How does identity theft happen? Unless you’ve been affected by it, you may have never given the question much thought. And guess what? Even when you’re a victim, you may never know how it happened. Where was the weak link that allowed your personal information to fall into the hands of an identity thief? Was it your fault? Or that of a business that you entrusted with your information? And was it stolen last month—or 10 years ago?
When considering how identity theft happens, it helps to understand what’s needed to steal your identity. Critical is personally identifiable information, or PII—data that could potentially be used to identify an individual. This could be a full name, Social Security number, address, or driver’s license number. Each of these is considered PII. The more of it an identity thief has—linked to a specific person—the easier it may be for the thief to steal that person’s identity. Learn more about PII here.
How identity thieves obtain your personal information
How do identity thieves put their hands on your personal information? There are any number of ways, from sophisticated technological attacks to simply being at the right place at the right time. Here are seven ways your PII can land in the wrong hands, possibly leading to identity theft, and a “best bet” that may help protect your information:
- Data breaches
Data breaches often make headlines, so this is one method you’ve likely heard about before. Accidental or intentional, they can cause problems—for the organizations that suffer them and the individuals whose information is exposed.
An accidental data breach might occur when an organization’s employee leaves a work computer—containing PII or a way to access it—in a vulnerable place, allowing someone to steal it. An intentional breach usually involves criminals finding a way to access an organization’s computer network so that they can steal PII. The criminals might deploy a sophisticated technical attack or simply trick an employee into clicking on a link that creates an attack opening to be exploited. Regardless of how it happens, a data breach can, in one fell swoop, expose the PII of millions of unwitting victims.
Best bet: The less you share your PII, the better. In this digital era, though, sharing your personal information is a regular part of life. But you can try to be smart about it. If someone requests your Social Security number, ask yourself if they really need it and, if you decide they do, ask them how they’ll protect it. When shopping online, stick with familiar and trusted companies rather than ones you’ve never heard of. A well-known company is more likely to invest in the security measures to protect its business and your data. Of course, as we’ve seen, even respected entities can fall short. And once you give your PII to a company, you can’t often be sure that company won’t sell or share it with another.
We mentioned above the act of tricking someone within an organization into clicking on a link. This is often the basis of a phishing attack. Criminals will send emails to folks inside the entity they want to attack. They want a recipient to click on a link or open an attachment that could give the criminals access to the organization’s network, providing access to PII.
Why target employees? One industry official says criminals consider employees the low-hanging fruit that attackers can try to manipulate to get into the system. But be aware that phishing attacks can also target individuals outside a business or government agency.
Best bet: Before acting on an email link or attachment, investigate it thoroughly to make sure it’s legitimate. If it appears to be from a company with whom you do business, type in the URL yourself. Making a fraudulent email look legitimate is what identity thieves do.
- Unsafe Internet connections
Here’s one means of identity theft you may not think about. If you’re in an airport, coffee shop or other location that offers free public Wi-Fi, a criminal might be on that same network, watching what you’re doing online. And don’t think that a password-protected Wi-Fi network is much safer. The criminal could easily have that same coffee-shop password, as well.
Best bet: Experts advise not to do anything on a public Wi-Fi network that involves logging in to accounts or making purchases. Doing so could result in you inadvertently handing over your log-in information and credit card number to a thief. If you can’t wait until you’re on a network that you know to be safe and secure—at home, for instance—use virtual private network (VPN) software to create a secure “tunnel” through which your data can travel.
- Mail theft
Even in this digital era, identity thieves stick with what works. And grabbing mail from an unsecured mailbox is a tried-and-true method to steal someone’s PII. It’s one thing if they’re grabbing only junk mail, but they could also grab bank or credit card statements or, worse yet, tax forms that include your Social Security number.
Best bet: If it’s not already, make sure your mailbox is locked or otherwise secure from everyone except you and the mail carrier.
- Dumpster diving
Like mail theft, dumpster diving is a time-tested way criminals can put their hands on PII. Identity thieves are not above digging through your trash to find financial statements, tax documents or other information that might help them steal your identity.
Best bet: Before discarding, shred documents containing important information that you don’t want others to see.
- Lost Social Security card
Imagine losing your wallet with your Social Security card and driver’s license. An identity thief who found it would have your full name, address, birthdate and, of course, Social Security number. You might as well have tied a ribbon around it with a card that said, “Please steal my identity!”
Best bet: Don’t carry your Social Security card around with you. You seldom need it, and given its importance to identity thieves, you want to keep the card—and any documents that include your Social Security number—safe and secure.
- Weak data protection
Data protection may sound like a strictly digital term, but it has an analog counterpart. If you invite strangers—or near-strangers—into your home, you should keep this in mind. Could an appliance repair person, housecleaner or dog walker come across information that you prefer to keep secret?
Best bet: Make sure documents and other items containing personal information are safe and secure, not easily accessible by any visitor to your home.
Get LifeLock Identity Theft Protection 30 DAYS FREE*
Criminals can open new accounts, get payday loans, and even file tax returns in your name. There was a victim of identity theft every 3 seconds in 2019°, so don’t wait to get identity theft protection.
Start your protection now. It only takes minutes to enroll.