Identity Theft: Methods and Prevention

Identity theft is probably one of the most serious crimes that can happen to you.  The bad news – identity theft in one fashion or another is likely to happen to all of us.  In any given year, one in fifteen people will suffer identity theft.  There are many ways that your personal information way end up in the hands of an identity thief.  Today we will look at the major methods that identity thieves use to acquire your personal information.

  • Data breach – We hear about data breaches all the time in the mainstream news.  The bad news, there is not much we can do as individuals to prevent this sort of identity theft.  It is up to the companies that are holding our information to keep it safe from thieves.  Checking a site such as Troy Hunt’s Have I Been Pwned website is one way to keep track of companies who have lost your information.  Many of them have offered credit protection services.  If you have not signed up for this benefit, you should.
  • Compromised websites – Sometimes cyber-criminals will hijack a website and use it to host a phishing landing page.  Sometimes they just add their own data form the the website itself, or use a script to send information from the site’s web form to them.  You may be using a web browser that alerts you to landing on suspicious or compromised sites.  Do not disregard these warnings.  Make sure the website you are on is the legitimate article.
  • Home Wi-Fi – A lot of people run their home wireless network as an “open network.”  This means anyone can connect to the network without a passphrase.  It also means that the wireless transmissions between computer and wireless router are unencrypted, and can be read by anyone with the right equipment.  Make sure you set up encryption by requiring a passphrase to joint your wireless network.
  • Email account hijacking – I have written about email account hijacking several times.  If you fall victim to a phishing email or a social engineering scam where you provide your email account address and password to a scammer, they will be able to log in to your email account and learn an amazing amount of stuff about you.  Make sure you do not give your email credentials to anyone, including someone pretending to be from “tech support” or “customer service.”
  • Lost or stolen devices – Losing a phone, tablet, or laptop can provide a wealth of information to the person who finds your device, or who stole it from you.  Know how to use drive or device wiping features to remotely find your device, or delete your personal data before your thief has a chance to save it off the device and sell it on the dark markets.
  • Lost or stolen wallet or purse – This sort of loss if a bit more problematic.  There are no apps to remotely wipe your wallet.  Make sure you are carrying just the identity cards and credit cards you really need.  If you lose them, call the card companies and have them cancelled and replaced.  Let the DMV know if you lost your driver’s license.  Lots of purses disappear at fitness clubs.  People watching in the parking lots are looking for women who lock their purse in their car trunk.  If this is you, do this before you leave your home, so it is not so obvious.
  • Burglary – If the thief is inside your home, business, or automobile, you have the same problems you would have with a lost or stolen wallet or purse, only more so.  If some of the stolen items include electronics, follow the advice we gave above.  To keep your automobile from being an attractive target, keep personal items and valuables out of site locked up in your trunk.
  • Mail theft – Mail is often used in ID theft operations.  Credit card offers can be stolen from your mail, and used to open accounts in your name.  Make sure your mailbox is secure, and empty your mailbox daily.
  • Dumpster diving – Trash can be a goldmine of information for an identity thief.  Legally, once the trash is in the can, it can be taken by anyone.  Your best bet is to get a document shredder, and shred everything that has your personal information on it.
  • Card skimmers – When using an ATM (especially private ATMs) or paying for gasoline at the pump, be on the lookout for tampering that may indicate the presence of a card skimmer.  Make sure any security seals or tapes are intact.  When in doubt, pay inside and alert the business of the presence of a suspected skimmer.
  • Synthetic ID theft – Synthetic identities are a new form of identity theft that combines real information with made up information to create a totally new, non-duplicated identity.  An example is combining one personas street address with another person’s name and social security number.

Other solutions not mentioned above include setting up a credit alert or credit freeze with the credit bureaus.  Examine your bank, credit card, IRA, 401K, and other financial statements for unusual changes, and do it more frequently than once a month.  Look for weird transactions including small deposits of less that a dollar, which may indicate that the account number has been compromised.  As is often the case, vigilance is your best bet to catch ID theft early and shut it down.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an information technology and cybersecurity instructor for several training and certification organizations. Bob has worked in corporate, military, government, and workforce development training environments Bob is a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.