Identity theft is a massive issue facing consumers globally, as we’ve come to rely on technology for so many things. Cybercriminals are always finding new ways to exploit technology, whether it’s through massive email phishing campaigns, or sophisticated hacks into the networks of global corporations.
Identity theft is a bit of a broad term, but it applies whenever a piece of your personal information is stolen, and used to create a new identity. According to this article, the most common type of identity theft is credit card theft, with over 20% of 3.2 million identity theft cases reported to the FTC being related to credit cards.
Some other popular forms of identity theft include:
- Mail identity theft
- Social security number theft
- Tax identity theft
- Loan stacking fraud
- Online account theft
Those are just a few examples out of many, as there are so many different ways criminals can use your identity information to make a profit.
Common ways criminals obtain your identity information
Data breaches and password dumps
In 2020 there have so far been around 540 confirmed data breaches, with over 163,551,023 affected individuals. The type of information stolen in a data breach depends on the type of company, but it can typically include full names and email addresses, up to social security numbers and banking information.
These data breaches can happen in numerous ways. For example, criminals can inject form-jacking scripts on legitimate shopping websites, used to intercept your information between the website’s servers and their payment processor, for example.
In other cases, companies are victims of supply chain attacks, where hackers infiltrate a third-party system that is tied into the main system they want to attack. U.S. retail chain Target, for example, was the victim of a famous supply chain attack in 2013, when criminals introduced malware to Target’s POS system that affected over 1,800 stores and 40 million customer credit cards became susceptible to fraud.
Dark web marketplaces
The dark web is where a lot of information dumps end up, which can be entire pages of stolen data with your name and bank information somewhere in the mix. Typically criminals dump this information either because a company refused to pay a ransom, or because they’re proving their capabilities to show what they can do (perhaps to gain membership in hacker organizations).
Even though the information dumped may be “worthless” to the person that dumped it, all of that information can be used by other criminals once it becomes public, and no doubt the original hackers scraped the data for what they could use as well.
Criminals may also decide to sell the stolen data on black market websites. Stolen credit cards typically go for around $30 – $50 USD on dark web marketplaces. It’s much easier to just sell the information and launder the money through a cryptocurrency, than risk using the stolen credit cards for purchases and having it all traced back to the original hacker.
And of course, phishing schemes and plain old social engineering still works wonders for cybercriminals.
What you can do to protect yourself
Use a VPN in public
VPNs are not just for watching U.S. Netflix while vacationing in Europe. A VPN encrypts data as it leaves your device, which adds an extra layer of security to doing online transactions, especially if you’re out in public. It’s always a bad idea to do any sort of shopping on public WiFi, because data can be intercepted as it travels across the local network, but a VPN will encrypt that local data.
Obtain your free credit reports
You’re allowed to request 3 free credit reports annually from the major credit bureaus. It’s a good idea to take advantage of this, so you can review your credit reports for any suspicious activity, such as accounts being opened in your name.
Use data breach monitoring services
There are numerous tools for seeing if any of your personal information has been included in publicly dumped stolen information lists. HaveIBeenPwned.com for example lets you quickly check if any of your emails or passwords have been compromised, and other more sophisticated tools may be able to scrape the dark web looking for dumps containing your information.