An Internet Protocol (IP) address is a unique series of numbers that identifies your device on the internet or the network it’s connected to. IP is
Identity theft is common in the US and can happen to anybody. The FTC received 1.1 million reports of identity theft in 2022, which made it the most prevalent type of fraud complaint they received that year. The internet has made identity theft easy, with the FTC reporting that most fraud happened via text, phone, email, websites and social media. Some cases even involved online ads, including pop-up ads.
Identity theft happens online when Personally Identifiable Information (PII) is compromised through data breaches, hacking or phishing.
Keep reading to learn more about the steps a cybercriminal takes to commit identity theft, the most common types of identity theft and how to protect yourself from this cyber attack.
What is Identity Theft?
Identity theft is when someone uses a victim’s personally identifiable information without permission to impersonate the victim and commit fraud. With details like a Social Security Number, legal name and birthday, it’s easy for cybercriminals to pretend to be the victim online.
Identity theft covers a range of crimes, including opening a credit card in the victim’s name, accessing the victim’s bank accounts, applying for and taking the victim’s unemployment benefits or getting medical bills charged to the victim’s health insurance.
The victim of this fraud loses money, at least in the short-term, because the institution has been tricked into attributing them with the credit card and medical bills. In extreme cases, cybercriminals have been able to transfer a house title to their name and steal the property of the victim.
Meanwhile, the victim might not even know until the institutions call to collect on debts. If they are unable to prove that they are a victim of identity theft, they could owe thousands of dollars. Fixing the issue is costly and time-consuming.
How Identity Theft Happens Online
Here are the steps cybercriminals take to steal an identity.
1. Exposure of personally identifiable information
Identity theft hinges on the thief using your PII to pretend to be you. This includes your Social Security Number, credit card information, ID numbers, your birthday, your mother’s maiden name – any data that institutions may use to verify your identity.
While data can be stolen in person through methods such as stealing a wallet, the internet makes it more convenient. Most identity theft happens online.
Ways PII can be stolen online include:
- Data breaches leak sensitive data including account credentials and Social Security Numbers. This is one of the most common ways data is exposed, as data breaches of companies with large amounts of employee and customer data happen frequently.
- Phishing (and its SMS text cousin known as smishing) is a method of stealing sensitive data in which cybercriminals pretend to be a trustworthy institution via email and request credentials or other information. This can trick victims into providing PII to cybercriminals directly.
- Malware infections can collect PII from victims through means like keylogging, which records all your typing keystrokes and send the data to the owner of the malware.
- Man-in-the-middle attacks intercept your data in transit.
- Password cracking methods can help cybercriminals discover your credentials and access sensitive accounts that may have PII.
- Social media accounts with personal details about the user’s life may accidentally share information that can help a cybercriminal steal their identity.
- Unsecured networks can give cybercriminals access to computers with sensitive data. For example, public WiFi without password protection makes it easy for hackers to intercept data, since they also have access to the network.
Cybercriminals who commit identity theft may steal personal data themselves or they may purchase it on the dark web from other cybercriminals.
2. The cybercriminal targets an individual
Once a cybercriminal has collected various PII, they will choose an individual to target. They may choose victims based on how much data they find, or the security of the victim’s online profile. Cybercriminals prefer low-hanging fruit. People with fewer protections on their accounts and a less private digital footprint will be easier to hack, so cybercriminals will be drawn to target them.
Once a victim is chosen, the cybercriminal may continue to collect data on them in order to help them commit identity theft. For example, in a change-of-address scam, they could use what little PII they found to forward the victim’s mail to their own address. That way, they can gain even more information about bank accounts, investment accounts and other PII.
3. The cybercriminal uses the stolen PII to pose as the victim for low-risk activities
The cybercriminal is likely to start with lower-risk activities. For example, they may put a small charge on the victim’s credit card or do a credit check on the victim. The purpose of this is to “test” the PII they received to see if it’s valid and can be used.
