Employees | 8 min read

How do identity thieves get your information?

  

Want to get updates on InfoArmor News?

In the digital age, some identity thieves go way beyond dumpster diving to steal your personal information. From hijacking and piloting your phone from afar to crafting a false identity based on just a sliver of your real information, many tactics used by today’s fraudsters are highly sophisticated.

When it comes to protecting yourself, understanding what you’re up against is a good first step. In today’s article, we take an in-depth look at some of the most common ways identity thieves get your information — and what you can do to stop them. Plus, if you’re a PrivacyArmor member, learn how switching on key features like Dark Web Monitoring can provide an extra layer of protection.

SIM card swaps

Smartphones are like the nerve centers of our personal data. We use them to bank, shop, communicate, and more. While our phones can be super convenient, they also make us vulnerable. Just ask Twitter CEO Jack Dorsey, who made headlines in August when his own Twitter account was hijacked in a SIM swap scam.

Most smartphones use SIM cards, or subscriber identity modules, to identify the user and store important data. Your phone number can be transferred to a new SIM card for legitimate reasons, like when you’ve lost your phone or you’re upgrading to a new device. But in a SIM swap attack, thieves take advantage of this capability by calling a phone carrier, posing as you, and requesting to move your phone number to a device in their possession. Fraudsters have also been caught bribing phone-company employees to make the swaps on their behalf.

If the SIM swap is successful, the thieves can then use your phone number as a portal to the rest of your digital life. With access to your text messages, for example, a thief can side-step the extra security provided by two-factor authentication, making it easier to penetrate your financial accounts, personal emails, and cryptocurrency wallet. SIM swapping can also lead to a compromised account, which can cause reputational harm.

That’s what happened in Dorsey’s case.

The attackers — a group of hackers known as the Chuckling Squad — used an SMS service called CloudHopper to make posts to the Silicon Valley exec’s Twitter feed, sending out a string of offensive comments and racial slurs to his 4.2 million followers. Dorsey’s account was quickly recovered, but his experience helped shine a light on the dangers of SIM swapping.

Luckily, you can take steps to protect yourself from SIM fraud and social media hijacking. If you’re a PrivacyArmor member, activate Social Media Monitoring for an additional layer of protection. If someone posts violent, sexual, or profane content using your account, we’ll send you an alert.

Data breaches

In September, food-delivery company DoorDash confirmed a large-scale security breach. The incident, which DoorDash attributed to a third-party service, left more than 4.9 million users, delivery drivers, and merchants with their information exposed. The leaked data was broad in scope and included names, addresses, encrypted passwords, drivers license numbers, and partial credit card and bank account numbers.

Some customers claim that the incident led to immediate theft in the form of fraudulent food deliveries — though the toll on victims’ privacy could be much greater. If you believe you may have been affected, you should immediately take steps to protect yourself.

A privacy incident of this magnitude should be shocking. Unfortunately, though, tales like these have become all too familiar. Data breaches and their fallout have affected millions of Americans. With incidents happening at such a rapid clip, it’s no wonder so many consumers suffer from “breach fatigue.”

So what’s causing these information leaks, and what can you do to safeguard your data?

You may be surprised to learn that most security incidents are actually accidents caused by human negligence or error. Research from the International Association of Privacy Professionals (IAPP) suggests that more than 92 percent of security incidents are unintentional in nature. Think of the 2017 Equifax breach, for example. The headline-grabbing incident, which left the information of more than 146 million Americans exposed, was eventually traced to the mistake of a single technology department employee who failed to follow security protocols.

Other breaches are the result of targeted attacks by cybercriminals. These attacks aren’t limited to behemoth corporations like Yahoo and Facebook: according to a report by the security firm Ponemon Institute, nearly 70 percent of surveyed small and medium-sized businesses experienced a cyberattack in 2018

Once your information is made public, it can sell for top dollar on the dark web to bad guys who may use your details to open a new line of credit in your name. Or perhaps your information will be blended with other victims’ information to create a brand-new false identity, a tactic known as synthetic identity theft.

If you’re a PrivacyArmor member, you can log in to the portal and activate Dark Web Monitoring. We’ll alert you if we find your information where it doesn’t belong –– and if cybercriminals compromise your identity, we’ll be here to help you fully recover.    

Oversharing

If an identity thief is hunting for your information, the last thing you want to do is hand it over willingly. Unfortunately, though, that can be an unforeseen consequence of sharing on social media.

