases which most people are likely to have been in.

Certainly any expected fraudulent call is worth following up with the legitimate company to validate if it was real. If it was a real call, you have nothing to worry about. If it was not, then they will want to know so they can warn other customers if this kind of fraud is being targeted at many of their members.

AJ Henderson
  • 41,896
  • 5
  • 63
  • 110
1

Without access to your email, phone or passwords, I would not think so. Checking birthday info is a reasonably frequent practice in password reset on some sites to cut down on hackers attempting to take advantage of reset password loopholes, but without any greater access I would say you are safe.

If knowing your name, birthday (and phone number based on the fact he/she called you) was a security/ID theft threat, the vast majority of people would be at risk since Facebook has this type of info on display.

Just be more careful moving forwards, scams have become pretty advanced nowadays.

Edit: Recommended read for you

dFrancisco
  • 2,731
  • 2
  • 13
  • 27
1

I can set up or confirm doctor appointments, get limited medical billing information, etc. with only providing my name and date of birth. If they go into an office with my insurance already on file they could bill my insurance for their treatment. Or perhaps they could use the information they obtain from my doctor for some other attack. Or perhaps they are signing up for stuff in your name. Or using the birthday as one piece in a set of data to social engineer their way into one of your accounts via customer support. Or they are preparing a spear-phishing attack against you (Happy birthday, valued customer! Log in to claim your free gift!). It's not likely to be a big deal to only have your name and birthday, but I wouldn't say there's zero risk.

Ben
  • 3,896
  • 1
  • 10
  • 22
1

Name, birthday and SSN are the bare minimum of what it takes to open new lines of credit.

But all it takes for someone to request a copy of your last year's tax transcript is your birthday, address and SSN.

Previously this was done electronically by international agents, but these days if someone plucked it from your mailbox, they'd know how much money you generally make and can also divine where you likely work now.

They manipulate your employer (or more likely its third-party processor) to access or have your W2 sent to them at the advent of the next tax season. While you're still telling yourself "I have until April," they helpfully file your tax return for you early and run off with the money. Three months later, you catch on.

The W2 also betrays the amount of money you've squirreled away in tax-free accounts such as HSAs. I don't remember how they did it (with enough PII anything is possible) but they pivot into those and drain those too. Since it's not an account you use often, it will probably take you longer than the fraud dispute period to notice it happened-- so you're out that money as well.

A snowball always starts with the first two flakes. I can't tell you whether or not you got phished but don't ever assume any two data points are innocuous-- intelligence gathering can easily be sourced to third-world call centers for a dollar an hour. They're even getting better at spoofing local numbers (they used to hide behind "Unknown"). If they discover a third data point, it's enough to impersonate you-- and your riches await them.

Keep an eye on your credit score and file your taxes early.

Ivan
  • 6,338
  • 3
  • 18
  • 22