18 Surprising Ways Your Identity Can Be Stolen
Most people have already been victims of the most basic forms of identity theft — having fraudulent charges on your credit card. Those even less lucky have been victimized in more aggressive ways, with criminals obtaining medical care, working, and flying in our names.
Unwinding that mess can take years and thousands of dollars. The effect is exacerbated by the fact that the crime doesn't generally stop with the one person who stole your information. Credit card numbers, Social Security numbers, and other data gets packaged and sold on the underground Internet so that different people all over the world could be impersonating you at the same time.
"It's a pain. It does cause a lot of stress," said Lindsay Bartsh, of San Rafael, California, who said that straightening out a web of fraudulent medical bills, flights, job applications, and credit applications took every minute of her free time for a year.
How does it happen? Here's a look at both the most common ways thieves steal our data, as well as some of the newest ploys to watch out for.
1. Mail Theft
Bartsh believes this time-honored tactic is how her personal information got out into the criminal underworld. An expected W-2 tax form never arrived. Assuming it was stolen, it would have given thieves a wealth of information, such as Social Security number and workplace.
2. Database Hacks
When a large corporation gets hacked, the effect can be widespread. When the U.S. government's Office of Personnel Management was breached, some 22 million people had their personal information exposed. (I was one of the many who received a warning about this, because I had a writing contract with a government agency.)
3. Malicious Software
If you have a virus on your computer, you may suffer more than a slowdown or a system crash. Some malicious programs that spread as viruses record every keystroke you type, allowing thieves to find out your online banking username and password. These programs can infect your mobile phone as well as your computer.
4. Search Engine Poisoning
This is a sneaky way of tricking people into giving up their own personal data, or getting malicious software onto a person's computer. The criminals create a fake website similar to a real one, or that could plausibly be a real one.
One tactic is for you to click through to the fake site and try to buy a product, entering your credit card or debit card number. Another way they try to get you is for you to unknowingly download information-stealing software onto your computer.
Where does the search engine part come in? These criminals manipulate Google and other search engines' algorithms to get their phony sites ranked high in search listings, leading users to believe they must be legit. Fortunately, Google has made progress in preventing this in recent years, but it still happens.
Phishing is a term that broadly means "fishing" for personal information through a variety of common social interactions — so-called "social engineering." The most common phishing attack happens when you get an email that looks like it came from your bank or another legitimate company. It may come with an alarming subject line, such as "overdraft warning" or "your order has shipped." When you click a link in the email, you may see a login screen identical to your normal login, which will trick you into entering your username and password. You could also be asked for more identifying details, such as Social Security number and account number.
Fortunately, banks have put some countermeasures into place to fight phishing. You can also protect yourself by not responding directly to incoming messages. If you get an email that looks like it's from your bank, type your bank address into your browser instead of clicking the link, sign in, and check your account's message center. Or just call your bank's customer service number.
6. Phone Attacks
The Internal Revenue Service has been warning for several years that scammers are calling people claiming to be the IRS, either claiming that they have a refund due or owe money. Fishing for information via the phone is also known as "vishing," as in, "voice phishing."
If they're taking the refund tactic, they'll probably ask for your bank account number or other personal info, supposedly in order to send you your refund. If they say you owe, they may ask for a credit or debit card number, or worse, try to get a payment in a way that's not traceable or refundable, like through a prepaid debit card.
This kind of scam is also known as "pretexting," and the really good scammers make it seem realistic by having some basic info about you on hand before they call, like your address and date of birth, which are pretty easy to find online.
7. Text Attacks
In another twist on phishing, "smishing," or SMS phishing, sends you a text message encouraging you to click a link that will either trigger the download of malicious software or direct you to input personal information.
8. Fake Wi-Fi Hotspot
Also known as an "evil twin" hotspot, this is a Wi-Fi connection setup in a public place, like a cafe, with a name that leads you to believe it was provided by someone trustworthy, like the cafe owner. The evil twin Wi-Fi hotspot really connects you to the Internet, just like a legit connection. The difference is, the evil twin is provided by a hacker, who uses specialized software to eavesdrop on information you're sending out — like your bank password or Social Security number — or to direct you to a malicious website like those described above.
When a hacker interrupts your attempt to access a legitimate website and steals the data you're trying to send, it's called a "man in the middle attack."
9. Dumpster Diving
Another low-tech but very effective method is simply pawing through recycling bins, looking for discarded credit card offers, bills, medical records, and other paperwork that could have personal information on it. Not only can identity thieves hit you at home, they could also search dumpsters outside of medical offices, schools, and banks.
10. Workplace Theft
A U.S. Department of Justice survey of convicted identity thieves found that a third of them accessed victims' information through their jobs. The criminals worked for mortgage companies or at government agencies such as the Department of Motor Vehicles, where they had access to treasure troves of client information. Others lifted information from job applications.
Back in 2000, just one guy was responsible for stealing 33,000 people's credit reports at his credit industry help desk job. He sold the reports to thieves who, according to news reports, used the information to steal up to $100 million.
When someone breaks into your home or car, it may not be the loss of your jewelry, cash, or laptop that hurts the most. If they find your credit cards, Social security card, or tax returns — or get such information off a stolen computer — you could be in for severe identity theft.
Another old-fashioned crime that has thrived in the era of high-tech data theft, pickpocketing nowadays commonly leads directly to identity theft. In fact, a major ID theft ring busted 10 years ago targeted crowded events to steal wallets and convert the information inside to valuable dossiers of information, which they would later resell.
13. Mobile Phone Theft
If you have authorized your phone to make payments on your behalf, saved passwords for banking and retail sites, or saved other personal data on it, having the device stolen could cost you a lot more than the replacement cost. Phones that aren't password- or fingerprint-protected are most vulnerable.
14. Mobile Phone Account Hijacking
Another form of ID theft targeting phones happens when someone gets ahold of your account information and uses it to order a new phone or line, with the bill going to you.
15. Shoulder Surfing
This technique involves watching over someone's shoulder as they enter a password at the ATM, or using a camera to steal the information from farther away. This could also be a tactic for getting someone's phone password before physically stealing the phone.
This nefarious technique involves stealing credit or debit card information with a card reader that may look just like a legitimate card reader. Skimming devices have been found at gas station pumps, on ATMs, and at retail store registers. Or, waiters in restaurants can put your card through a skimmer when they take it to the back to finalize your bill.
17. Friend and Family Theft
Also known as "familiar fraud," this crime happens when the ID thief is your child, your parent, even your spouse. Sadly, it's not uncommon for parents to abuse the identities of their own minor children in order to get credit. In a disturbing story broadcast on This American Life, Rachel Rosenthal couldn't figure out how her identity thief kept catching up with her, no matter how many accounts she closed — until she realized that the thief lived in her own home and had access to all her mail and documents. It was her boyfriend, who had been "helping" her financially, with money he withdrew from her bank account.
Often, these crimes take place in the context of real relationships, where one party happened to turn on the other party. But there are also crooks out there who look for partners specifically to steal their identities, especially on dating sites and social media.
18. Social Engineering Targeting Companies
You don't have to work for a credit agency or mortgage bank to get customer information if you are skilled enough to trick employees into giving it to you. Thieves may call an airline, posing as a secretary who needs her boss's trip information, or call a company pretending to represent a client or supplier. A friendly fast talker may be able to get employees to skip security protocols and give out information they shouldn't. Every call the thief makes is a little easier, armed with the information from the last call
Disclaimer: The links and mentions on this site may be affiliate links. But they do not affect the actual opinions and recommendations of the authors.
Wise Bread is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.