Take that first-day-of-school pic you snapped of your kiddos on the front porch. Is your house number clearly visible in the background? If so, the safest bet is not to share.

Similarly, it’s not advisable to post from your vacation — or even from a restaurant — in real time. When you share your location, you’re also sharing the fact that you’re not at home.

What’s more, everything you share on social accumulates over time as part of your digital footprint. The more information that’s available about you online, the more vulnerable you’ll be to identity thieves.

Consider adjusting your privacy settings to control who can see your posts, and think twice before accepting friend requests from people you don’t know.

If you have PrivacyArmor Plus, it’s smart to sync your social accounts with our app. We’ll ping you if we notice anything suspicious that might point to an account takeover.

Skimming and shimming

Skimming devices can be attached to the credit-card processor at legitimate businesses. When you swipe your card, the skimmer reads the magnetic strip and stores your card number. The fraudster who planted the device can then use your credit card or sell the information to a third party.

If your card has a chip, beware of “shimming,” the practice of inserting a tiny microchip into an ATM or card reader with the aim of stealing and storing your information.

When you scan your card, be vigilant: if you notice anything unusual attached to the credit-card processor, consider shopping elsewhere.

If you don’t spot the skimming device, a credit monitoring service can help alert you after the fact. If you’re a PrivacyArmor member, you can visit the app to refresh your credit score and opt for additional financial monitoring.

Compromised credit reports

Your credit report is a trove of sensitive information, such as your name, birth date, and social security number.

Identity thieves can request a copy of your report by posing as your landlord or potential employer. One way to prevent this is to contact each credit bureau to request a security freeze on your account. You can also swipe to lock your credit with TransUnion in the PrivacyArmor app.

Phishing and pharming

When you’re online, phishing has nothing to do with a rod and reel. Rather, phishing happens when criminals try to hook you with phony emails. Their goal? Capturing your personal data—for their profit. Pharming, or the practice of redirecting users to fake sites without their knowledge, is another widespread type of online scam.

Phishers and pharmers may try to lure you by promising freebies or posing as a friend or business. From there, you could be tricked into entering sensitive details. Or you might be prompted to download malware, unwanted software that could corrupt your device.

Be wary of urgent requests to “act now!,” frequent typos or blurry images, and multiple pop-up windows.

With a little vigilance, you’ll be ready for the hook when it comes. But if you’ve accidentally clicked on something sketchy, an identity protection service like PrivacyArmor can offer additional piece of mind.

Identity theft in the physical world

While some identity thieves have adopted sophisticated tactics for mining data digitally, others still steal information the old-fashioned way: offscreen, in the physical world.

  • Criminals are known to search for sensitive information by digging through the trash, a tactic known as “dumpster diving.” So, it’s smart to shred any sensitive documents before recycling them.
  • Also beware of “shoulder surfing,” the practice of maliciously observing and memorizing a victim’s information at the ATM or in the check-out line.

If you’re a PrivacyArmor member, you can also sign up for Lost Wallet Protection. Your wallet is a goldmine for thieves. In case it's ever stolen, we can securely store key details, such as your driver’s license number, to make the recovery process go much smoother.

With PrivacyArmor, you have a partner in identity protection

In today’s digital era, data is our most valuable resource. Here at InfoArmor, we are deeply committed to safeguarding your details every step of the way.

Looking to scale back your digital footprint or up your privacy game? Take a few minutes to visit the portal and explore our powerful technology, including digital exposure reports that reveal where your personal information is publicly available on the Internet. While you’re logged in, you can also opt in for key product features, like credit-monitoring alerts and financial transaction monitoring.

Best-in-class customer care is another core part of the InfoArmor mission. Should fraud or identity theft happen to you, our highly trained and certified PrivacyAdvocates will be on hand 24/7 to help restore compromised identities.

The landscape of identity theft may be shifting and changing, but there’s one thing you can count on. With InfoArmor as your partner, you’ll never have to fight identity theft alone.

  
New Call-to-action
At InfoArmor, we believe everyone deserves the right to privacy, security, and above all else, peace of mind. This is why we’re proud to offer industry-leading solutions for employee identity protection and advanced threat intelligence. From enterprise to employee, InfoArmor redefines how organizations combat an ever-changing cyber threat landscape. If you’d like more information on how we can help your organization protect its most valuable assets, reach out. We’d love to hear from you.