How does identity theft happen?

Imagine trying to make an online purchase only to discover your bank account emptied. Or learning your identity was compromised and used to commit fraud, access your accounts, or impersonate you online. This is not a hypothetical situation, but the devastating consequence of identity theft.

Identity theft is a serious crime that involves using someone else’s Personal Identifying Information (PII) illicitly and without their permission. PII includes names, social security numbers, addresses, bank and credit card accounts, and other sensitive data that can be used to make purchases, falsify medical records, obtain benefits, and more. Anyone who has personal information can be a victim of identity theft, but some groups may be more vulnerable, such as children, seniors, or military personnel. 

While the goals and ways of identity thieves may vary, they often aim to profit from the stolen identity, damage the victim’s reputation, or evade law enforcement. By exploring how identity theft can happen, we can better comprehend why certain individuals become targets and what the ultimate objectives of these cyber criminals are.

Common identity theft methods

Identity theft fundamentally breaches an individual’s privacy and security, robbing them of their financial and personal freedom. The nature of identity theft can either be traditional, such as stealing wallets or mail, or cyber, such as installing malware and ransomware attacks.

Traditional identity theft is heavily dependent on physical documentation and personal interaction. This usually involves the direct theft of documents, such as bank statements or credit card information, from personal or public spaces. Here are some traditional methods criminals use:

1. Wallet, Mail, or Trash Theft. Some of the oldest and simplest forms of identity theft. 
2. Vishing. Voice phishing, or vishing, is when scammers call potential victims and trick them into sharing personal information by phone. They often use tactics such as promising a prize, or making threats such as losing a tax refund. Scammers will also use spoofing, or falsifying their caller ID to display fake information. A spoofed call might seem to be from a local number or a trustworthy organization when it could be from anywhere in the world.
3. Skimming. When a criminal swipes a debit or credit card to steal information, this is called skimming. Scammers can modify a card reader to access card data, place a recording device at an ATM, or recruit a crooked salesperson to steal customers’ card information.
4. Impersonation Scams or Confidence Fraud. Often described as “the oldest trick in the book”, confidence fraud involves a criminal faking a trusted relationship — like a family member, friend, or romantic interest — in order to deceive a victim into sending money, providing information, or laundering money. One of the most common types of confidence fraud is IRS impersonation. Scammers pretend to be IRS agents on the phone or via email in order to steal taxpayer information.

As technology has changed, cyber identity theft has become more profitable for criminals. Cyber identity theft differs from traditional identity theft in several key ways, including the digital medium, large scale and anonymity, and wide range of digital targets. Furthermore, as technology evolves, so do the methods of cyber criminals, making cyber security an ongoing necessity.

1. Phishing. One of the most common forms of cybercrime, phishing tries to trick victims into giving away their personal or financial information, such as passwords, account numbers, or credit card details. Phishing attackers often use fake emails or text messages that look like they come from legitimate sources, such as banks, government agencies, or online services, and prompt users to click suspicious links or open attachments.
2. Smishing. Similar to phishing attacks, criminals may impersonate trusted organizations or even friends to trick victims into divulging information via text message. As more people trust text messages over phone calls and emails, smishing attacks may increase.
3. Fake Websites. Fake websites can fool people into giving their personal information by looking like real and reliable sites. Some online shopping scams use a bogus website or mobile app, including a familiar logo and matching URL. What’s worse, scammers may seed websites with malware that infects a victim’s device and harvests personal or financial information.
4. Data Breaches. A data breach is the intentional or unintentional theft of information, whether because of a cyberattack or the improper disposal of physical documents. Hackers exploit security weaknesses to extract personal information and sensitive data, leading to large-scale identity theft or credential stuffing to hack into other accounts.
5. Public Wi-Fi and USB Charging Stations. Unsecured public Wi-Fi networks are vulnerable to hacking, making it easy for cybercriminals to intercept personal information. Scammers may also “juice jack” or install malware on a user’s device when connected to a charging station or port. 
6. Social Media Data Mining. Cybercriminals can hack social media accounts and gather personal information, which can be pieced together to steal an individual’s identity or to craft targeted phishing attacks.
7. Malware and Ransomware Attacks. Malicious software can be used to infiltrate personal computers and networks, and extract personal data and hold it hostage in exchange for payment.
8. Purchase of Information on the Dark Web. The dark web, or dark net, is a hidden part of the internet that is often used for illegal activities, such as buying and selling drugs, weapons, or stolen data. Identity thieves can use the dark web to obtain or sell personal information that they have stolen from data breaches, phishing, or other methods.

In today’s increasingly connected digital age, understanding how identity theft happens is vital to protecting yourself. Remember, anyone, including close family members and friends, can steal your identity. So, stay vigilant and take proactive measures to safeguard your personal information. 

What you can do about it

Identity theft’s complexity and ever-evolving nature presents a significant challenge in today’s digital world. It goes beyond stolen identities, deeply affecting victim’s lives and leading them on a lengthy path to recover their identity and rebuild their financial and personal reputation.

If you are a victim of identity theft, you need to act fast and protect your rights. You also need an attorney for identity theft victims who can help you recover your losses and hold the criminals accountable. Los Angeles, California attorney Robert Brennan has been fighting for victims for over 30 years and specializes in representing identity theft victims. He can help you restore your identity and seek justice for the harm done to you.