How identity theft works

Learn more about identity theft and what happens when someone uses your personal information and impersonates you to commit fraud.

26-08-2022 - 9 minute read. Posted in: cybercrime.

How identity theft works

Identity theft occurs when someone uses your personal information and impersonates you to commit fraud.

Your personal identifying information can be your full name, home address, email address, online login details, passwords, social security number, driving licence, passport or bank details. When the criminals behind identity theft get access to this information, they can use it to commit identity theft.

What is identity theft?

Identity theft is a broad term that applies whenever someone steals your personal information, such as ID cards, and uses it to create a new account, make a purchase or commit other fraud.

Due to the development of AI, technology and the internet, your personal information has become easier to steal. If you don't closely monitor your bank statements or activity on your various accounts, you may not notice that you have become a victim of identity theft, identity breaches until it is too late.

In recent years, public authorities have started to advise citizens more and more on how to avoid becoming a victim of identity theft and other cybercrimes.

Here are some examples of how identity thieves can exploit your sensitive personal information. They can:

  • Open new bank accounts.

  • Make unauthorised purchases.

  • File a tax return.

  • Use your health insurance to get medical care.

  • Pass a background check.

How your personal information can be stolen

Here are 10 of the most common ways identity thieves get your confidential and personal information:

1. Data breaches

A data breach typically occurs when someone gains access to an organisation's data without authorisation or approval. The most common types of information stolen in data breaches are full names, social security numbers and credit card details.

So many people have different accounts with different companies and organisations, it's almost impossible to protect your information from a data breach. That's why you need to be extra careful with your data.

2. Insecure browsing

For the most part, you can surf the internet safely, especially if you stick to well-known and large websites. But if you share information on an insecure site or a website that has been compromised by hackers, the hackers can easily collect the information.

Depending on your browser, you may get a warning if you try to access an insecure website.

3. The dark web

Once your data has been stolen, it often ends up on the dark web. Hackers don't necessarily steal your information to use it themselves, but choose to sell it to others instead.

The dark web is a hidden network of websites that are not accessible through normal browsers. People who visit the dark web use special software to hide their identities and activity, making it a popular place for criminals. If your information ends up on a "marketplace" on the dark web, anyone can buy it.

4. Malware

Malware is various types of malicious software designed to exploit digital devices. Cyber criminals can use malware to steal your information, monitor your activity on the computer, install programs and viruses or take over the computer's operating system.

5. Credit card theft

One of the most difficult types of identity theft is credit card theft. If a criminal gains access to your credit card details, they can use them to make unauthorised purchases on your behalf.

Credit card theft can occur through:

  • Data breaches
  • Credit card skimmers
  • Physical theft
  • Through online accounts where your card details are stored.

6. Theft of mail

Bank and credit card statements you send or receive through the postal system can be physically intercepted by criminals and used to access your data or accounts.

IT criminals can also steal the letters you throw away. It does, however, not occur as often as it used to, since most of our mail is sent digitally instead of physcially to our mailbox.

7. Spam and phishing attacks

Phishing is the most common cyber-attack worldwide. Every day, a huge number of phishing emails, SMS and messages are sent over social services, which cyber-criminals use to trick people into handing over their information. Phishing emails, or other types of communication, are allegedly sent from a well-known organisation or person and invite the recipient to click on a link to a website or download an attachment.

Phishing attempts to play on people's emotions and get them to perform desired actions through social engineering strategies. The criminals can steal information from computers and databases; social engineering is a very effective way of manipulating people.

If the recipient clicks on the link in a fake email, they are taken to a fake website where they have to enter their details. Attachments in phishing emails typically contain malware which is then installed on the recipient's computer.

8. Wi-Fi hacking

If you use your computer or phone on a public network, such as an airport, shopping mall or coffee shop, hackers may be able to "eavesdrop" on your connection and create a bridge between you and their device.

It's possible for them to intercept passwords, for example, if you log in to an account while connected to an insecure Wi-Fi connection. Sometimes hackers also set up Wi-Fi connections themselves in public places.

9. Theft of mobile phones

Smartphones contain a lot of valuable information for identity thieves, especially if they contain apps that allow you to log in automatically without a password or biometric data. If someone manages to steal and unlock your phone, they can access the information contained in your apps, as well as your emails, text messages, notes, etc.

10. Card skimming

Criminals can use a card skimmer to steal personal information. A card skimmer is a device that can be placed over a card reader on an ATM or petrol pump. When someone pays with a debit or credit card, the card skimmer reads the information from the card's magnetic stripe and either stores the information or transmits it. A criminal can then use this information to create a clone of the card and make purchases in your name.

What happens to your personal information?

Identity thieves can use your personal information in a number of ways:

They can steal money or benefits

The way identity thieves use your information often depends on what information they have obtained. If they have your credit card number, name and address, they can make purchases.

If they've stolen more information, they may be able to file a tax return to steal your tax refund, use your collected airline points, receive medical treatment using your health insurance information, or apply for government benefits.

They may sell the information on the dark web

After a data breach, the stolen information often ends up on the dark web. Social security numbers usually sell for $1 each, a credit card number goes for up to $110, and a US passport sells for up to $2,000, according to the company Experian.

They can impersonate you on social media

Cybercriminals can also create fake social media accounts and then impersonate you. The cybercriminals break into your private life, but they can also break into others' by catfishing them. When impersonating you, cybercriminals can also take out loans in your name or rent cars or apartments. Criminals often target people with good credit histories and clean criminal records.

Signs of identity theft

It pays to check your bank and credit card statements frequently. When checking your statements, there are a number of things to look out for:

  • Your accounts have discrepancies, or your statement shows purchases or withdrawals you didn't make.

  • You get calls from credit and collection companies about purchases you didn't make.

  • The tax office informs you that more than one tax return has been filed in your name.

  • You receive bills for services you have not received.

  • You no longer receive bills by post. This may imply that someone has stolen your data and changed your billing address.

  • You are turned down for a loan. If you expect to be approved for a loan but are turned down, this could be a sign that an identity thief has taken out a loan in your name.

How to avoid identity theft

There are a number of ways you can protect yourself from identity theft. Many are also the best defence against hacking and misuse and strengthen your IT security.

  • Create unique, complex passwords for all your accounts. A strong password is long and contains both upper and lower case letters, numbers and symbols. Using a password manager for this is a big help.

  • Enable two- or multi-factor authentication on all accounts where it's an option.

  • Never give out personal information to others unless strictly necessary. Especially not on social media or via emails/SMSs.

  • Shred documents before you throw them away. This includes letters, receipts and bills that contain sensitive information.

  • Leave your health insurance card and credit card in a safe place at home. Only take them with you when you know you'll need them.

  • Only go to websites that are secure. Always check that the URL starts with "https" and not "http". The -s stands for secure and the https protocol means that data on that website is encrypted.

  • Never click on links, open attachments or reply to emails from unknown or unreliable sources. Always check the email address and link URL to make sure an email is legitimate.

  • Set up alerts on your bank and credit card accounts. Most banks can notify you every time money is withdrawn.

  • Set up a warning for the use of your social security number. It is possible to mark your social security number in the Central Personal Register so that organisations can receive a warning if, for example, someone tries to borrow money using that social security number.

  • Make sure you keep your computer updated with the latest security updates and use anti-virus software.

This post has been updated on 24-07-2023 by Sofie Meyer.

Author Sofie Meyer

Sofie Meyer

Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.

View all posts by Sofie Meyer

Similar posts