4. The cybercriminal uses the PII to commit more severe identity theft
At this point, the cybercriminal commits more severe fraud, such as racking up thousands of dollars in credit card bills, taking over bank accounts and charging medical care to the victim’s insurance.
Types of Identity Theft
- Financial fraud: The most common type of identity theft, financial fraud occurs when the thief uses stolen credit information to make purchases.
- Account takeover: A cybercriminal uses stolen credentials to gain access to the victim’s account and then changes the credentials so the victim can no longer access it. Account takeover can happen to any kind of account, including bank accounts and social media accounts.
- Synthetic identity theft: The attacker uses PII to forge fake identification documents like IDs and passports.
- Criminal identity theft: The thief uses someone else’s identity while committing a crime. This will mislead law enforcement, who will first investigate the victim while the criminal gets away.
- Tax ID theft: A cybercriminal uses the victim’s PII to file fake tax documents in order to steal their tax return.
- Unemployment ID theft: The thief falsely files for unemployment using someone else’s PII in order to steal their unemployment benefits.
- Medical ID theft: Someone uses the victim’s PII and insurance information when receiving medical care in order to stick the victim with the bill.
- Child identity theft: This is identity theft that happens to a child.
Warning Signs of Identity Theft and How To Spot Them
Warning signs that you may be a victim of identity theft include:
- Noticing accounts you did not open, an unusual drop in credit score or credit checks you didn’t initiate on your credit report. Be sure to check your credit score regularly and read through the report in order to catch anything unusual.
- Unusual charges on your bank account or credit card. Be sure to check your accounts regularly and scan recent transactions in order to spot anything suspicious. Set up transaction notifications so you are informed every time a transaction occurs on your accounts.
- You stop receiving mail. If you’ve noticed an unusual lack of mail, it could be a sign a criminal has redirected it to them. Be someone who picks up their mail on a regular basis so you notice if anything is missing.
- Your credentials are found on the dark web. In order to know if your credentials are on the dark web, sign up for a dark web monitoring service like BreachWatch® to get dark web alerts.
- Calls from debt collectors on debt you do not owe. Be sure to get details from the debt collector who claims you owe money so that you can catch it if it’s debt racked up by a thief.
- Denial of loan applications. If you are trying to take out a mortgage and are unexpectedly denied, it might be time to investigate if someone has stolen your identity.
- Unexpected medical bills, maxed-out benefits or strange information in your medical files. Be sure to look over your medical bills and medical files so that you catch it if something strange happens.
- You are having trouble signing into an account, even after a password reset. This could be due to an account takeover.
How to Prevent Online Identity Theft
Preventing online identity theft is a matter of vigilant cyber hygiene. That means using best practices for keeping your data safe online. To recap some of the most important steps:
- Set unique, strong passwords for each account. Keeper Password Manager makes it easy to automatically generate and securely store your passwords, so you don’t have to remember them. Passwords should be at least 16 characters long with a unique mix of letters, numbers and symbols.
- Set up Multi-Factor Authentication (MFA) for your accounts. MFA is a second method of authentication that protects your account even if your credentials are compromised. Keeper Password Manager can even store MFA codes for you so that you don’t have to wrangle multiple devices when logging in.
- Sign up for dark web scans. When you get an alert your data has been leaked, change leaked credentials and take steps to protect compromised information. BreachWatch, an add-on to Keeper Password Manager, is a great tool for dark web scans.
- Secure your network. Change the default password on your WiFi and take other steps to protect your home network.
- Keep your digital footprint clean. Don’t overshare online, turn on your privacy settings and take down compromising information. Your digital footprint could help someone steal your identity.
Protect Yourself from Identity Theft
While good cyber hygiene may seem inconvenient, identity theft is much more inconvenient. It can take years to recover from identity theft, rebuild your credit score and get fraudulent debts erased. It can also be expensive to go through the process of proving your identity has been stolen.
Take the first step and start a free 30-day trial of Keeper Password Manager to see how we can streamline your cybersecurity, making it easy to protect your accounts and your personal information.